Privacy Policy - tajermasr

1. Information We Collect

Account Information: Name, email address, password (hashed), country, timezone.

Payment Information: Processed by Stripe. We do not store credit card numbers.

Connected Accounts: Facebook page tokens (encrypted with AES-256-GCM), page names, and ad account IDs.

Usage Data: Activity logs, feature usage, and performance metrics for service improvement.

2. How We Use Your Data

To provide and maintain the Service
To manage your subscriptions and payments
To send service-related notifications (campaign alerts, billing updates)
To improve our AI features and service quality
To detect and prevent fraud and abuse

3. Data Security

We implement industry-standard security measures including:

AES-256-GCM encryption for sensitive tokens
bcrypt password hashing (cost factor 12)
JWT with httpOnly cookies and token rotation
Rate limiting and brute-force protection
SSL/TLS encryption in transit

4. Third-Party Services

We share data with the following third parties only as necessary to provide the Service:

Stripe — Payment processing
Meta (Facebook/Instagram) — Social media management via Graph API
Sentry — Error monitoring (no PII included)
AI Providers (DeepSeek/OpenAI) — Content generation (no personal data sent)

5. Your Rights (GDPR)

You have the right to:

Access — Export all your data from Settings
Rectification — Update your profile information anytime
Erasure — Delete your account and all associated data
Portability — Download your data in JSON format

6. Cookies

We use essential cookies only: an httpOnly refresh token cookie for authentication. We do not use tracking cookies or third-party analytics cookies.

7. Data Retention

Account data is retained while your account is active. After account deletion, all personal data is permanently removed within 30 days. Activity logs are retained for 90 days for security purposes.

8. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@tajermasr.com.