Privacy Policy

1. Who we are (Data Controller)

The data controller responsible for the processing of your personal data in connection with the Publy iOS application (App Store name: Publy, bundle identifier com.ivseg.lyrano, the "App") and the website getpubly.com (together, the "Service") is:

Data Protection Officer (DPO). A DPO is not appointed because the controller is a sole proprietor whose core processing activities do not meet the mandatory designation criteria of GDPR Article 37. For all privacy enquiries please use the contact email above; we treat every privacy request with the same diligence a DPO would apply.

2. Scope of this policy

This Privacy Policy applies to:

• the iOS application “Publy” distributed via the Apple App Store;
• the marketing and informational website at https://getpubly.com/;
• the supporting backend API hosted at carousel-be-production.up.railway.app.

It does not apply to third-party services that you may follow links to (Apple, Instagram, LinkedIn, etc.) or to content you publish to those platforms after generation.

3. What data we collect, why, and on what legal basis

We process the following categories of personal data. The legal bases are taken from GDPR Article 6(1).

3.1 Account data (collected when you sign in with Apple)

We store these fields server-side in our PostgreSQL database. The Apple identifier is the stable join key; we do not create our own password and we do not receive any other Apple account information.

3.2 Writing context, profile and generation inputs

When you fill out the “My Context” or “Writing Style” screens, or when you type / speak a prompt, we store and process: your declared expertise / niche, target audience, content goal, and any avoidances; writing samples you paste in to teach the AI your voice; and the prompt text you submit when you ask the App to generate a post or a carousel.

These fields may include personal information about you or third parties if you choose to put it there. We do not extract, enrich, or analyse personal data inside prompts.

Legal basis: GDPR Art. 6(1)(b) — performance of contract.

3.3 Voice input (microphone)

If you use the voice-to-text feature, the App records audio in m4a format on your device, uploads it to our backend, and the backend forwards it to OpenAI Whisper for transcription. The audio file is held only for the duration of the request; we do not persist the audio file or the transcribed text.

Legal basis: GDPR Art. 6(1)(b) — performance of contract.

3.4 Photo library (add only)

If you tap “Save to Photos” on a generated carousel, the App writes the rendered images to your Photo Library. We do not read your photo library and do not transmit any saved image off-device.

3.5 Subscription, billing and quota data

App Store transaction data. Apple, not us, processes your payment. We never see your card number. We use RevenueCat for subscription state management, sharing a SHA-256 hash of your Apple user identifier, your email, display name, and an internal user ID. We also store the number of free generations you have used and, after account deletion, a SHA-256 hash of your identifiers to prevent free-tier abuse (see Section 13).

Legal basis: Art. 6(1)(b) for transaction processing; Art. 6(1)(f) — legitimate interest in fraud prevention — for the post-deletion fraud record.

3.6 Locally generated content (on-device only)

The following is stored on your device using Apple’s SwiftData framework and never leaves the device unless you explicitly export it: carousel posts, carousel cards, styles, hook posts, text posts, and custom fonts. We do not have access to it. Uninstalling the App deletes it.

3.7 Local preferences (UserDefaults / Keychain)

The App stores on your device: a UUID anonymous analytics identifier (in iOS Keychain); our access and refresh tokens for the backend API; onboarding flags and a JSON snapshot of your last fetched user profile. This data does not leave your device and is wiped when you sign out or delete the App.

3.8 Diagnostic and crash data

We integrate Firebase Crashlytics for crash reports and TelemetryDeck for product analytics. We transmit error types, truncated HTTP response bodies, failed URLs, our internal numeric user ID (Crashlytics), and a randomly generated anonymous ID (TelemetryDeck). We do not transmit your prompts, voice recordings, generated content, or email/name to Crashlytics or TelemetryDeck.

Legal basis: Art. 6(1)(f) — legitimate interest in maintaining stability and security.

3.9 Server-side LLM usage logs

For each generation we record the model name, pipeline stage, input/output token counts, and the calculated cost in USD. We do not log the prompt text or the model output. There is no foreign-key link between this table and your user record.

Legal basis: Art. 6(1)(f) — legitimate interest in cost monitoring and capacity planning.

