Legal

Privacy Policy

Last updated: May 2, 2026

1. About This Policy

kwipt (“kwipt,” “we,” “us,” or “our”) is an AI-powered platform that helps small and medium businesses create, schedule, and publish content across social media platforms. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your information.

This policy applies to the kwipt website at kwipt.com, the kwipt application, and any related services (collectively, the “Service”). It does not apply to third-party websites or services, including the social media platforms you connect to kwipt — those are governed by the privacy policies of the respective platforms.

2. Information We Collect

We collect information in three ways: information you provide directly, information we receive when you connect a third-party platform, and information collected automatically when you use the Service.

Information you provide directly:

  • Account information — name, email address, password, business name
  • Billing information — name, billing address, and payment method (payment card details are processed by our payment processor and not stored by kwipt)
  • Brand voice and onboarding data — descriptions of your business, services, audience, tone preferences, and any reference content you provide so the Service can learn your brand
  • Customer Content — photos, videos, copy, business information, brand assets, and any other materials you upload
  • Communications — messages you send to our support team, feedback, and survey responses

Information from connected third-party platforms:

When you connect an account from a third-party platform (a “Connected Account”), we receive data through that platform's API based on the permissions you grant. The specific data depends on the platform; see Section 3 below for details.

Information collected automatically:

  • Usage data — pages viewed, features used, content created, publish actions taken, errors encountered
  • Device and connection data — IP address, browser type, operating system, device identifiers, referring URL, timestamps
  • Cookies and similar technologies — see Section 9

3. Connected Third-Party Accounts

The Service requires you to connect accounts from third-party platforms in order to publish content on your behalf. When you connect an account, we receive an OAuth access token (and where applicable, a refresh token) that allows kwipt to perform the actions you have authorized. Tokens are encrypted at rest and used only for the actions described below.

The specific scopes and data we access depend on the platform. The list below reflects the integrations supported as of the date of this policy. We will update this list as we add or modify integrations.

Pinterest:

  • boards:read — to list your Pinterest boards so you can select where to publish
  • pins:write — to create pins on your behalf

Google Business Profile:

  • business.manage — to read your business profile information, create and manage local posts, read and reply to reviews, read performance metrics, and manage business media on the profiles where you have granted kwipt manager access

Meta (Instagram + Facebook):

  • pages_show_list, pages_read_engagement, pages_manage_posts, pages_manage_engagement — to list your Pages, read engagement data, publish posts, and manage comments and replies on your behalf
  • instagram_basic, instagram_content_publish, instagram_manage_comments, instagram_manage_insights — to read your Instagram business account, publish feed posts and reels, manage comments, and read insights

YouTube (and YouTube Shorts):

  • youtube.upload — to upload videos and Shorts on your behalf
  • youtube — to read channel and video metadata and manage video settings (titles, descriptions, thumbnails)
  • youtube.readonly — to read analytics where applicable

TikTok:

  • video.upload, video.publish — to upload and publish videos on your behalf
  • user.info.basic, user.info.profile — to read basic account info for content posting

LinkedIn:

  • w_member_social, w_organization_social — to publish posts to your personal feed or company page on your behalf
  • r_organization_social — to read engagement metrics on your published content

You retain full ownership of your Connected Accounts at all times. You can revoke kwipt's access at any time through the security or connected-apps settings of the relevant third-party platform, or by disconnecting the account within the Service. Revoking access disables the corresponding features of the Service for that account; tokens are deleted from our database upon disconnection.

4. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Generate content, marketing plans, and recommendations on your behalf using AI
  • Schedule and publish content to your Connected Accounts as you direct
  • Read engagement data, reviews, and analytics from Connected Accounts to inform recommendations and reporting
  • Process payments and manage subscriptions
  • Communicate with you about the Service, including support requests, billing notices, and important updates
  • Improve the Service through aggregated and de-identified usage analysis
  • Detect, prevent, and respond to security incidents, fraud, and abuse
  • Comply with legal obligations and enforce our Terms of Service

5. Google API Services User Data Policy

kwipt's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use information received from Google APIs only to provide and improve user-facing features that are prominent in the Service
  • We do not transfer Google user data to others except as necessary to provide the Service, in compliance with applicable laws, or as part of a merger, acquisition, or sale of assets with notice to you
  • We do not use Google user data for serving advertisements
  • We do not allow humans to read Google user data, except: (a) with your affirmative consent for specific data, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and de-identified

6. AI Processing and Generated Content

The Service uses artificial intelligence to learn your brand voice, generate content recommendations, and produce text, images, and video content (“Generated Content”). To do this, we send relevant inputs — including portions of your Customer Content, brand voice data, and prompts derived from your settings — to AI service providers (see Subprocessors in Section 7).

