Legal · Effective 2026-05-30

Privacy Policy

Draft — pending legal review. This document reflects how the product currently handles your data and is published in good faith, but it has not yet been reviewed by qualified counsel. Bracketed [TBD] markers indicate fields that still require a legal decision (entity name, jurisdiction, hosting region, payment processor). Do not treat as final.

This Privacy Policy explains what personal information Virentiq (“virentiq.ai”, “we”, “us”) collects when you use the service at virentiq.ai and our application subdomains, why we collect it, who else processes it on our behalf, and the choices you have. We follow GDPR and CCPA principles for all users worldwide, not only those in regulated jurisdictions.

1. Who we are

Virentiq operates virentiq.ai, an AI-powered platform that drafts and publishes LinkedIn posts on your behalf using your own Bring-Your-Own-Key Anthropic (Claude) API access. The data controller for the purposes of GDPR is [LEGAL ENTITY NAME & REGISTERED ADDRESS — TBD: pending legal review]. Contact us at [email protected].

2. The data we collect

We collect only what we need to operate the product for you:

  • Account data — your name, email address, and a hashed password (or third-party-auth identifier) supplied when you sign up.
  • Workspace and persona data — your niche, audience, voice settings, rotation angles, and any persona inputs from the onboarding wizard.
  • Content data — RSS sources you configure, drafts we generate for you, published posts, and the metadata (timestamps, statuses) attached to them.
  • Connection credentials — OAuth access and refresh tokens issued to us by LinkedIn when you connect your account, held only in encrypted form. We do not receive or store your LinkedIn password.
  • Your Anthropic API key — when you supply one in Settings, it is encrypted at rest using authenticated encryption and is decrypted only inside the request path that issues an Anthropic API call on your own behalf. It is never shared with, billed against, or used to serve any other account.
  • Usage counters — post counts and quota usage tied to your workspace, so we can enforce plan limits.
  • Billing data — if you upgrade, our payment processor ([PAYMENT PROCESSOR — TBD]) handles your card details directly; we only receive a customer identifier, plan, and invoice metadata.
  • Operational telemetry — request logs, error traces, and basic metrics from our servers, shipped to Better Stack for uptime and debugging. These contain technical identifiers (user IDs, workspace IDs, IP addresses, user-agent strings) but not post bodies or persona content.
  • Site analytics — on our marketing site we use Google Analytics 4 with anonymized IPs and the CookieYes consent platform to gate non-essential cookies (see our Cookie Policy).

3. Why we use it

We use this data only to provide the service you signed up for: to authenticate you, draft and publish posts you have configured, enforce your plan’s quota, send you transactional emails (sign-in links, billing receipts, security notices), and protect the platform from abuse. We rely on the legal bases of contract (operating the service you bought), legitimate interest (security, fraud prevention, debugging), and consent (non-essential cookies and any marketing email you explicitly opt into).

4. AI inference and your prompts

When the platform drafts a post, your persona inputs and the source article being rewritten are sent to Anthropic’s API using your own API key. Anthropic processes those prompts under Anthropic’s Privacy Policy and Commercial Terms. We do not retain prompt or response bodies beyond what is needed to render the draft back to you and store it in your workspace. We do not use your data to train any AI model, ours or anyone else’s, and we do not share your data with third parties for advertising or profiling.

5. Sharing with third parties

We share data only with the processors strictly required to run the service:

  • Anthropic — AI inference, called with your own API key.
  • LinkedIn — publishing posts via the LinkedIn Marketing API under the OAuth scopes you authorize.
  • Better Stack — log and metric aggregation for uptime and incident response.
  • Google Analytics — aggregated site usage on the marketing site, consent-gated via CookieYes.
  • CookieYes — cookie-consent management on the marketing site.
  • Our cloud infrastructure provider ([PROVIDER — TBD]) — hosting of the application and database.
  • Our payment processor ([PROCESSOR — TBD]) — only for paid plans.

We do not sell your personal data, and we do not share it with brokers, ad networks, or any party not listed above. We may disclose data when compelled by valid legal process; where the law allows we will notify you first.

6. Where your data is stored

Application data is stored in [REGION — TBD, e.g. EU/US] on managed Postgres. Backups are encrypted at rest and retained on a rolling basis. If you are outside the storage region, transfers occur under Standard Contractual Clauses or equivalent safeguards.

7. How long we keep it

  • Account, workspace, and persona data — for the lifetime of your account.
  • Drafts and published posts — until you delete them or close the account.
  • OAuth tokens and API keys — until you disconnect the integration or delete the key.
  • Logs and operational telemetry — up to 30 days, then deleted on a rolling basis.
  • Billing records — retained as long as required by tax law in our jurisdiction.

When you delete your account, we delete or anonymize all personal data within 30 days, except records we are legally required to keep.

8. Security

Traffic is encrypted in transit (TLS). Secrets — your Anthropic API key, LinkedIn OAuth tokens, and equivalent — are encrypted at rest using authenticated encryption with keys held outside the application database. Access to production systems is restricted to a small set of named engineers and is audit-logged. No system is perfectly secure; if we detect a breach affecting your data we will notify you and the appropriate regulator without undue delay.

9. Your rights

Regardless of where you live, you can ask us to: (a) confirm what we hold about you, (b) export it in a portable format, (c) correct it if it is wrong, (d) delete it, (e) restrict or object to specific processing, and (f) withdraw any consent you previously gave. We will respond within 30 days. EU/UK users have the right to lodge a complaint with their local supervisory authority. California residents have CCPA-equivalent rights (right to know, delete, correct, opt out of “sale” — we do not sell data, but you may still exercise the right). Email [email protected] to exercise any of these.

10. Children

The service is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has signed up, email [email protected] and we will remove the account.

11. Automated decisions

virentiq.ai uses AI to draft post text on your behalf, but every post is either reviewed by you (draft-first mode) or published under autopilot rules you explicitly configured. We do not make legal or significant automated decisions about you within the meaning of GDPR Article 22.

12. Changes

We may revise this Policy as the product evolves. If we make material changes we will notify you by email and post a notice in the app at least 30 days before the change takes effect. The current version’s effective date is shown at the top of this page.

13. Contact

Questions, requests, or complaints: [email protected]. We plan to introduce dedicated [email protected] and [email protected] mailboxes; until then, the support address is routed to a human who can handle privacy matters.