Privacy Policy

1. Introduction

At ContentRoutine, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is: Keilo Studio Ltd Registered in England and Wales Company number: 17024802 Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom Email: contact@contentroutine.ai

3. Data We Collect

We collect the following categories of personal data:

Account Information (from Google OAuth)

Email address
Full name and first name
Profile picture
Google account identifier

Profile Information

Creator type (solopreneur, coach, consultant, etc.)
Timezone
Language preference (EN, FR, IT)
Notification preferences

Content Data

Strategic objectives and platform configurations
AI-generated content (posts, ideas)
Drafts and content iterations
Publication history and timestamps

Style Learning Data

Writing samples you provide for style calibration
Writing preferences (grammatical person, language level)
Platform-specific signatures

Technical Data

IP address
Browser type and device information
Usage patterns and feature interactions

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract performance: Processing necessary to provide the Service you subscribed to
Consent: For optional features like analytics and marketing communications
Legitimate interests: To improve our Service, ensure security, and prevent fraud
Legal obligation: To comply with applicable laws and regulations

5. Purposes of Processing

We use your personal data for the following purposes:

Providing and maintaining the Service
Generating content using AI providers (OpenAI, Anthropic)
Learning and applying your writing style
Processing payments and managing subscriptions via Stripe
Sending transactional emails (receipts, alerts, updates)
Analyzing usage to improve the Service
Ensuring security and preventing abuse

6. AI Data Processing

ContentRoutine uses third-party AI providers to generate content. This section explains how your data is processed by these services.

Data Sent to AI Providers

Your instructions and prompts for content generation
Contextual information (objective details, platform requirements)
Your writing style preferences and samples

AI Providers

We use the following AI providers:

OpenAI (GPT-4): For content generation and analysis. Privacy policy: https://openai.com/policies/privacy-policy
Anthropic (Claude): For content generation. Privacy policy: https://www.anthropic.com/legal/privacy

No Model Training

Your data sent to AI providers is processed via their standard API services and is NOT used to train their public AI models. Data is processed ephemerally for generating responses and is not stored by AI providers beyond their standard API retention policies.

7. Third-Party Services

We share your data with the following third-party service providers who process data on our behalf:

Google

Authentication via Google OAuth. We receive your email, name, and profile picture. Google's privacy policy: https://policies.google.com/privacy

Stripe

Payment processing. Stripe processes your payment information (card details, billing address). We do not store your full card number. Stripe's privacy policy: https://stripe.com/privacy

OpenAI

AI content generation. We send your prompts and context to generate content. OpenAI's privacy policy: https://openai.com/policies/privacy-policy

Anthropic

AI content generation (alternative provider). Anthropic's privacy policy: https://www.anthropic.com/legal/privacy

Brevo

Transactional emails (receipts, alerts, notifications). We share your email address and name. Brevo's privacy policy: https://www.brevo.com/legal/privacypolicy/

PostHog

Product analytics. We collect anonymized usage data to improve our service. PostHog's privacy policy: https://posthog.com/privacy

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), particularly the United States, where our AI providers (OpenAI, Anthropic) are located.

These transfers are protected by appropriate safeguards including: the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), and the service providers' compliance with UK GDPR and EU GDPR requirements.

9. Data Retention

We retain your personal data for the following periods:

Account data: Until you delete your account, plus any legally required retention period
Content data: Until you delete your account (immediately and permanently deleted)
Billing records: 6 years as required by UK tax law (HMRC requirements)
Technical logs: 12 months for security and debugging purposes

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Data encrypted at rest using AES-256 encryption
Data encrypted in transit using TLS 1.3
Strict access controls and authentication
Regular security monitoring and updates

11. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

Right of access: Obtain a copy of your personal data
Right to rectification: Correct inaccurate personal data
Right to erasure: Request deletion of your personal data ("right to be forgotten")
Right to restriction: Limit how we process your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at contact@contentroutine.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the ICO (Information Commissioner's Office): https://ico.org.uk. In France, this is the CNIL: https://www.cnil.fr. In Italy, this is the Garante per la protezione dei dati personali: https://www.garanteprivacy.it

12. Cookies

We use cookies and similar technologies to operate our Service:

Essential cookies: Required for authentication and security (session cookies)
Analytics cookies: To understand how you use our Service (PostHog). You can opt out via browser settings.

13. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email. The updated policy will be effective when posted on this page with a new "Last updated" date.

15. Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact us:

Email: contact@contentroutine.ai
Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom