Sjenkie B.V. ("we", "us", "our") operates PattrIQ. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

Information you provide:

• Email address (for authentication and communication)
• Social media post data you choose to import for analysis
• Brand profile details (tone of voice, topics, audience)
• Campaigns, content plans, and drafts you create
• Feedback and support communications

Information from connected accounts:

If you choose to connect a third-party account (such as X/Twitter, LinkedIn, or BookmarksIQ) via OAuth, we may receive the following data, depending on the permissions you authorize:

• Your public profile information (username, display name, account ID)
• Your public posts and their engagement metrics (likes, reposts, replies, impressions)
• OAuth access and refresh tokens (stored encrypted at rest; see Section 6)

We access only the data you authorize during the OAuth consent flow. The legal basis for this processing is your explicit consent (GDPR Article 6(1)(a)) when connecting the account. You can disconnect at any time from your Account settings, which immediately deletes your stored tokens and revokes our access.

Information collected automatically:

• Usage data (features used, interactions with the Service)
• Device information (browser type, operating system)
• Log data (IP address, access times)

We use your information to:

• Provide and maintain the Service
• Authenticate your identity
• Process and analyze your imported post data
• Power AI-driven pattern detection, strategy, ideation, and draft generation
• Send important service notifications (e.g. authentication codes, billing receipts)
• Send product onboarding and lifecycle emails triggered by your in-product activity (e.g. setup reminders, analysis completion notifications). These emails include an unsubscribe link and you can opt out at any time.
• Respond to your requests and support inquiries
• Improve and optimize the Service

PattrIQ uses AI services to analyse posts, detect patterns, generate strategies, ideas, content plans, and post drafts.

What data is processed by AI:

• Post text content from your imported datasets
• Brand profile information
• Content preferences and strategy context

AI Service Providers:

We use OpenRouter API for text generation, which may route requests to sub-processors including:

• Anthropic (Claude models)
• Google (Gemini models)
• OpenAI (GPT models)

For AI image generation, we use Replicate (Recraft V4 model). Image generation prompts and brand context are sent to Replicate to produce visuals for your social media posts. Generated images are stored in DigitalOcean Spaces (object storage) and optimized server-side before delivery.

How your data is protected:

• Data is sent to AI providers only to process your request and deliver features
• We configure provider settings to restrict model training where available, and rely on provider terms for handling and retention
• Data is encrypted in transit (HTTPS/TLS)

We do not sell your personal information. We may share data with:

• Service providers who assist in operating the Service (hosting, AI processing)
• Legal authorities when required by law
• Third parties in connection with a merger, acquisition, or sale of assets

For a full list of our third-party vendors, see our Subprocessors page.

Third-Party Data Processors:

We implement appropriate technical and organizational measures to protect your personal information:

Encryption

• In Transit: All data is encrypted using TLS (HTTPS)
• Authentication Tokens: Securely stored with cryptographic best practices
• OAuth Tokens: Third-party access and refresh tokens (e.g. X/Twitter) are encrypted at rest using AES-256-GCM with server-side keys and are never exposed to client-side code

Access Controls

• Passwordless authentication via secure 6-digit email verification codes
• HttpOnly session cookies (not accessible to JavaScript)
• Rate limiting to prevent brute-force and abuse

We retain different types of data for different periods:

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

PattrIQ uses strictly necessary cookies that are essential for the application to function, and - with your consent - optional analytics cookies to help us understand how the application is used.

Essential Cookies

These cookies are required for the Service to function and cannot be disabled. Under the ePrivacy Directive (Article 5(3)), consent is not required for strictly necessary cookies.

Analytics Cookies (optional)

If you consent, we use Google Analytics 4 to collect anonymized usage data. These cookies are only set after you give explicit consent via our cookie banner. IP anonymization is enabled.

Cookie Consent Banner

When you first visit PattrIQ, a consent banner lets you Accept all cookies, Reject non-essential cookies, or Manage preferences individually. Your choice is recorded and stored in the spa_consent cookie. You can change your preferences at any time from your Account → Privacy & Data settings.

How to Control Cookies

You can control and delete cookies through your browser settings. Please note that disabling the session cookie will prevent you from signing in.

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

Third-Party Cookies

The only third-party cookies on PattrIQ are the Google Analytics cookies listed above, and they are only loaded if you consent. We do not use advertising, marketing, or social media tracking cookies.

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

The Service is not intended for users under 16 years of age, unless local law permits a lower minimum age with required parental or guardian consent. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately at privacy@pattriq.com.

Your data may be transferred to and processed in countries other than your own. Where required, we implement safeguards intended to meet applicable data protection requirements, such as contractual protections and access controls.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The updated policy will be effective upon posting.

For questions about this Privacy Policy or our data practices, please contact us at:

• Email: privacy@pattriq.com