Privacy

Privacy Policy

Last updated: October 15, 2025

🔒 Your Privacy Matters

We are committed to protecting your personal information and being transparent about what data we collect and how we use it. We comply with GDPR and applicable data protection laws.

1. Information We Collect

Account Information

Company email address (verified domain)
Company name and website
Contact name and information
Account credentials (encrypted)

Press Release Content

Headlines, body text, and media
Company information and contact details
Publication dates and preferences
Content you choose to make public

Technical Information

IP address and location data
Browser type, version, and language
Device type and operating system
Page views and interaction data

Payment Information

Payment processing is handled securely by Stripe. We do not store credit card numbers or banking information on our servers. Stripe's privacy policy: stripe.com/privacy

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Process press releases and maintain your account
Domain Verification: Confirm your company email and prevent spam
Communication: Send important updates, notifications, and support
AI Processing: Optimize content using AI (OpenAI, Anthropic)
Analytics: Improve the Service and understand usage patterns
Security: Prevent fraud, abuse, and unauthorized access
Legal Compliance: Meet legal and regulatory requirements

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance: To provide the Service you've signed up for
Legitimate Interest: To improve the Service, prevent fraud, and ensure security
Legal Obligation: To comply with applicable laws and regulations
Consent: For marketing communications (you can opt-out anytime)

4. Information Sharing

We do not sell your personal information.

We may share your information only in these circumstances:

Public Press Releases: Content you publish is publicly accessible
Service Providers: Trusted third parties who help us operate our platform securely
AI Processing: Content sent to AI providers for optimization (with privacy safeguards)
Legal Requirements: When required by law, court order, or to protect our rights
Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures to protect your personal information:

Encryption: All data in transit uses HTTPS/TLS encryption
Database Security: Enterprise-grade database with row-level security (RLS) policies
Access Controls: Multi-factor authentication and role-based access
Regular Audits: Security reviews and vulnerability assessments
Backups: Encrypted, regular backups with disaster recovery
Monitoring: Real-time security monitoring and incident response

6. Data Retention

We retain your information as follows:

Account Information: Until you delete your account (plus 30 days grace period)
Published Press Releases: Indefinitely (part of public record)
Draft Content: 90 days after last edit or deletion
Technical Logs: 90 days for security and debugging
Payment Records: 7 years (tax and legal requirements)
Deleted Accounts: Personal data purged within 30 days

7. Your Privacy Rights (GDPR/CCPA)

You have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your account and data
Right to Portability: Receive your data in a machine-readable format
Right to Object: Opt-out of certain data processing activities
Right to Restrict: Limit how we process your data
Right to Withdraw Consent: Opt-out of marketing communications

To exercise these rights, email us at: [email protected]

We will respond to your request within 30 days. Note that published press releases remain public even after account deletion (they are part of the public record).

8. Cookies & Tracking

Essential Cookies

Authentication tokens (keep you logged in)
Security tokens (CSRF protection)
Session management

Analytics Cookies

Page views and user behavior
Feature usage analytics
Performance monitoring

Google Analytics 4

We use Google Analytics 4 (Measurement ID: G-H30WPG18EV) to understand how visitors use our Service. Google Analytics collects:

Pages you visit and time spent on each page
Your approximate location (city/country level)
Device type, browser, and screen resolution
How you found our site (search engine, direct, referral)
User interactions and conversion events

Google signals:

When enabled, Google may collect aggregated demographics data (age range, gender, interests) from users who have enabled "Ads Personalization" in their Google account. This data:

Provides anonymized, aggregated insights about our audience
Enables cross-device tracking for logged-in Google users who consent
May be used for remarketing features in Google Ads
Is subject to Google's Privacy Policy: policies.google.com/privacy

How to opt-out: You can opt-out of personalized advertising by visiting adssettings.google.com or by disabling analytics cookies in your browser settings.

Managing Cookie Consent

When you first visit our website, you'll see a cookie consent banner asking you to accept or reject analytics cookies. Your choice is stored in your browser's local storage.

How to change your cookie preferences:

Clear your consent choice: Open your browser's Developer Console (F12), go to Application → Local Storage → pressonify.ai, and delete the pressonify_analytics_consent key. Refresh the page to see the banner again.
Browser settings: You can block cookies entirely through your browser settings (Chrome, Firefox, Safari, Edge all have cookie management options).
Google opt-out: Visit tools.google.com/dlpage/gaoptout to install the Google Analytics opt-out browser add-on.

Note: Disabling essential cookies may prevent you from using certain features of the Service, such as staying logged in to your account.

9. Third-Party Services

We use the following trusted third-party services:

Google Analytics 4: Website analytics and user behavior tracking (see Section 8 for details)
Cloud Infrastructure: Enterprise-grade database, authentication, and hosting (GDPR compliant)
Stripe: Payment processing (PCI DSS Level 1 certified)
AI Services: Content optimization with privacy safeguards and data processing agreements
Cloudflare: CDN, security, and DDoS protection

Each of these providers has their own privacy policies and data protection measures. We ensure all providers comply with GDPR standards.

10. International Data Transfers

Your information may be transferred to and processed in countries outside your own, including the United States and EU. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements (DPAs) with all third-party processors
Compliance with GDPR Chapter V requirements
Regular assessments of data protection adequacy

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it immediately.

12. AI & Data Processing

When you use our AI features, your press release content may be sent to third-party AI providers (OpenAI, Anthropic) for processing:

AI providers do not use your content to train their models
Data is transmitted securely using encryption
We have data processing agreements with all AI providers
You can opt-out of AI features if you prefer

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours (GDPR requirement)
Inform relevant supervisory authorities as required by law
Provide details about the breach and our response
Offer guidance on protective measures you can take

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will:

Notify you via email for material changes
Display a prominent notice on the Service
Update the "Last updated" date at the top of this policy
Provide a 30-day notice period before changes take effect

15. Contact & Data Protection Officer

For privacy-related questions, concerns, or to exercise your rights, contact:

Data Protection Officer

Email: [email protected]

GDPR Requests: [email protected]

Location: Ireland (EU)

16. Supervisory Authority

If you are located in the EU/EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Ireland: Data Protection Commission
Website: dataprotection.ie

Your Privacy is Important

We are committed to protecting your privacy and handling your data responsibly. If you have any questions or concerns, please don't hesitate to contact us. We will respond to all privacy inquiries within 30 days.