1. Who we are
publie.ai is a Software-as-a-Service product operated by DivamTech. For users in India, DivamTech is the data fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP). For users in the EU/UK, DivamTech is the data controller under the GDPR.
2. The data we collect
- Account data: your name, email address, password hash (never the password itself), and locale.
- AI Persona data: the goals, tones, language, voice samples, do’s and don’ts that you enter during onboarding and edit in Settings.
- Content data: the drafts, chat messages and posts you create using publie.ai, plus the LinkedIn post URN once you publish.
- LinkedIn connection data: OAuth access and refresh tokens (encrypted at rest with AES-256-GCM and KMS-managed keys), and your LinkedIn URN. We never see or store your LinkedIn password.
- Billing data: plan, subscription status, invoices and tax IDs. Card details are handled directly by our payment partners (Razorpay in India, Stripe globally) and are never stored on our servers.
- Operational data: request logs, audit logs (approvals, publishes, billing actions), and aggregated usage metrics used to operate and improve the service.
3. Why we collect it (legal basis)
- To deliver the service you signed up for (contract).
- To meet legal and tax obligations such as GST invoicing in India (legal obligation).
- To keep the service secure, prevent abuse and detect fraud (legitimate interest).
- To send you product and transactional emails you cannot opt out of (e.g. scheduled-post failure notifications) and product update emails you can opt out of (consent).
4. How we use AI
Your AI Persona, voice samples, drafts and chat messages are passed to our AI providers (currently OpenAI and Anthropic) to generate drafts. We have data-processing agreements with these providers that prohibit using your content to train their public models. Internally, we log only metadata about model runs (model name, prompt template version, token counts and a quality-check verdict), not the prompt text itself in plain form in the long-term audit log.
5. How we share data
We do not sell your data. We share it only with:
- LinkedIn - to publish posts you have explicitly approved (via the LinkedIn UGC Posts API).
- Razorpay (India) and Stripe / Paddle (global) - to process payments.
- OpenAI / Anthropic - to generate drafts (see §4).
- Our cloud and observability vendors (AWS or GCP, OpenTelemetry backend) - to operate the service.
- Law enforcement - only when required by a valid legal process.
6. Where your data lives
publie.ai is hosted on a managed cloud (AWS or GCP) in primary regions selected for reliability and latency. Backups are encrypted and retained for disaster recovery (PITR, RPO 15 minutes). We can offer EU data residency for enterprise plans on request.
7. How long we keep it
- Account data - for as long as your account is active, plus 30 days after deletion.
- Drafts - 90 days unless pinned.
- Published posts and audit logs - for the life of your account (audit logs are tamper-evident and required by tax law for at least 8 years for invoicing data).
- LinkedIn tokens - until you disconnect, the token expires, or the account is closed.
8. Your rights
You can, at any time, from Settings → Privacy & Data:
- Download your data (Right of Access).
- Delete your account and all associated personal data (Right to Erasure / Be Forgotten).
- Disconnect LinkedIn, this immediately pauses all scheduled jobs.
- Object to processing or restrict it, by emailing hello@publie.ai.
EU/UK users may also lodge a complaint with their local supervisory authority. Indian users may contact the Data Protection Board of India under the DPDP Act.
9. How we secure your data
- Encryption at rest (AES-256) for the database and object storage; TLS 1.2+ in transit.
- LinkedIn tokens encrypted with KMS-managed keys and never logged in plain text.
- Short-lived JWT access tokens with rotating refresh tokens and reuse detection.
- Rate limits per IP, per user and per endpoint; SAST and dependency scanning in CI; OWASP Top 10 hardening.
- Quarterly penetration testing from launch + 60 days.
10. Cookies
We use strictly necessary cookies for authentication (HttpOnly, Secure, SameSite=Lax), and aggregated analytics cookies to understand product usage. We do not use third-party ad-tracking cookies.
11. Children
publie.ai is intended for working professionals and is not for users under 18. We do not knowingly collect data from children. If you believe we have, write to hello@publie.ai and we will delete it.
12. Changes to this policy
If we make material changes to this policy, we will notify you by email and in-app at least 14 days before they take effect.
13. Contact
Privacy and security questions: hello@publie.ai