Privacy Policy - Spreadcheer LLC

1. Introduction

Spreadcheer LLC ("we," "our," or "us", or "Spreadcheer") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.spreadcheer.co or use our platform, applications, and services (collectively, the "Services").

Our Services include:

• Review management tools and SMS messaging
• AI-powered social media content generation (text and images)
• Automated social media posting to Instagram and Facebook
• AI-driven marketing content creation

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide to Us

We may collect information that you provide directly to us, including:

(a) Account Information

• Name, email address, password
• Business name, business address, phone number
• Other contact information

(b) Payment Information

• Payment details, billing address
• Information necessary to process your payment

(c) Business Information

• Business type, industry, logo, website URL
• Google Business Profile information
• Social media account usernames and profile information
• Brand colors, style preferences, and marketing materials

(d) Customer Information (for review management services)

• Customer names, phone numbers, email addresses
• Transaction details

(e) Communications

• Information you provide when you contact us
• Responses to surveys
• Interactions with customer support

🆕 (f) AI Service Input Content

When you use our AI-powered features, we collect:

• Text prompts and instructions you provide to our AI
• Business descriptions, target audience information, and marketing goals
• Images you upload for AI processing or reference
• Content preferences and style guidelines
• Feedback on AI-generated content
• Editing and revisions you make to AI outputs

🆕 (g) Social Media Account Information

When you connect social media accounts to our Services (Instagram, Facebook, and TikTok):

• Instagram access tokens and refresh tokens
• Instagram user ID and username
• Instagram account type (Business/Creator)
• Token expiration dates
• Account connection status and permissions
• Posting history and scheduling data

2.2 Information We Collect Automatically

When you use our Services, we may automatically collect certain information, including:

(a) Device Information

• Hardware model, operating system
• IP address, unique device identifiers
• Browser type, mobile network information

(b) Usage Information

• How you use our Services
• Actions you take, features you use
• Time, frequency, and duration of your activities
• Pages visited, content generated, posts scheduled

(c) Cookies and Similar Technologies

• We use cookies and similar tracking technologies to collect information about your browsing activities
• To remember your preferences and improve user experience

🆕 (d) AI-Generated Content Data

We collect information about your use of AI features:

• AI-generated text and image outputs
• Frequency and types of AI generation requests
• Content regeneration attempts
• Acceptance or rejection of AI suggestions
• Performance metrics for AI-generated content (engagement, reach)

3. How We Use Your Information

We use the information we collect for various purposes, including to:

3.1 Provide and Improve Services

• Provide, maintain, and improve our Services
• Process and complete transactions
• Send text messages to your customers on your behalf
• Generate and analyze customer reviews
• Generate AI-powered social media content based on your inputs
• Schedule and post content to Instagram and Facebook
• Schedule and post video content to TikTok
• Create AI-generated images for your marketing materials

3.2 Communications

• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Send you marketing communications (with your consent)

3.3 Service Development

• Develop new products, services, features, and functionality
• Monitor and analyze trends, usage, and activities in connection with our Services
• Improve AI model accuracy and performance (with your consent or as permitted by law)

3.4 Security and Compliance

• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations
• Protect our rights and the rights of our users

🆕 3.5 AI Model Training and Improvement

We may use your data to train and improve our AI models, subject to your choices and applicable law.

(a) What Data May Be Used for AI Training:

• De-identified prompts and instructions
• AI-generated outputs and your feedback on them
• Performance metrics and usage patterns
• Content effectiveness data (when available)

(b) What Data Is NEVER Used for AI Training:

• Payment information or financial data
• Personal identifying information (PII) unless de-identified
• Confidential business information marked as such
• Content from users who have opted out of AI training

(c) Your Control Over AI Training:

You have the right to opt-out of having your data used for AI model training. See Section 7 (Your Rights and Choices) for details on how to opt-out.

