Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how SupaBird OÜ, a private limited company registered in Estonia (registry code 16771484), with its registered address at Sepapaja tn 6, Lasnamäe linnaosa, Tallinn, Harju maakond, 15551, Estonia (“SupaBird,” “we,” “us,” or “our”), collects, uses, and protects your personal data when you use SupaBird (the “Service”) or visit our website.
We are the data controller for the personal data described in this policy. You can reach us at farid@supabird.io.
1. Data We Collect
Account data. Name, email address, password (stored hashed), and account settings you provide when registering.
Connected platform data. When you connect a social media account (such as X/Twitter, LinkedIn, or Threads), we receive and store the access tokens and profile information needed to operate the Service on your behalf, along with content and engagement data made available by that platform’s API (such as your posts, followers, and post performance metrics).
Content. Posts, drafts, media, and other content you create, upload, schedule, or publish through the Service.
Payment data. Payments are processed by Stripe. We do not store your full card details; we receive limited billing information such as your name, email, subscription status, and the last four digits of your card.
Usage data. Information about how you use the Service and our website, such as pages visited, features used, device and browser type, and approximate location derived from your IP address. We collect this through PostHog, hosted in the EU.
2. How We Use Your Data
We use your personal data to:
Provide and operate the Service, including publishing content to platforms you have connected, at your direction.
Process subscription payments and manage your account.
Communicate with you about the Service, including transactional emails and important notices.
Analyze usage to improve the Service and fix problems.
Comply with legal obligations and enforce our Terms of Service.
Legal bases (GDPR). We process your data on the basis of contract performance (operating the Service you signed up for), our legitimate interests (improving and securing the Service, basic analytics), your consent where required, and compliance with legal obligations (such as accounting rules).
3. Sharing Your Data
We do not sell your personal data. We share it only with:
Connected social platforms. When you publish or schedule content, we transmit it to the platform(s) you selected (e.g., X/Twitter, LinkedIn, Threads). Your use of those platforms is governed by their own privacy policies.
Service providers (processors). Stripe (payments), PostHog (analytics, EU-hosted), and infrastructure providers that host the Service. These providers process data only on our instructions.
Legal requirements. Authorities or third parties where required by law, or to protect our rights, users, or the public.
Business transfers. In connection with a merger, acquisition, or sale of assets, subject to this policy.
4. International Transfers
Your data is stored and processed in the United States, where our database and hosting infrastructure are located. Some providers, such as PostHog, process data in the European Union. For transfers of personal data from the EU/EEA to the United States, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision (including the EU-U.S. Data Privacy Framework, where the recipient is certified).
5. Data Retention
We keep your personal data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within 90 days, except where we must retain it longer to comply with legal obligations (such as accounting records) or to resolve disputes. You can disconnect a social platform at any time, which revokes our access tokens for that platform.
6. Your Rights
Under the GDPR, you have the right to:
Access the personal data we hold about you and receive a copy.
Correct inaccurate or incomplete data.
Delete your data (“right to be forgotten”).
Restrict or object to certain processing, including processing based on legitimate interests.
Data portability (receive your data in a structured, machine-readable format).
Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, email us at farid@supabird.io. We will respond within one month. You also have the right to lodge a complaint with a supervisory authority, in particular the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee) or the authority in your country of residence.
7. Security
We use appropriate technical and organizational measures to protect your data, including encryption in transit, hashed passwords, and access controls. No system is completely secure; notify us immediately at farid@supabird.io if you suspect unauthorized access to your account.
8. Children
The Service is not intended for anyone under 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email or in-app notice before they take effect. The “Last updated” date above reflects the latest version.
10. Contact
SupaBird OÜ Sepapaja tn 6, Lasnamäe linnaosa, Tallinn, Harju maakond, 15551, Estonia Email: farid@supabird.io