Privacy Policy

Last updated: April 4, 2026 — Your privacy matters. Here's exactly what we do (and don't do) with your data.

Plain English Summary: We collect what we need to deliver your content. We don't sell your data — ever. We share it only with the services required to run things (email delivery, spam prevention, hosting). You can access, correct, or delete your data anytime. If you leave, we delete everything after 90 days. No surprises, no fine-print tricks.

1. Introduction

ProofPosts (operated by KYLY AI) provides AI-powered content creation and distribution services. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website and services.

This policy applies to all visitors, free trial users, and paid subscribers of ProofPosts. By using our website or services, you agree to the practices described in this policy.

If you have questions, we're happy to answer them — just email [email protected] with the subject line "Privacy Inquiry".

2. Information We Collect

2a. Information You Provide Directly

When you sign up for a free trial, subscribe, or interact with our onboarding process, you may provide:

Personal details: Name and email address
Business details: Business name, website URL, industry
Service preferences: Customer types, offerings, unique selling proposition (USP), competitor URLs
Brand configuration: Brand voice preferences, platform selections
Payment information: Processed securely by third-party providers (Wise/Revolut) — we do not store your payment card details
Special instructions: Custom notes, content preferences, and specific directions for content creation

2b. Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

IP address — used for rate limiting and fraud prevention
Browser type and device information — to ensure our site works correctly on your device
Pages visited and interaction data — to understand how visitors use our site
Cookies — see Section 4 for full details

2c. Information From Third Parties

Google reCAPTCHA v3: We use this to prevent spam and bot submissions on our forms. Google may collect technical data as part of this process (see Section 4).

3. How We Use Your Information

We use the information we collect for the following purposes:

To deliver our services — content creation, community posting, and traffic generation tailored to your brand and audience
To send service emails — batch delivery confirmations, content approvals, account updates, and service notifications
To send marketing communications — newsletters, tips, promotions, and educational content (you can opt out at any time)
To improve our services and website — analyzing usage patterns to make things better
To prevent fraud and abuse — rate limiting, spam detection, and security monitoring
To comply with legal obligations — where required by applicable law or regulation

4. Cookies and Tracking

We keep cookie usage to a minimum. Here's exactly what we use:

Essential cookies: Session management cookies required for the website to function properly. These cannot be disabled.
Google reCAPTCHA v3: Uses cookies to distinguish humans from bots when you submit forms. This is subject to Google's Privacy Policy.
Analytics: Basic page interaction tracking to help us understand how visitors use our site and where we can improve.

What we do NOT do: We do not use advertising cookies, retargeting pixels, or any tracking that follows you around the internet. We do not sell data to advertisers. Period.

5. Data Sharing

We share your data only with the following service providers, and only to the extent necessary to deliver our services:

Brevo (email delivery service) — to send service and marketing emails on our behalf
Google reCAPTCHA — for spam prevention on form submissions
Cloudflare (hosting/CDN) — for website delivery, performance, and security
Platform APIs (Reddit, Discord, Telegram, Medium, Lemmy, Google Business Profile) — only for paid Done-For-You clients who explicitly authorize us to post on their behalf
Payment processors (Wise/Revolut) — for payment processing only

We do NOT sell, rent, or trade your personal information. Not now, not ever. Your data is used to deliver your service — nothing else.

6. Data Retention

We don't keep your data longer than we need it. Here's our retention schedule:

Active client data: Retained for the duration of your service relationship with us
Post-cancellation: Data retained for 90 days after cancellation, then permanently deleted
Free trial / sample data: Retained for 12 months after your last interaction, then deleted
Batch content and approval records: Retained for 2 years as per our service agreement (Section 3d of our Terms)

7. Your Rights

You have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request that we correct any inaccurate or incomplete data
Deletion — Request that we delete your personal data (subject to legal retention requirements)
Opt out of marketing — Unsubscribe from marketing communications at any time via the link in any email or by contacting us
Data portability — Request a machine-readable copy of your data
Withdraw consent — Withdraw your consent to data processing at any time (this will not affect the lawfulness of processing based on consent before withdrawal)

To exercise any of these rights, email [email protected] with the subject line "Privacy Inquiry". We will respond within 30 days.

8. Data Security

We take the security of your data seriously. Here's what we do to protect it:

Encryption: All data is transmitted over HTTPS/TLS encryption — both between your browser and our servers, and between our systems and third-party services
Access control: Access to personal data is restricted to authorized personnel only, on a need-to-know basis
Regular security reviews: We conduct regular reviews of our security practices and infrastructure
Third-party vetting: All third-party services we use are vetted for security compliance before integration

No system is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you promptly.

9. International Data Transfers

Our infrastructure spans multiple regions:

Primary servers: Hosted in Singapore (Hetzner)
CDN and security: Delivered globally via Cloudflare CDN
Service providers: Data may be processed in jurisdictions where our service providers (Brevo, Google, payment processors) operate

We ensure that appropriate safeguards are in place for all international data transfers, including contractual protections with our service providers.

10. Children's Privacy

Our services are designed for businesses and professionals. They are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
For material changes, we will provide at least 14 days' notice via email before the changes take effect.
Continued use of our website or services after the effective date of changes constitutes your acceptance of the updated policy.
We encourage you to review this page periodically for the latest information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

Email: [email protected]

Subject line: "Privacy Inquiry"

We aim to respond to all privacy-related requests within 30 days.

Also see our Service Agreement for full terms of service.