🆕 3.6 Third-Party AI Service Providers

We use third-party AI service providers to power our AI features:

When you use our AI features, your inputs and generated outputs are processed by these providers in accordance with their respective privacy policies and data processing agreements. We have Data Processing Addendums (DPAs) with all AI providers that include:

• Restrictions on use of your data
• Data security requirements
• Data retention and deletion obligations
• Compliance with applicable privacy laws

You can review our AI providers' privacy policies at:

• OpenAI: https://openai.com/privacy
• Anthropic: https://www.anthropic.com/privacy

4. Text Message Communications

4.1 Messages to Your Customers

When you use our Services to send review requests or other communications to your customers:

• We act as your service provider, sending messages on your behalf
• You remain the data controller of your customers' information
• You are responsible for obtaining all necessary consents from your customers
• You must comply with all applicable laws and regulations, including A2P 10DLC, CAN-SPAM Act, and TCPA

4.2 Messages to You

We may send you text messages related to your account, including:

• Confirmation of your registration
• Notifications about new reviews
• Service updates and announcements
• Account alerts and reminders
• Notifications about scheduled social media posts
• Alerts about social media account issues or disconnections

You can opt out of receiving text messages from us by following the unsubscribe instructions included in our messages or by contacting us directly.

🆕 5. Social Media Platform Integration and Data Handling

5.1 Instagram Business Account Connection

When you connect your Instagram Business account to our Services:

(a) Data We Collect:

• Instagram access token (for posting on your behalf)
• Instagram user ID and username
• Instagram account type verification (Business/Creator)
• Token expiration date

(b) How We Use Instagram Data:

• Publish posts and stories to your Instagram Business account at scheduled times
• Verify your account has proper business permissions
• Monitor posting status and success/failure notifications
• Maintain your posting schedule and content calendar

(c) What We Do NOT Collect:

• Your Instagram followers or follower lists
• Direct messages or comments
• Personal Instagram content not created through our platform
• Analytics data beyond what's necessary for posting verification
• Your Instagram password (authentication uses OAuth)

5.2 Instagram Data Storage and Security

• Your Instagram access tokens are encrypted using AES-256 encryption and stored securely in our database
• Tokens automatically expire after 60 days per Instagram's requirements
• We refresh tokens automatically to maintain connection
• You can revoke our access at any time through your Instagram settings or our platform
• Upon disconnection or account deletion, tokens are deleted within 24 hours

5.3 Instagram Data Sharing

We do not sell, rent, or share your Instagram data with third parties, except:

• With Instagram/Meta (as required to post content on your behalf)
• With you (to display connection status and posting history)
• As required by law or legal process

5.4 Your Instagram Data Rights

You have the right to:

• Disconnect your Instagram account at any time from your account settings
• Request deletion of all stored Instagram credentials
• View what Instagram data we have stored
• Revoke posting permissions through Instagram's settings (Settings → Security → Apps and Websites)

5.5 Facebook Business Account Connection

When you connect your Facebook Business Page to our Services:

Information Collected:

• Facebook Page ID and name
• Facebook Page access token (long-lived)
• Content you choose to publish (images, captions, hashtags)

How We Use It:

• To publish posts to your Facebook Page at scheduled times
• To enable cross-posting from Instagram to Facebook
• To verify your Facebook Page connection status

Data Security:

• Facebook access tokens are encrypted using AES-256-GCM encryption
• Tokens are stored securely and never shared with third parties
• You can disconnect Facebook at any time via Settings → Account

Data Retention:

• When you disconnect Facebook, we immediately delete your access token
• Published posts remain on your Facebook Page (under your control)
• Connection history is retained for 90 days for security purposes

Your Control:

• You control what content is posted to Facebook
• You can enable/disable Facebook cross-posting per post
• You maintain full ownership of your Facebook Page and content

5.6 TikTok Business Account Connection

When you connect your TikTok account to our Services:

(a) Data We Collect:

• TikTok access token and refresh token (for posting on your behalf)
• TikTok Open ID (unique account identifier)
• TikTok username
• Token expiration dates

(b) How We Use TikTok Data:

• Publish video content to your TikTok account at scheduled times
• Verify your account connection and permissions
• Monitor posting status and success/failure notifications
• Maintain your posting schedule and content calendar

