Privacy Policy

ZynPost is an AI-powered social media scheduling platform operated by Jay Cousins, a sole trader based in England and Wales.

For any questions about this policy or our data handling practices, you can contact us at:

• Email: jay@zynpost.co.uk
• Website: zynpost.co.uk
• Jurisdiction: England and Wales, United Kingdom

For the purposes of UK GDPR, Jay Cousins trading as ZynPost is the data controller for the personal data we process.

We collect the following categories of personal data:

• Account data: your name, email address and a hashed password when you create an account.
• Business profile data: details about your business that you provide during onboarding and in settings, including business name, type, model, contact details, logo, brand voice, tone of voice and content preferences.
• Social media content: captions, images, videos, prompts and creative direction you submit to the platform, along with the content ZynPost generates from them on your behalf.
• Usage data: information about how you interact with the platform, including the posts you create, the platforms you publish to, the features you use and generation counts.
• Payment data: billing details and subscription status processed through Stripe. We do not store your full card number — Stripe handles card data as a PCI DSS Level 1 provider.
• Device and browser data: IP address, browser type, operating system, device type and other technical information collected automatically when you visit the site.
• Cookies: essential cookies used to keep you logged in and to secure your session.

We collect data in three ways:

• Directly from you — when you sign up, complete your business profile, create posts or buy a subscription.
• Automatically — when you use the platform, we collect usage and device data via essential cookies and server-side request logs.
• From connected third-party platforms — when you connect a Facebook, Instagram, TikTok or LinkedIn account, we receive basic account information and access tokens from that platform so that we can publish content on your behalf.

We only process personal data where we have a lawful basis to do so. The legal bases we rely on are: performance of a contract (to deliver the service you sign up for), legitimate interests (to run and improve the platform), consent (where required, e.g. for connected social accounts) and legal obligation (for tax records and fraud prevention).

We use your data to:

• Provide, operate and maintain the ZynPost platform
• Process your payments and manage your subscription
• Publish content to the social media accounts you have connected
• Generate AI captions, images and videos from your prompts and business context
• Improve the platform through aggregated, de-identified usage analytics
• Send you service-related emails such as billing receipts, account notifications and security alerts
• Prevent fraud, abuse and violations of our Terms of Service

ZynPost uses third-party AI providers to generate content on your behalf. When you use an AI feature, the relevant information is sent to the provider listed below:

• Captions:generated by OpenAI's GPT models. Your prompt, custom creative direction, caption preferences and relevant business context are sent to OpenAI to produce the caption text.
• Images: generated by fal.ai using the Nano Banana 2 model. The prompt text and, where applicable, your uploaded reference image or business logo are sent to fal.ai.
• Videos: generated by fal.ai using the Kling v3 Pro model. The prompt text and any uploaded start or end frames are sent to fal.ai.

These providers process your data solely to return the generated content to ZynPost. They do not use your prompts or media to train their models under our agreements. We do not send your name, email address, password or payment information to any AI provider.

We rely on a small set of carefully selected service providers to operate ZynPost. Each processes personal data only on our instructions and under a data processing agreement:

• Supabase — database hosting, authentication and user storage
• Cloudinary — image and video storage and delivery
• Stripe — payment processing and subscription management
• OpenAI — AI caption generation
• fal.ai — AI image and video generation
• Vercel — application hosting and content delivery
• Inngest — background job orchestration
• Facebook, Instagram, TikTok and LinkedIn — for publishing content to the accounts you have connected

Some of these providers are based outside the UK and EEA. Where this is the case, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses or an equivalent legal mechanism to ensure your data receives adequate protection.

When you connect a social media account to ZynPost, we receive an access token from that platform which allows us to publish content on your behalf.

• We only access your connected accounts to publish content you have created and approved within ZynPost.
• We never post, delete, read or modify anything else on your social accounts.
• Access tokens are stored encrypted at rest in our database and are only decrypted at the moment we publish on your behalf.
• You can disconnect a social account at any time from the Analytics page. This immediately revokes our access. You can also revoke access from the third-party platform's own settings.

Your data is stored in a Supabase database hosted in the European Union / United Kingdom region. We apply the following security measures:

• All data is encrypted in transit using TLS 1.2 or higher
• All data is encrypted at rest using AES-256
• Passwords are hashed using bcrypt — we never see or store plaintext passwords
• Social media access tokens are encrypted before being written to the database
• Row-level security policies enforce that users can only access their own data
• Service-role database access is limited to background job workers and audited

We will never sell your personal data. We will never share it with third parties for marketing or advertising purposes.

We retain personal data only for as long as we need it:

• Account data is kept while your account is active and for up to 30 days after deletion, after which it is permanently removed from our live systems.
• Generated media (images and videos) is kept in Cloudinary until you delete it from your library, or for up to 30 days after you delete your account.
• Payment records are retained by Stripe for 7 years to comply with HMRC and anti-money-laundering obligations.
• Support emails may be retained for up to 2 years to provide continuity of service.

Under UK GDPR and the Data Protection Act 2018 you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — ask us to delete your personal data (subject to legal retention requirements)
• Right to restrict processing — ask us to limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests

To exercise any of these rights, email us at jay@zynpost.co.uk and we will respond within 30 days. We may need to verify your identity before processing a request.

ZynPost uses only essential cookies required to keep you logged in and to protect your session from CSRF attacks. These cookies are strictly necessary for the service to function, and you cannot opt out of them while using the platform.

We do not use advertising cookies, tracking pixels or third-party analytics cookies. We use Vercel Analytics and Speed Insights for basic performance monitoring, but these do not set cookies and do not track individual users.

You can manage or delete cookies at any time from your browser settings. Blocking essential cookies will prevent you from signing in.

ZynPost is not intended for children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at jay@zynpost.co.uk and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer or legal requirements. When we make material changes, we will notify registered users by email at least 14 days before the changes take effect, and we will update the “Last updated” date at the top of this page.

ZynPost is operated from the United Kingdom and all personal data is processed under UK GDPR and the UK Data Protection Act 2018. Our servers and sub-processors are located primarily in the United Kingdom and the European Economic Area (EEA).

If you access ZynPost from outside the UK, you do so at your own discretion and are responsible for compliance with any local laws that apply to you. By using the platform from outside the UK you acknowledge and agree that your personal data may be transferred to, stored in and processed in the United Kingdom and the European Union, which may have different data protection standards than your country of residence.

Where data is transferred internationally to our sub-processors (see Section 6), we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses or an equivalent legal mechanism to ensure your data receives adequate protection in line with UK GDPR requirements.

If you choose to upload face reference photos, ZynPost collects and stores this biometric data for the sole purpose of generating AI images that feature your likeness.

• Purpose: AI image generation only — your photos are used as reference images for the Nano Banana 2 model to produce consistent likenesses
• Storage: photos are stored securely on Cloudinary servers
• Retention: photos are deleted immediately when you remove them from Settings, when your account is deleted, or automatically after 90 days of inactivity (no image generations)
• Consent: explicit consent is required before upload. You can withdraw consent at any time by deleting your photos from Settings
• Sharing: we never share your face reference photos with third parties. They are only sent to the AI image generation service as part of the generation request
• Your rights: you have the right to access, delete, or withdraw consent for your biometric data at any time. Contact jay@zynpost.co.uk for data requests

If you have any questions or concerns about this Privacy Policy or how we handle your data, please email us at jay@zynpost.co.uk. We aim to respond to all enquiries within 5 working days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK data protection supervisory authority:

• Website: ico.org.uk
• Helpline: 0303 123 1113