Note legali

Informativa sulla privacy

Ultimo aggiornamento: 19 April 2026

This Privacy Policy explains how Styrar (“we”, “our”, or “us”) collects, uses, and shares information when you use Styrar(the “Service”). By using the Service you agree to the practices described below.

1. Who we are

Styrar is a social media management platform. Our registered address and data controller details are available on request at [email protected].

2. Information we collect

2.1 Information you provide

  • Account information - name, email address, and password when you register.
  • Profile information - optional profile photo, timezone, and display name.
  • Content you create - posts, captions, link names, campaign labels, notes, and media files you upload.
  • Payment information - billing details processed by Stripe. We do not store full card numbers; Stripe handles PCI compliance on our behalf.
  • Support communications - messages you send to our support or legal email addresses.

2.2 Information we collect automatically

  • Usage data - pages visited, features used, and actions taken within the dashboard.
  • Log data - IP address, browser type, operating system, referring URL, and timestamps of requests.
  • Link click data - when someone clicks a short link you create, we record the referrer URL, approximate geographic location (country/city derived from IP), device type, and click timestamp. We do not collect the full IP address of link visitors beyond what is needed for geolocation.
  • Cookies and local storage - see our Cookie Policy for details.

2.3 Information from third parties

  • Social platforms - when you connect a social account (Instagram, Facebook, X, Threads, TikTok, LinkedIn, YouTube, Pinterest, and Google Business Profile) we receive OAuth tokens and the account metadata the platform provides (e.g. username, profile image, follower count). We use this only to operate the Service on your behalf.
  • Shopify - when you install the Styrar Shopify app, we receive your store domain, an access token scoped to the permissions you grant, and product data necessary to operate the integration. We register webhooks to receive product status updates.
  • Google OAuth - if you sign in with Google we receive your name and email address from Google to create or log into your account.

3. How we use your information

  • Provide, operate, and improve the Service.
  • Authenticate your identity and maintain your session.
  • Publish posts and manage content on your connected social accounts as instructed by you.
  • Generate analytics and reports you request.
  • Process billing and send receipts via Stripe.
  • Send transactional emails (email verification, password reset, approval notifications) via Resend.
  • Detect fraud, abuse, and security threats.
  • Comply with legal obligations.

We do not sell your personal data. We do not use your content to train AI models.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area or United Kingdom, we rely on the following legal bases:

  • Contract performance - processing necessary to deliver the Service you have signed up for.
  • Legitimate interests - security, fraud prevention, and service improvement, balanced against your interests.
  • Legal obligation - where required by applicable law.
  • Consent - for optional cookies and marketing communications, where applicable.

5. Sharing your information

We share your information only in the following circumstances:

  • Service providers- we engage sub-processors to operate the Service, including Railway (hosting & database), Cloudflare (CDN & DNS), Stripe (payments), Resend (transactional email), PostHog (error tracking & analytics), and S3-compatible storage for media files. Each sub-processor is bound by data processing agreements.
  • Social platforms - content you schedule is published to the platforms you have connected, as directed by you.
  • Team members - within your workspace, team members with appropriate permissions can see content, analytics, and activity logs.
  • Legal requirements - if required by law, court order, or to protect the rights, property, or safety of Styrar, our users, or the public.
  • Business transfers - in the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy commitments.

6. Data retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account from Settings → Delete account:

  • You confirm by email and enter a 24-hour waiting period during which you can cancel the request.
  • Personal profile data and personal workspace content are removed after that window.
  • Aggregated, anonymised analytics data may be retained for up to 2 years for product improvement purposes.
  • Billing records are retained for 7 years to comply with financial regulations.
  • Backup copies may persist for up to 90 days in encrypted storage before being purged.

7. Security

We use industry-standard security measures including HTTPS encryption in transit, bcrypt-hashed passwords, AES-256-GCM encrypted secrets, TOTP two-factor authentication, and HTTP-only session cookies. Despite these measures no system is perfectly secure; we encourage you to use a strong password and enable two-factor authentication.

8. International transfers

Our infrastructure is hosted primarily in the EU/EEA via Railway and Cloudflare. If data is transferred outside the EEA we rely on Standard Contractual Clauses or other appropriate safeguards as required by applicable law.

9. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - request correction of inaccurate or incomplete data.
  • Erasure - request deletion of your personal data, subject to legal retention requirements.
  • Portability - request your data in a structured, machine-readable format.
  • Restriction / objection - request that we restrict or stop processing your data in certain circumstances.
  • Withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related enquiries, contact us at [email protected] or visit our contact page.

Join the beta waitlist

By signing up you agree to receive marketing email. See our Privacy Policy.