(c) What We Do NOT Collect:

• Your TikTok followers or follower lists
• Comments or direct messages
• Personal TikTok content not created through our platform
• Analytics data beyond what's necessary for posting verification
• Your TikTok password (authentication uses OAuth)

(d) TikTok Data Storage and Security:

• Your TikTok access and refresh tokens are encrypted using AES-256-GCM encryption
• Access tokens expire after 24 hours; refresh tokens expire after 365 days
• We refresh tokens automatically every 6 hours to maintain connection
• You can disconnect TikTok at any time through Settings → Account
• Upon disconnection or account deletion, tokens are deleted within 24 hours

(e) TikTok Data Sharing:

We do not sell, rent, or share your TikTok data with third parties, except:

• With TikTok (as required to post content on your behalf)
• With you (to display connection status and posting history)
• As required by law or legal process

(f) Your TikTok Data Rights:

You have the right to:

• Disconnect your TikTok account at any time from Settings → Account
• Request deletion of all stored TikTok credentials
• View what TikTok data we have stored
• Revoke posting permissions through TikTok's app settings

(g) TikTok Video Content:

• Video files are temporarily stored on AWS S3 during upload process
• Videos are uploaded directly to TikTok's servers
• Video files are stored securely on AWS S3 when you upload them to maintain your content calendar history
• Published videos remain on your TikTok account (under your control)

(h) TikTok App Review Status:

• Our TikTok integration is subject to TikTok's app review process
• Privacy level may be restricted to private posts until app approval
• Once approved, posts can be made public based on your TikTok account settings

6. Information Sharing and Disclosure

We may share your information in the following circumstances:

6.1 With Your Consent

We may share your information when you direct us to do so or give us permission.

6.2 Service Providers

We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as:

(a) General Service Providers

• Payment processors
• Cloud hosting providers (AWS, Google Cloud)
• SMS gateway providers (Twilio)
• Analytics services
• Customer service providers

🆕 (b) AI Service Providers

• OpenAI (image generation)
• Anthropic (content generation)

Data Shared with AI Providers:

• Your prompts and instructions
• Business information necessary for content generation
• Generated outputs (for quality monitoring)

Legal Safeguards:

• We have Data Processing Addendums (DPAs) with all AI providers
• Providers are contractually prohibited from using your data for their own purposes
• Data is processed in accordance with GDPR, CCPA, and other applicable privacy laws
• International Data Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission and participate in the EU-U.S. Data Privacy Framework where applicable

🆕 (c) Social Media Platforms

When you connect a social media account (Instagram, Facebook, or TikTok) to our Services, we share:

• Content you want to post (text, images, captions)
• Scheduling information
• Your access tokens (to authenticate posting)

We share this data solely for the purpose of publishing posts on your behalf. We comply with each platform's terms of service and data use policies.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of our assets, your information may be transferred as part of that transaction.

6.4 Legal Requirements

We may disclose your information if we believe that such action is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users of the Services or the public

6.5 Aggregated and De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you, including:

• Industry trends and benchmarks
• Service usage statistics
• AI model performance metrics

7. Your Rights and Choices

7.1 Account Information

You can update your account information at any time by:

• Logging into your account and editing your profile
• Contacting us at privacy@spreadcheer.co

7.2 Marketing Communications

You can opt out of receiving promotional emails from us by:

• Following the unsubscribe instructions included in those emails
• Updating your preferences in your account settings

You can also opt out of receiving text messages by following the unsubscribe instructions included in the messages.

🆕 7.3 AI Model Training Opt-Out

You have the right to opt-out of having your data used to train our AI models.

(a) How to Opt-Out:

• Account-Level Setting: Navigate to Settings → Privacy Controls → AI Data Usage and toggle "Allow AI Model Training" to OFF
• Email Request: Send an email to privacy@spreadcheer.co with subject line "AI Training Opt-Out" and include your account email
• Privacy Request Portal: Submit a formal opt-out request at www.spreadcheer.co/privacy-requests

(b) Effect of Opting Out:

• Your future prompts and outputs will not be used for AI model training
• Opting out does NOT affect your ability to use Spreadcheer AI features
• If your data was used for model training before you opted out, we cannot remove knowledge already incorporated into trained models. However, we will exclude your data from all future training.

