JustSocial AIWersja polska

Privacy Policy

Last updated: March 27, 2026

1. Data Controller

The controller of your personal data is JUSTIDEA AGENCY sp. z o.o., with its registered office in Krakow, ul. Stefana Rogozinskiego 6, 31-559 Krakow, Poland, entered in the National Court Register under KRS number: 0001019979, REGON: 524491475, NIP (Tax ID): 6762636797 (hereinafter: "Controller", "we", "us").

Contact for data protection matters: [email protected]

2. What is JustSocial AI

JustSocial AI is a SaaS (Software as a Service) platform for automated generation and publishing of social media content. The platform uses artificial intelligence to create texts and graphics based on user product data and then publishes them on Facebook and Instagram accounts.

3. Data We Collect

3.1. Account Data

  • Email address
  • Password (stored only in hashed form)
  • Company name

3.2. Product Data

  • Product feeds imported from your online store (URLs, product names, descriptions, prices, images)
  • Brand information and communication style

3.3. Social Media Connection Data

  • Facebook Page ID
  • Instagram account ID
  • Access tokens (stored in encrypted form)

3.4. Usage Data

  • History of generated posts
  • Publishing history
  • Platform usage statistics

3.5. Payment Data

Payments are processed by Stripe. We do not store credit card numbers or full payment details. Stripe may provide us with basic transaction information (payment status, date, amount).

3.6. Automatically Collected Data

  • IP address
  • Browser and device type
  • Cookies (see Section 8)

4. Purposes and Legal Basis for Data Processing

PurposeLegal Basis (GDPR)
Providing the service (content generation and publishing)Art. 6(1)(b) - performance of a contract
Processing product data via AI (OpenAI, Anthropic)Art. 6(1)(b) - performance of a contract (necessary for service delivery)
Publishing content on Facebook and InstagramArt. 6(1)(b) - performance of a contract
Payment processingArt. 6(1)(b) - performance of a contract
Security and fraud preventionArt. 6(1)(f) - legitimate interest
Tax and accounting obligationsArt. 6(1)(c) - legal obligation

5. Sharing Data with Third Parties

To provide the JustSocial AI service, we use the following third-party providers and services:

OpenAI (OpenAI, L.L.C. - USA)

Product data, brand information, and generation instructions are sent to the OpenAI API for creating post texts and graphics. OpenAI processes this data in accordance with its API data processing policy.

Anthropic (Anthropic, PBC - USA)

Generated content may be sent to the Anthropic API for quality verification and brand guideline compliance.

Meta Platforms (Facebook/Instagram)

Generated posts (text and graphics) are published via the Meta Graph API on connected Facebook Pages and Instagram accounts.

Supabase (EU region)

Database and authentication system. Data is stored on servers in the European Union.

Stripe (Stripe, Inc. - USA/EU)

Payment processing. Payment data is transferred directly to Stripe and is not stored on our servers.

Google Cloud Platform (europe-west1 region)

Application hosting. Servers are located in the europe-west1 region (Belgium, EU).

Important information regarding AI data processing

By using JustSocial AI, your product data (names, descriptions, prices, product images) and brand information are sent to AI services (OpenAI, Anthropic) for content generation. These providers process data in accordance with their API terms of service and do not use this data to train their models.

6. Data Transfers Outside the EEA

Some of our sub-processors (OpenAI, Anthropic, Stripe) are based in the United States. Data transfers to these entities are carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission or on the basis of an adequacy decision by the European Commission (EU-US Data Privacy Framework), in accordance with Articles 46 and 45 of the GDPR.

7. Data Retention Period

  • Account data - for the duration of service use and 30 days after account deletion (in case of accidental deletion).
  • Product data and generated content - for the duration of service use. After account deletion, data is removed within 30 days.
  • Social media access tokens - for the duration of service use. Deleted immediately upon account disconnection or account deletion.
  • Billing data - for the period required by tax law (5 years from the end of the tax year).
  • System logs - up to 90 days.

8. Cookies

The JustSocial AI platform uses the following types of cookies:

  • Essential cookies - required for the platform to function, including authentication session cookies. Legal basis: Art. 6(1)(b) GDPR.
  • Analytics cookies - help us understand how users interact with the platform. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

You can manage cookie settings in your browser. Disabling essential cookies may prevent you from using the platform.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access - you may request information about your processed personal data.
  • Right to rectification - you may request correction of inaccurate data.
  • Right to erasure - you may request deletion of your data ("right to be forgotten").
  • Right to restriction of processing - you may request restriction of data processing in certain situations.
  • Right to data portability - you may receive your data in a structured format.
  • Right to object - you may object to processing based on legitimate interest.
  • Right to withdraw consent - if processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us at: [email protected]

You also have the right to lodge a complaint with a supervisory authority. For users in Poland, this is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl. For users in other EU/EEA countries, please contact your local data protection authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Password encryption (bcrypt hashing)
  • Encryption of social media access tokens
  • HTTPS/TLS encrypted communication
  • Data access restricted to authorized personnel
  • Regular backups in the EU region

11. Changes to This Privacy Policy

We reserve the right to make changes to this Privacy Policy. We will notify you of significant changes via email or through a notification on the platform. Continued use of the service after changes are made constitutes acceptance of the updated policy.

12. Contact

For data protection matters, you can reach us at:

  • Email: [email protected]
  • Address: JUSTIDEA AGENCY sp. z o.o., ul. Stefana Rogozinskiego 6, 31-559 Krakow, Poland
  • KRS: 0001019979 | NIP: 6762636797 | REGON: 524491475

13. Data Deletion

You can request deletion of all your personal data at any time by contacting us at [email protected]. Upon receiving a verified deletion request, we will:

  • Delete your account and all associated personal data within 30 days
  • Revoke all connected social media access tokens immediately
  • Remove all generated content and product data
  • Retain only data required by law (e.g., billing records for tax purposes)

You may also delete your account directly from the platform settings, which will trigger the same deletion process.