Introduction
Welcome to Wingman, an AI-powered content generation and scheduling service provided by Jobtepi Ventures ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our AI-powered thread generation, scheduling, and automated posting features for social media platforms.
Important: By using Wingman, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please do not use our service.
Information We Collect
Account Information
When you create an account, we collect:
- •Full name and display name
- •Email address (used as primary identifier)
- •Profile picture (optional)
- •Password (securely hashed using industry-standard bcrypt)
- •Authentication tokens and session data
Social Media Connections
To provide our core functionality, we require access to your social media accounts:
- •Threads profile information (username, bio, avatar)
- •Instagram profile (when connected to Threads)
- •Authentication tokens for posting on your behalf
- •Your posting history and engagement metrics (with your permission)
- •Content you create or schedule through Wingman
OAuth Integration: We use secure OAuth 2.0 protocols. Your social media credentials are never stored on our servers—we only store access tokens issued by the platforms.
AI Interaction & Content Data
Data processed through our AI features:
- •Thread prompts and topics you provide
- •Style preferences and tone settings
- •Generated content and drafts
- •Scheduling preferences and timestamps
- •Performance analytics of your posts
Payment Information
For paid subscriptions, we process payments through Stripe:
- ✓Payment card details are NEVER stored on our servers
- ✓All payment processing is handled securely by Stripe
- ✓We receive only: transaction ID, amount, currency, billing email
- ✓Stripe is PCI DSS Level 1 certified
Automatically Collected Information
Technical data collected automatically:
- •IP address (anonymized when possible)
- •Browser type, operating system, device identifiers
- •Pages viewed, time spent, click patterns
- •Referring source and campaign tracking
- •Error logs and crash reports
How We Use Your Information
We use your information for the following purposes:
Service Delivery
Generate AI-powered threads, schedule posts, and automate content publishing to connected social media accounts.
Account Management
Create and manage your account, authenticate your identity, and provide customer support.
AI Training & Improvement
Improve our AI models using anonymized and aggregated data. We do NOT use your private content to train models without explicit consent.
Analytics & Performance
Analyze engagement metrics, optimize scheduling, and provide insights on your content performance.
Security & Fraud Prevention
Detect, prevent, and respond to fraudulent or unauthorized activity, protect against abuse.
Communications
Send you important updates about your account, service changes, and marketing communications (which you can opt out of).
Legal Compliance
Comply with legal obligations, enforce our terms, and protect our rights and property.
Data Sharing & Third Parties
We respect your privacy and do not sell your personal information to third parties. We may share your data only in the following circumstances:
Social Media Platforms
We share content with Threads/Instagram APIs only when you explicitly choose to publish or schedule a post. This includes:
- • The actual thread content you generate
- • Scheduled posting timestamps
- • Media attachments (images, videos)
Service Providers
We work with trusted third-party service providers who assist us in operating our service:
- • Stripe — Payment processing (PCI DSS Level 1 certified)
- • Cloud Infrastructure Providers — Hosting and data storage (AWS/Vercel)
- • AI API Providers — Content generation (OpenAI, Anthropic, etc.)
- • Analytics Services — Product usage analytics (PostHog, Plausible)
All providers are contractually bound to protect your data and use it only for the specified purposes.
Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests from authorities, court orders, or to protect our rights, property, or safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity. You will be notified via email prominently before any such transfer.
Data Security
We implement industry-standard security measures to protect your information:
Encryption in Transit
All data is transmitted using TLS 1.3 encryption
Encryption at Rest
Data is encrypted using AES-256 standards
Authentication
Multi-factor authentication (MFA) available
Access Controls
Role-based access with principle of least privilege
Regular Audits
Periodic security audits and penetration testing
Data Backup
Secure, redundant backups with disaster recovery
Important: Despite our safeguards, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
AI and Content Processing
Wingman uses advanced AI models to generate content. Here's what you need to know:
What We Send to AI Providers
- • Your prompts and content requests
- • Style preferences and tone settings
- • Contextual information needed for generation
Data Retention
- • Generated content is stored in your account for your reference
- • Raw AI model inputs are not permanently stored by AI providers
- • Chat history and drafts are retained until you delete them
AI Training
- • AI providers may use API inputs for training by default
- • We offer an option to opt out of data training (contact support)
- • We do NOT use your private conversations to train our custom models
Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
Access
Request a copy of the personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request deletion of your personal data (right to be forgotten)
Portability
Request your data in a structured, machine-readable format
Objection
Object to processing of your personal data
Restriction
Request that we limit how we use your data
Withdraw Consent
Withdraw consent at any time where processing is based on consent
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@wingman.app. We will respond to your request within 30 days.
Data Retention
We retain your personal information for different periods depending on the purpose:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Generated content | Until you delete it or account closure |
| Payment records | 7 years (legal requirement) |
| Analytics data | 24 months (anonymized after 13 months) |
| Support tickets | 3 years after resolution |
Children's Privacy
Wingman is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including the use of Standard Contractual Clauses (SCCs) for transfers from the EEA.
California Consumer Privacy Act (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- Right to Know: Information about the categories of personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights
GDPR Compliance (EU/UK)
For users in the European Union and United Kingdom, we comply with the General Data Protection Regulation (GDPR):
- • Contract performance
- • Legitimate business interests
- • Consent (where applicable)
- • Legal obligations
- • Right to be informed
- • Right of access
- • Right to rectification
- • Right to erasure
- • Right to restrict processing
- • Right to data portability
- • Right to object
EU/UK Data Protection Representative: Contact us at privacy@wingman.app
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience:
| Cookie Type | Purpose |
|---|---|
| Essential Cookies | Authentication, security, core functionality |
| Preference Cookies | Remember your settings and choices |
| Analytics Cookies | Understand how you use our service |
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect functionality.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We will also send you an email notification for material changes. We encourage you to review this policy periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We will respond to legitimate inquiries within 30 days of receipt.