(c) Data Retention After Opt-Out:

• New conversations after opt-out are retained for 30 days for abuse monitoring only, then permanently deleted
• Users who opt out have shorter data retention periods (see Section 8 for details)

7.4 Social Media Account Disconnection

You can disconnect social media accounts at any time:

• Through your account settings in our platform (Settings → Connected Accounts → Disconnect)
• By revoking access in the social media platform's settings (e.g., Instagram → Settings → Security → Apps and Websites)
• Upon disconnection, we delete all access tokens and credentials within 24 hours

7.5 Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

7.6 Do Not Track

Some browsers offer a "Do Not Track" feature. We currently do not respond to Do Not Track signals.

🆕 8. Data Retention

8.1 General Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Services. We will also retain and use your information as necessary to:

• Comply with our legal obligations
• Resolve disputes
• Enforce our agreements
• Prevent fraud and abuse

8.2 AI Content Data Retention

Our retention periods for AI-related data depend on your choices:

(a) Users Who Have Opted IN to AI Model Training:

• Prompts and inputs: Retained for up to 5 years for model improvement
• AI-generated outputs: Retained for up to 5 years for quality monitoring
• Performance metrics: Retained indefinitely in de-identified form

(b) Users Who Have Opted OUT of AI Model Training:

• Prompts and inputs: Retained for 30 days for abuse monitoring, then permanently deleted
• AI-generated outputs: Retained for 30 days, then permanently deleted
• No data is used for model training

(c) Business/Commercial API Customers:

• Default retention: 7 days for abuse monitoring only
• Zero data retention option available for enterprise customers (contact sales)
• No data used for model training by default

8.3 Social Media Connection Data Retention

Instagram, Facebook, and TikTok Connection Data:

• Active connections: Access tokens stored as long as account remains connected
• After disconnection: All tokens and credentials deleted within 24 hours
• Posted content history: Retained for 90 days for analytics, then aggregated/de-identified

8.4 Backups

We maintain backup copies of data for disaster recovery purposes. Backup copies are:

• Deleted within 90 days of your data deletion request
• Not used for any purpose other than system recovery
• Subject to the same security measures as production data

🆕 9. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information:

9.1 Technical Security Measures

(a) Encryption:

• TLS 1.3 for data in transit (all data transferred over the internet)
• AES-256 encryption for data at rest (stored in our databases)
• Social media access tokens encrypted using industry-standard methods

(b) Access Controls:

• Role-based access control (RBAC) - employees only access data necessary for their role
• Multi-factor authentication (MFA) required for all employee accounts
• Principle of least privilege applied throughout our systems

(c) Network Security:

• Firewall protection and intrusion detection systems
• Regular security audits and penetration testing
• Isolated network segments for sensitive data

9.2 Organizational Security Measures

(a) Security Monitoring:

• 24/7 security monitoring and logging
• Automated threat detection and alerting
• Incident response procedures and team

(b) Employee Training:

• Regular security awareness training for all employees
• Background checks for employees with access to customer data
• Signed confidentiality agreements

(c) Certifications and Compliance:

• SOC 2 Type II compliance (in progress)
• GDPR and CCPA compliance measures
• Regular third-party security assessments

9.3 AI Provider Security

Our AI service providers (OpenAI, Anthropic) maintain their own robust security measures:

• SOC 2 Type II certified
• Data encrypted in transit and at rest
• Regular security audits and compliance certifications

9.4 Important Limitation

However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

10. Children's Privacy

Our Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at privacy@spreadcheer.co. If we learn we have collected personal information from a child under 16, we will delete that information.

11. International Data Transfers

We are based in the United States and process information on servers located in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States.