  • We do not use your Customer Content or Generated Content to train foundation AI models without your consent.
  • AI service providers are contractually bound to process data only as instructed by kwipt and not to retain it for their own model training (subject to their respective terms).
  • We may use aggregated and de-identified usage data to improve the Service.

You are responsible for reviewing and approving Generated Content before it is published. AI-generated output may contain errors, inaccuracies, or content that does not reflect your intent.

7. Subprocessors

We use trusted third-party service providers (“Subprocessors”) to operate the Service. Subprocessors only process the data necessary to perform their function and are bound by data protection obligations. Our current Subprocessors include:

  • Anthropic — large language model processing (text generation, analysis)
  • Cloudinary — image storage, processing, and AI-assisted media analysis
  • Shotstack — video rendering
  • Inngest — background job orchestration
  • Neon — managed PostgreSQL database
  • Vercel — application hosting and deployment
  • Ghost — blog and newsletter publishing (where enabled)
  • Constant Contact — email delivery (where enabled)
  • Pixabay — royalty-free music sourcing
  • Stripe — payment processing (when subscriptions launch)

We may add or change Subprocessors as the Service evolves. Material changes will be reflected in this policy.

8. How We Share Information

We do not sell, trade, or share your personal information or platform credentials with any third parties for their own marketing purposes. We share information only in the following circumstances:

  • With Subprocessors as described in Section 7, to operate the Service
  • With Connected Accounts as authorized by you, to publish content and manage your accounts on those platforms
  • For legal reasons when required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of kwipt, our users, or others
  • In connection with a business transaction such as a merger, acquisition, financing, or sale of assets, in which case we will notify you and any successor will be bound by the commitments in this policy
  • With your consent for any other purpose

9. Cookies and Analytics

The Service uses cookies and similar technologies for authentication, security, preferences, and analytics. Some cookies are essential for the Service to function (for example, keeping you logged in). Others help us understand how the Service is used so we can improve it.

You can manage cookies through your browser settings. Disabling cookies may affect your ability to use parts of the Service.

10. Data Retention

We retain information for as long as necessary to provide the Service and meet legal, accounting, and reporting obligations.

  • Account and billing data — retained for the duration of your account, plus any period required by law (typically 7 years for financial records)
  • Customer Content and Generated Content — retained for the duration of your account; deleted within 30 days after account closure unless you request earlier deletion
  • OAuth tokens — retained until you disconnect the integration, then deleted from our database
  • Brand voice training data — retained for the duration of your account; deleted within 30 days after account closure
  • Usage and log data — typically retained for up to 24 months, then aggregated or deleted

11. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect information against unauthorized access, alteration, disclosure, and destruction. These include encryption of OAuth tokens at rest, encryption in transit (TLS), access controls, and infrastructure provided by reputable cloud providers.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

12. Your Rights

Depending on where you live, you may have certain rights regarding your personal information.

California residents (CCPA/CPRA):

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share
  • Access a copy of your personal information
  • Request deletion of your personal information
  • Correct inaccurate personal information
  • Limit the use and disclosure of sensitive personal information
  • Opt out of the “sale” or “sharing” of personal information (kwipt does not sell or share personal information for cross-context behavioral advertising)
  • Be free from discrimination for exercising any of these rights

To exercise these rights, contact us at info@kwipt.com. We will verify your identity before responding.

EU/EEA/UK residents (GDPR/UK GDPR):

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to:

  • Access, correct, or delete your personal data
  • Restrict or object to processing of your personal data
  • Receive a copy of your personal data in a portable format
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data protection authority

The legal bases on which we process personal data include performance of a contract (operating the Service), legitimate interests (improving the Service, security), consent (where required), and compliance with legal obligations.

To exercise these rights, contact us at info@kwipt.com.

13. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it. Parents or guardians who believe their child has provided us with information should contact us.

14. International Data Transfers

kwipt is based in the United States, and our Subprocessors may operate in the United States and other countries. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international data transfers.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you by email or through the Service. Your continued use of the Service after the update constitutes acceptance of the revised policy.

16. Contact

For any questions about this Privacy Policy or how your data is handled, contact us:

kwipt
Email: info@kwipt.com
Web: kwipt.com

For data protection inquiries, please use the same email and include “Privacy Request” in the subject line.