Octonity
Sign inStart free
Legal

Privacy Policy

The short version: we collect what we need to run the product, we don't sell it, and you can export or delete it on demand.

Last updated: May 1, 2026

1. Who we are

Octonity (“we,” “us,” “our”) operates the social media planning, creation, and publishing workspace available at octonity.com and related subdomains (the “Service”). This policy describes how we handle personal data when you visit our marketing site, sign up for a workspace, or connect a social channel.

2. What we collect

  • Account data: name, work email, password hash, workspace, role, and billing contact.
  • Content you create: posts, drafts, comments, templates, uploaded media, and scheduled campaigns.
  • Channel data: OAuth tokens and metadata for the social networks you connect (e.g. page ID, handle, avatar). We never store your social network password.
  • Usage data: pages viewed, features used, device and browser type, IP address, and timestamps. We use this to debug and improve the product.
  • Billing data: handled by our payment processor (Stripe). We store the last 4 digits and expiry of your card for receipts, but never the full number.

3. How we use it

  • To run the Service: publish your posts, sync analytics, send notifications, route support requests.
  • To bill you and prevent fraud.
  • To improve the product through aggregated, de-identified usage metrics.
  • To send transactional email (receipts, password resets, security alerts). Marketing email is opt-in and one-click unsubscribe.

We do not sell personal data, share it with ad networks, or train external AI models on your content.

4. Subprocessors

We use a small set of vetted vendors to operate the Service: cloud hosting (AWS, Frankfurt region), payment processing (Stripe), email delivery (Postmark), error monitoring (Sentry), and product analytics (PostHog, self-hosted). A current list is available on request and published in our DPA.

5. Where data lives

Workspace data is stored in the EU (Frankfurt) by default. Customers on the Business plan can request a US region. Encrypted backups are retained for 30 days.

6. How long we keep it

  • Active workspaces: as long as your account is open.
  • Cancelled workspaces: 30 days, then permanently deleted.
  • Billing records: 7 years (German tax law).
  • Server logs: 14 days.

7. Your rights

Under GDPR and equivalent laws you have the right to access, correct, export, restrict, or delete your personal data, and to object to processing. You can do most of this from Settings → Privacy inside the app, or by emailing privacy@octonity.com. We respond within 30 days.

8. Cookies

We use a small number of first-party cookies for authentication and workspace preferences. We do not run third-party advertising cookies on the marketing site or in the app. A banner is shown to EU visitors on first visit.

9. Security

All traffic is encrypted with TLS 1.2+. Data at rest is encrypted with AES-256. Access to production systems is limited to a small on-call team and gated by hardware-key 2FA. We run quarterly penetration tests and publish a security overview at octonity.com/security.

10. Changes to this policy

If we make a material change we’ll email account admins at least 30 days before it takes effect. Smaller edits (typos, link fixes) are made in place and reflected in the “Last updated” date.

11. Contact

Questions? Write to privacy@octonity.com. Our Data Protection Officer can be reached at the same address.