Skip to content
MisarSocial

Privacy Policy

Last updated:

Introduction

Misar AI Technology Pvt. Ltd. ("we", "us", or "our") operates Misar Social at post.misar.io. This Privacy Policy explains what data we collect, how we use it, and what rights you have over it.

By using Misar Social, you agree to the collection and use of information as described in this policy. If you disagree, please stop using the service and contact us to delete your data.

Data We Collect

  • Account data: your name, email address, and password hash (or OAuth identity) provided during sign-up via id.misar.io.
  • Usage data: pages visited, features used, button clicks, timestamps, browser type, and IP address — used for security, debugging, and improving the product.
  • Social account tokens: OAuth access tokens and refresh tokens for connected platforms (X/Twitter, LinkedIn, Instagram, TikTok, Bluesky). These are encrypted with AES-256-GCM before storage and are never stored in plaintext.
  • Content you create: posts, drafts, schedules, AI-generated variants, and uploaded images.
  • GitHub integration data: repository names, release notes, and webhook event payloads from repos you connect to EchoForge or CodeShield.
  • Billing data: Stripe customer ID and subscription status. We never store full card numbers — Stripe handles payment data under their own PCI-compliant infrastructure.

How We Use Your Data

  • To provide and improve Misar Social — authentication, scheduling, AI generation, analytics dashboards, and CodeShield scans.
  • To publish content to your connected social accounts on your behalf, only when you schedule or approve a post.
  • To send transactional emails (post published, schedule failed, security alerts) via MisarMail — our self-hosted email infrastructure at mail.misar.io.
  • To calculate aggregate, anonymised product analytics (feature usage counts, error rates) — no individual tracking.
  • We do NOT use your content or data to train AI models.
  • We do NOT sell your data or share it with advertising networks.

Data Storage and Security

All data is stored on self-hosted infrastructure running on Hetzner servers located in Germany (EU). We do not use supabase.com cloud, AWS, Google Cloud, or any US-based managed database service for production data.

Social OAuth tokens are encrypted with AES-256-GCM using a key stored separately from the database. Passwords are hashed with bcrypt. All connections use TLS 1.2 or higher.

We conduct regular dependency audits and security scans on our codebase using CodeShield. Access to production infrastructure is restricted to authorised personnel only.

Data Retention

We retain your data for as long as your account is active. Published post records are kept for 12 months after publication for your analytics history.

You may delete your account and all associated data at any time from Settings → Account → Delete Account. Deletion is permanent and processed within 30 days. Backups containing your data are purged within 90 days.

Third-Party Services

  • Stripe: processes all subscription payments on behalf of Assisters LLC (Delaware, USA). Subject to Stripe's Privacy Policy at stripe.com/privacy.
  • X (Twitter), LinkedIn, Instagram, TikTok, Bluesky: when you connect these accounts, their APIs are used to publish content. Each platform's privacy policy governs how they handle data sent to them.
  • GitHub: when you install the Misar Social GitHub App, GitHub's privacy policy applies to data shared from your repositories.

Your GDPR Rights

If you are in the European Economic Area or United Kingdom, you have the following rights under the GDPR:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data ("right to be forgotten").
  • Right to data portability: receive your data in a machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to restrict processing: ask us to limit how we use your data while a dispute is resolved.

Cookies

We use only essential cookies required for authentication (session cookie, CSRF token) and a theme preference stored in localStorage. We do not use advertising or cross-site tracking cookies. For full details see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the dashboard at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

For privacy questions, data access requests, or to exercise your GDPR rights, contact us at:

Email: [email protected] Misar AI Technology Pvt. Ltd.

Privacy Policy | MisarSocial