🆕 11.1 Legal Mechanisms for International Transfers

For users in the European Economic Area (EEA), United Kingdom, or Switzerland:

(a) EU-U.S. Data Privacy Framework:

• We participate in the EU-U.S. Data Privacy Framework for certain data transfers
• Framework approved by the European Commission as providing adequate protection

(b) Standard Contractual Clauses (SCCs):

• We use European Commission-approved Standard Contractual Clauses for transfers not covered by the Framework
• SCCs available upon request at privacy@spreadcheer.co

(c) AI Provider Transfers:

• Our AI providers (OpenAI, Anthropic) are U.S.-based companies
• They use SCCs and participate in relevant privacy frameworks
• Data Processing Addendums include international transfer safeguards

11.2 Your Rights Regarding International Transfers

If you are in the EEA, UK, or Switzerland, you have the right to:

• Receive information about international data transfers
• Object to transfers in certain circumstances
• Request copies of safeguards we have in place (e.g., SCCs)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice within the Services

Important: As AI technology and related laws continue to evolve rapidly, we may need to update this Privacy Policy to reflect changes in our practices or legal requirements. We encourage you to review this Privacy Policy periodically.

Your continued use of the Services after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

13. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) regarding your personal information.

13.1 Your CCPA Rights

(a) Right to Know:

• What personal information we collect, use, disclose, and sell
• Categories of sources from which we collect information
• Business or commercial purposes for collection
• Categories of third parties with whom we share information

(b) Right to Delete:

• Request deletion of your personal information (subject to legal exceptions)

(c) Right to Opt-Out:

• Opt-out of the sale of your personal information (Note: We do not sell personal information)

(d) Right to Non-Discrimination:

• You have the right not to be discriminated against for exercising your CCPA rights

13.2 How to Exercise Your Rights

To exercise these rights, please:

• Email: privacy@spreadcheer.co
• Privacy Portal: www.spreadcheer.co/privacy-requests
• Phone: [To be added]

We will respond to your request within 45 days.

🆕 13.3 California-Specific AI Disclosures

(a) AI-Generated Content:

• We collect prompts, inputs, and generated outputs when you use AI features
• We may use this data to improve AI models (with your consent or right to opt-out)
• Third-party AI providers (OpenAI, Anthropic) process your data as service providers

(b) Automated Decision-Making:

• Our AI services make content generation decisions based on your inputs
• These decisions do not have legal or similarly significant effects
• You maintain full control over whether to use or publish AI-generated content

14. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of their personal information. We do not sell your personal information as defined in Nevada Revised Statutes Chapter 603A. However, if you are a Nevada resident, you may submit a request to opt out of potential future sales by contacting us at privacy@spreadcheer.co.

🆕 15. European Union (GDPR) Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

15.1 Legal Basis for Processing

We process your personal data based on the following legal bases:

(a) Contractual Necessity:

• To provide our Services to you
• To process payments
• To send service-related communications

(b) Legitimate Interests:

• To improve our Services and develop new features
• To detect and prevent fraud
• To maintain security
• To improve AI model accuracy and performance (where you have not opted out)

(c) Consent:

• For marketing communications (you can withdraw consent at any time)
• For AI model training (you can opt-out at any time)

(d) Legal Obligations:

• To comply with applicable laws and regulations

15.2 Your GDPR Rights

(a) Right of Access:

• Request access to your personal data
• Receive a copy of your data in a structured, commonly used format

(b) Right to Rectification:

• Request correction of inaccurate personal data

(c) Right to Erasure ("Right to be Forgotten"):

• Request deletion of your personal data (subject to legal exceptions)

(d) Right to Restrict Processing:

• Request restriction of processing in certain circumstances

(e) Right to Data Portability:

• Receive your data in a machine-readable format
• Transmit your data to another controller

(f) Right to Object:

• Object to processing based on legitimate interests
• Object to AI model training at any time

(g) Right to Withdraw Consent:

• Withdraw consent for processing at any time (where consent is the legal basis)

(h) Right to Lodge a Complaint:

• Lodge a complaint with your local data protection authority

15.3 How to Exercise Your GDPR Rights

• Email: privacy@spreadcheer.co
• Privacy Portal: www.spreadcheer.co/privacy-requests

We will respond to your request within 30 days (may be extended by 60 additional days in complex cases).

🆕 15.4 GDPR-Specific AI Processing Information

(a) Legal Basis for AI Model Training:

Legitimate Interest - We process your data for AI model improvement based on our legitimate interest in developing and enhancing our services.

This processing enables us to:

• Provide more accurate, relevant, and useful AI responses
• Identify and prevent misuse of our platform
• Maintain service quality and safety

Your Rights: You have the right to object to this processing at any time without affecting your ability to use our services.

(b) Automated Decision-Making:

We use AI to generate content suggestions, but:

• Final decisions about publishing content are always made by you
• AI suggestions do not produce legal or similarly significant effects
• You can request human review of any AI-generated content concerns

🆕 16. Data Deletion and Account Removal

16.1 Deleting Your Account

You can request deletion of your account by:

• Navigating to Settings → Account → Delete Account
• Contacting us at privacy@spreadcheer.co
• Using our Privacy Request Portal at www.spreadcheer.co/privacy-requests

16.2 What Happens When You Delete Your Account

(a) Immediate Actions (Within 24 Hours):

• Social media access tokens are immediately revoked and deleted
• Scheduled posts are cancelled
• Account login access is disabled

(b) Within 30 Days:

• All personal information is deleted from production systems
• AI-generated content history is deleted
• Business information and profile data is deleted
• User preferences and settings are deleted

(c) Within 90 Days:

• Backup copies are removed from all backup systems
• All data is permanently and irrecoverably deleted

16.3 Data Retained After Deletion

We may retain certain information as required by law or for legitimate business purposes, including:

(a) Legal Requirements:

• Financial transaction records (7 years for tax purposes)
• Records necessary for legal claims or disputes
• Records required by applicable law

(b) Security and Fraud Prevention:

• Records of account terminations for fraud or abuse
• Security logs for investigation purposes

(c) De-Identified Data:

• Aggregated, anonymized statistics that cannot identify you
• AI model improvements already incorporated (cannot be extracted)

All retained data has personal identifiers removed and cannot be used to identify you.

16.4 Deleting Connected Social Media Accounts

You can disconnect social media accounts without deleting your entire Spreadcheer account:

(a) Through Our Platform:

• Settings → Connected Accounts → [Select Account] → Disconnect
• Access tokens deleted within 24 hours

(b) Through Platform Settings:

• Instagram: Settings → Security → Apps and Websites → Remove Spreadcheer
• Immediately revokes access

16.5 Right to Data Portability Before Deletion

Before deleting your account, you can request a copy of your data:

• Email privacy@spreadcheer.co with subject "Data Export Request"
• We will provide your data in JSON or CSV format within 30 days
• Includes: account information, AI-generated content history, posted content records

17. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us at:

🆕 18. AI-Specific Privacy Practices Summary

Quick Reference for AI Features:

Data Sharing with AI Providers:

• OpenAI: Image generation only
• Anthropic: Content generation only
• Both: Bound by strict Data Processing Agreements
• Your data: Never used for their own model training without your consent

Your Privacy Controls:

1. Opt-out of AI training: Settings → Privacy → AI Data Usage
2. Delete AI history: Settings → Privacy → Delete AI Content History
3. Disconnect social media: Settings → Connected Accounts → Disconnect
4. Delete account: Settings → Account → Delete Account

Data Retention:

• With AI training: Up to 5 years
• Without AI training (opted out): 30 days only
• After account deletion: 30 days (production), 90 days (backups)

🆕 19. Third-Party AI Provider Privacy Policies

For complete transparency, we encourage you to review our AI providers' privacy policies:

Our DPAs with these providers include:

• Confidentiality obligations
• Data security requirements
• Subprocessor restrictions
• Data deletion procedures
• Breach notification requirements
• Compliance with GDPR, CCPA, and other privacy laws

Copies of our Data Processing Addendums are available upon request at privacy@spreadcheer.co.