3.10 Server logs

Our backend emits structured logs (request ID, route, status code, latency). Server-error responses may be sent to Sentry with a request-body excerpt truncated to 2,000 characters; Sentry is configured with send_default_pii=False, breadcrumbs disabled, and frame locals disabled.

Legal basis: Art. 6(1)(f) — legitimate interest in operating and securing the Service.

4. How we use your data

We use the personal data described above only for the following purposes:

1. to authenticate you and keep you logged in (Sign in with Apple);
2. to deliver the core feature of the Service — generating posts and carousels with the LLM provider you have implicitly selected via our routing logic;
3. to apply your “My Context” and “Writing Style” so that generations stay on-brand;
4. to transcribe your voice input via OpenAI Whisper;
5. to process subscriptions and entitlement checks via RevenueCat and Apple;
6. to enforce the free-tier quota and prevent fraud after account deletion;
7. to diagnose crashes and errors;
8. to compute aggregated, non-identifying product metrics;
9. to comply with legal obligations (tax records linked to subscriptions, response to lawful requests);
10. to communicate with you about service-critical changes — we do not send marketing email.

We do not use your data for: behavioural advertising, profiling that produces legal effects, sale to data brokers, or training our own or any third party’s machine-learning models.

5. Third-party services and sub-processors

We share personal data only with the sub-processors listed below, and only to the extent necessary for them to perform their function.

We do not share your data with advertising networks. We do not sell your data. We do not disclose your data to third parties for their own marketing purposes.

If we ever add or replace a sub-processor, we will update this list and (for material changes) notify you in-app.

6. International data transfers

Several of our sub-processors are located in the United States. Where the recipient is certified under the EU-US Data Privacy Framework (Decision (EU) 2023/1795) we rely on that adequacy decision. Where it is not, we rely on the Standard Contractual Clauses (Decision (EU) 2021/914) supplemented by encryption in transit (TLS 1.2+), encryption at rest, hashing of identifiers, and contractual prohibitions on government-disclosure beyond what is legally compelled.

You may obtain a copy of the safeguards applied to a specific transfer by writing to support@getpubly.com.

7. Data retention

When the retention period expires, data is deleted or anonymised.

8. Your rights under the GDPR

Under EU and UK GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15) — to obtain confirmation that we process your data and a copy of it.
• Right to rectification (Art. 16) — to correct inaccurate or incomplete data.
• Right to erasure (Art. 17) — to delete your account and the associated data. You can do this yourself in Settings → Account → Delete account; the deletion is immediate and irreversible.
• Right to restriction (Art. 18) — to limit how we process your data while a dispute is being resolved.
• Right to data portability (Art. 20) — to receive your account, context, writing-style and draft data in a structured, machine-readable format (JSON). Send a request to support@getpubly.com.
• Right to object (Art. 21) — to object, on grounds relating to your particular situation, to processing that we conduct on the basis of legitimate interest.
• Right not to be subject to a decision based solely on automated processing (Art. 22) — note that AI generation is not a “decision producing legal or similarly significant effects” within the meaning of Art. 22.
• Right to lodge a complaint with a supervisory authority (see Section 18).

We respond to verified requests within 30 days. We may ask you to authenticate yourself with the App so that we can be sure we are talking to the right person.

9. EU 14-day right of withdrawal (subscriptions)

If you reside in the European Union and you purchase a Publy subscription, you have the right under the EU Consumer Rights Directive to withdraw from the subscription contract within 14 days of its conclusion, without giving any reason.

Because Publy is a “digital service” the right to withdraw is lost if you expressly request immediate access to the service and acknowledge that the right will lapse once the service is supplied. By tapping “Subscribe” in the App you give that consent.

If you wish to exercise the right of withdrawal:

1. Email support@getpubly.com within 14 days of the subscription’s start using a clear statement.
2. Apple processes the refund in accordance with its App Store Refund policy. We will assist you with the request to Apple.

10. Children’s privacy

Publy is rated 17+ on the App Store and is not directed to children. We do not knowingly collect personal data from anyone under 16 (or the equivalent minimum age in your country — for example, 13 in the United States under COPPA, 16 in Poland under GDPR Art. 8). If you believe a minor has registered, please email support@getpubly.com and we will delete the account.

