Privacy Policy

1. Introduction

Welcome to Exsposer ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web services.

By using Exsposer, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Account Information: Name, email address, and profile picture (when you sign in with Google)
• Authentication Data: Session tokens and authentication credentials
• Payment Information: Billing details processed through our payment provider (Polar.sh)

2.2 Usage Information

We automatically collect certain information about your use of our services:

• Reply Generation Data: The number of replies generated, prompt length, and reply length
• API Usage: OpenAI API usage statistics including tokens used and model selected
• User Settings: Your preferences for reply generation and notification settings
• Analytics Data: Usage patterns, feature interactions, and performance metrics (via PostHog)

2.3 Content Data

When you use Exsposer to generate replies:

• The text you submit is sent to OpenAI's API for processing
• We do not store the content of your prompts or generated replies
• We only store metadata (length, timestamp, success/failure status)

3. How We Use Your Information

We use your information for the following purposes:

• Service Provision: To provide and maintain Exsposer functionality
• User Authentication: To verify your identity and manage your account
• Usage Tracking: To monitor daily limits and prevent abuse
• Billing: To process payments and manage subscriptions
• Improvements: To analyze usage patterns and improve our services
• Communication: To send service updates, security alerts, and support messages
• Compliance: To comply with legal obligations and enforce our terms

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with the following third-party services:

• OpenAI: For AI-powered reply generation (see OpenAI's privacy policy)
• Supabase: For secure database hosting
• Polar.sh: For payment processing and subscription management
• PostHog: For analytics and product insights
• Resend: For transactional email delivery

4.2 We DO NOT:

• Sell your personal information to third parties
• Share your data with advertisers
• Use your content data for training AI models
• Access or store your social media passwords

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights or the safety of others.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encrypted data transmission (HTTPS/TLS)
• Secure database storage with access controls
• Regular security audits and updates
• Limited employee access to personal data

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide services to you
• Required for legal, tax, or accounting purposes

When you delete your account, we delete your personal information within 30 days, except where retention is required by law.

7. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request corrections to inaccurate data
• Deletion: Request deletion of your data
• Portability: Request your data in a machine-readable format
• Opt-out: Opt-out of analytics and marketing communications
• Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at the email provided in Section 12.

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: To understand how you use our services (PostHog)
• Session Cookies: To maintain your login session

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

9. Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

Exsposer is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using our services, you consent to such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: