Privacy Policy

1) Who we are

“anqupu” (“we”, “us”, “our”) is a social media management platform that helps you create, schedule, and analyze posts across multiple social networks.
Legal entity: [Company legal name], [registered address], [country].
Contact: privacy@anqupu.com | [postal address]
Data Protection Officer (if applicable): [DPO name], dpo@anqupu.com
EU/UK representative (if applicable): [Name, address, email]

2) Scope

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:

• visit our websites and apps (the “Services”),

• create an account,

• connect your social media accounts, and

• interact with our support or marketing.

If you use anqupu under a business subscription, your organization may be the controller of certain data, and we act as its processor (see §12).

3) The data we collect

A. You provide directly

• Account data: name, email, password (hashed), username/handle, profile photo, role, organization name.

• Billing data: billing contact, address, VAT/tax ID, and payment method details via our payment processor (we do not store full card numbers).

• Content & media: drafts, scheduled/posted content, captions, comments you choose to publish via anqupu, media files you upload.

• Support & feedback: messages, tickets, survey responses.

B. Collected automatically

• Usage & diagnostics: app interactions, timestamps, crash logs.

• Device & technical data: IP address, browser type, OS, device identifiers.

• Cookies & similar tech: pixel tags, local storage (see §8).

C. From third parties (with your permission)

• Social networks via OAuth: profile info, page/account IDs, permissions/scopes, access tokens/refresh tokens, and—only as needed for the features you enable—content, comments, messages, analytics/insights (see §7).

• Single Sign-On (optional): name, email, org ID from your SSO provider.

• Payment processor: payment status, last 4 digits, card brand, expiry month/year.

• Analytics/CRM tools: campaign attribution and product analytics.
  [Replace with the names of your providers in §9.]

We do not knowingly collect data from children under 16 (see §14).

4) Why we process your data (and legal bases)

You can withdraw consent at any time where consent is our basis.

5) Staying in control

Depending on your location, you may have rights to:

• Access, correct, and delete your personal data,

• Portability (get a copy in a machine-readable format),

• Restrict or object to certain processing,

• Opt out of marketing communications,

• Not be subject to automated decisions with legal/similar significant effects (we don’t do this; see §15).

How to exercise: email privacy@anqupu.com. We’ll verify your identity and respond within required timeframes.
EEA/UK: you can complain to your local data authority.
California: we do not “sell” or “share” personal information for cross-context behavioral advertising as defined by the CPRA. [If you use advertising cookies/retargeting, replace with your opt-out mechanism.]

6) How long we keep data (retention)

We keep data only as long as needed for the purposes above or to meet legal obligations.

• Account data: for your subscription term and [30] days after closure.

• Scheduled content & media: until posted or deleted; backups for [90] days.

• Social tokens: rotated regularly; deleted within [24–72] hours after you disconnect a profile or close your account.

• Logs & diagnostics: [12] months (shorter where feasible).

• Billing records: [7] years (or as law requires).

You can request deletion sooner where applicable.

7) Social network integrations

When you connect a social account, we use OAuth to obtain access tokens. We never store your social media passwords.

• We access only the scopes you grant (e.g., read insights, publish posts, manage comments).

• We post only when you schedule/publish via anqupu or enable automations.

• Tokens are encrypted at rest and in transit; access is restricted by role.

• Disconnect at any time in Settings → Social Accounts.

• Removing a network’s permissions may limit features.

[Add the specific scopes for each network you support, e.g., Facebook/Instagram Pages, X/Twitter, LinkedIn, TikTok, Pinterest, YouTube.]

8) Cookies and similar technologies

We use:

• Strictly necessary cookies (login, security, load balancing),

• Functional cookies (preferences),

• Analytics cookies (product usage),

• [Optional] Marketing cookies (if you enable them).

Where required, we present a consent banner to manage cookie preferences. You can also control cookies via your browser. Disabling some cookies may impact functionality.

9) How we share information

We do not sell personal information. We share data only with:

• Service providers (processors): hosting, databases, storage/CDN, email, analytics, logging/monitoring, payment processing, customer support, and identity/SSO.
  Examples (replace with your vendors): [Cloud host], [Payment processor], [Email/SMS provider], [Error monitoring], [Analytics], [CRM].
  We require data processing agreements and appropriate security measures.

• Connected social networks: when you publish or request insights via the APIs you’ve authorized.

• Legal & safety: to comply with law, enforce our terms, or protect rights, safety, and property.

• Business transfers: as part of a merger, acquisition, or asset sale (we’ll notify you where required).

We maintain a current list of subprocessors here: [link to sub-processor page].

10) International data transfers

We operate globally. Where we transfer personal data internationally, we use appropriate safeguards, such as:

• EU/UK Standard Contractual Clauses (and the UK Addendum),

• Data Privacy Framework participation [if applicable],

• Other legally recognized mechanisms.

Details are available in our Data Processing Addendum (DPA): [link to DPA].

11) Security

We use administrative, technical, and physical safeguards appropriate to the risk, including:

• Encryption in transit (TLS) and at rest,

• Least-privilege access; SSO/MFA for internal tools,

• Regular patching, monitoring, and backups,

• Vendor due diligence and contractual safeguards.

No method is 100% secure; if we discover a breach that affects you, we’ll notify you and relevant authorities as required by law.

12) Our role: controller vs. processor

• For website, marketing, billing, and account data, anqupu is the controller.

• For content you upload, social accounts you connect, and related end-user data you direct us to process within the Services, we act as a processor on behalf of your organization (the controller). Our obligations as a processor are set out in the DPA referenced above.

13) Third-party links

The Services may link to third-party sites or apps. Their privacy practices are governed by their own policies. Please review them carefully.

14) Children’s privacy

The Services are not intended for, and we do not knowingly collect data from, anyone under 16. If you believe a child has provided personal data, contact us and we’ll delete it.

15) Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects.

16) Changes to this Policy

We may update this Policy from time to time. We’ll post the updated version and change the “Last updated” date. If changes are material, we’ll provide additional notice (e.g., email or in-app).

17) How to contact us

• Email: privacy@anqupu.com

• Mail: [Company legal name], [address, city, country]

• EU/UK Representative (if applicable): [contact details]

• Turkey (KVKK) contact (if applicable): [contact details]