11. Security measures

We implement administrative, technical and organisational measures appropriate to the risk:

• TLS 1.2+ for every connection between the App, our backend, and our sub-processors;
• AES-256 encryption at rest for the PostgreSQL database (managed by Railway);
• one-way SHA-256 hashing of refresh tokens, Apple user IDs (where used as a foreign key with sub-processors), and device identifiers stored in fraud-prevention records;
• Apple App Attest / DeviceCheck enrolment for the App;
• least-privilege access controls — only the controller and contracted technical operators have production access;
• Sentry configured with PII off, frame locals off, breadcrumbs off;
• regular dependency updates and review of sub-processor security postures.

No internet-connected service can be guaranteed 100% secure. If we become aware of a personal-data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the supervisory authority in accordance with GDPR Art. 33–34.

12. Automated decision-making and AI-specific disclosures

Publy uses third-party large language models to generate content at your request. Specifically:

• The text you type or dictate is sent as-is to one of Anthropic, OpenAI, or Google’s API endpoints, augmented with a system prompt and your writing-style and context information. We do not parse your prompts to detect or extract personal data.
• The output is returned to your device and shown in the App. You decide whether and how to publish it.
• Generation does not produce a legal or similarly significant effect on you within the meaning of GDPR Art. 22.
• We do not use your prompts or outputs to train any of our own models. Our LLM providers’ commercial-API terms commit them not to use API content for training their foundation models.
• AI output may be inaccurate, biased, or fabricated. You are responsible for reviewing what you publish. See the Terms of Service.

13. Account recovery and fraud prevention

If you delete your account and later sign in to Publy again with the same Apple ID, the App will create a fresh account. Before the new account receives a fresh free-tier allowance, we look up the SHA-256 hash of your Apple user ID in our fraud-prevention records; if a record exists, we restore the previously consumed free-generation counter.

What this means for you:

• We do not restore your previous content, context, or writing style — those are deleted forever on account deletion.
• We do retain a hashed record of your Apple user identifier (and, where available, of your device identifier) so that your free-tier counter survives re-registration. We do not retain any reversible form of these identifiers.

If you would like the fraud-prevention record removed, email support@getpubly.com and we will assess the request under GDPR Art. 17 / 21.

14. No sale of personal information; California (CCPA / CPRA) notice

We do not sell, rent or trade your personal information, and we do not share it with third parties for cross-context behavioural advertising. We have not done so in the preceding 12 months and we have no plans to start.

If you are a resident of California, the CCPA / CPRA gives you the following rights with respect to the categories of personal information we collect:

As a California resident you have the right to: know what personal information we collect and receive a portable copy; delete your personal information (delete your account from inside the App); correct inaccurate personal information; opt out of the sale or sharing of personal information (we do not sell or share, so no opt-out is necessary); and non-discrimination for exercising any of these rights.

To exercise a CCPA right, email support@getpubly.com from the email address tied to your Account. We will verify your identity by asking you to perform an authenticated action in the App.

15. Sharing consumption data with Apple

When Apple receives a refund request relating to a Publy subscription, Apple may ask us — through Apple’s Refunds Consumption Request programme — to share information about how you have used the App since the purchase (number of generations consumed, account activity, last-active timestamps, and similar usage metrics). By accepting these terms and making an in-app purchase, you consent to our sharing of such consumption data with Apple, solely to enable Apple to make an informed decision on the refund request. We share only what is reasonably necessary for that purpose. We do not share prompts, generated content, or full message bodies with Apple for refund processing.

16. Changes to this policy

We may update this policy from time to time. The “Effective date” at the top reflects the latest version. For material changes (e.g. a new sub-processor, new categories of data) we will notify you in-app and, where required, ask for renewed consent. Past versions are available on request.

17. How to contact us

18. Governing law and supervisory authority

This Privacy Policy is governed by the laws of the Republic of Poland and applicable European Union law. The competent supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), uodo.gov.pl.

If you reside in another EU/EEA Member State, you may also lodge a complaint with the supervisory authority of your country of residence, place of work, or place of the alleged infringement (GDPR Art. 77).

19. Revision history