Privacy Policy

Last updated: February 24, 2026

This Privacy Policy explains how Borker (“we,” “us,” or “our”) collects, uses, and protects your information when you use our AI-powered content generation and social media management service (“Service”).

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, and authentication credentials when you create an account
  • Workspace Information: Organization name, team settings, and workspace configuration when you create or join a workspace
  • API Keys: Third-party API keys you provide for AI services (Anthropic), publishing platforms (Postiz, Paragraph), and other integrations. These are encrypted at rest using AES-256-GCM
  • Team Data: Email addresses and assigned roles of team members you invite to your workspace
  • Payment Information: We do not store credit card details directly. Payment information is collected and processed by Stripe, our payment processor, subject to their privacy policy
  • Brand Voice Data: Writing samples, tone preferences, topics, and other content you provide to configure your brand voice
  • Content: Posts you create, edit, approve, or schedule through the Service, including AI-generated content
  • Connected Accounts: OAuth tokens and profile information from social platforms you connect (X, LinkedIn, Farcaster)
  • Communications: Messages you send us through the in-app support form or other channels

1.2 Information Collected Automatically

  • Usage Data: Features used, content generated, actions taken, and interaction patterns within the Service
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Access times, pages viewed, error logs, and referring URLs
  • Performance Data: Page load times, API response times, and error rates for service reliability

1.3 Information from Third Parties

  • Social Platforms: Public profile information and account metadata from connected platforms
  • News Sources: Publicly available articles and content used for the news monitoring feature
  • Payment Processor: Transaction confirmation and billing status from Stripe

2. How We Use Your Information

We use your information to:

  • Provide the Service: Generate content, schedule posts, and manage your social media workflows
  • Personalize Content: Use your brand voice configuration and preferences to generate content that matches your style
  • Improve the Service: Analyze usage patterns to enhance features, fix bugs, and improve user experience
  • Process Payments: Verify transactions, manage subscriptions, and handle billing
  • Communicate: Send transactional emails (billing receipts, workflow notifications, approval requests), respond to support inquiries, and provide service updates
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with Law: Meet legal obligations and respond to lawful requests from authorities

3. AI and Content Processing

3.1 How AI Uses Your Data

We use AI models (including Claude by Anthropic) to generate content based on your inputs. When you use the Service:

  • Your brand voice configuration, content preferences, and topic selections are sent to AI providers to generate personalized content
  • News articles and topics you select are processed to create relevant posts
  • Your API key is used to authenticate with the AI provider directly

3.2 What We Do Not Do

  • We do not use your content or brand data to train AI models
  • We do not share your content with other users or workspaces
  • We do not use your content for marketing without explicit consent

3.3 AI Provider Data Practices

Our AI providers have their own privacy policies. Anthropic (Claude) does not use API inputs to train their models. We select providers that align with strong privacy practices. For details, see Anthropic's Privacy Policy.

4. Information Sharing

We do not sell, rent, or trade your personal information. We may share information with:

4.1 Service Providers

  • AI Providers: Anthropic (Claude) for content generation, using your own API key
  • Payment Processor: Stripe for payment processing and subscription management
  • Email Provider: Resend for transactional emails (notifications, invitations)
  • Cloud Infrastructure: Hosting, database, and storage providers for operating the Service

4.2 Social Platforms

When you publish content, it is shared with the platforms you've connected (X, LinkedIn, Farcaster, Paragraph) according to their respective terms and privacy policies.

4.3 Legal Requirements

We may disclose information when we believe in good faith that disclosure is required by law, legal process, or government request, or to protect our rights, property, safety, or that of our users.

4.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice before your information becomes subject to a different privacy policy.

5. Data Retention

  • Account Data: Retained while your account is active, plus 30 days after a deletion request to allow for recovery
  • Generated Content: Retained until you delete it or close your account
  • Usage Logs: Retained for up to 12 months for analytics, debugging, and security purposes
  • Payment Records: Retained as required by tax and financial regulations (typically 7 years)
  • Support Communications: Retained for the duration of your account plus 12 months

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/HTTPS) and at rest
  • API keys encrypted using AES-256-GCM before storage
  • Secure authentication via Supabase Auth with email verification
  • Role-based access controls within workspaces
  • Row-level security on database tables
  • All administrative access is logged and auditable

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and API keys.

7. Your Rights and Choices

7.1 Access and Portability

You can access your data through your account dashboard. You may request a copy of your data in a portable format by contacting us.

7.2 Correction

You can update your account information, brand voice settings, and workspace configuration at any time through the Service.

7.3 Deletion

You can request deletion of your account and associated data by contacting us. Some data may be retained as required by law or for legitimate business purposes (e.g., payment records, fraud prevention). Workspace data you contributed may be retained by the workspace owner.

7.4 Opt-Out

  • Marketing Emails: Unsubscribe via the link in any marketing email. Transactional emails (billing, security, workflow notifications) cannot be opted out of while your account is active.
  • Analytics: Use browser Do Not Track settings where supported

7.5 Connected Accounts

You can disconnect social media accounts at any time through the Service settings. This revokes our access but does not delete content already published to those platforms.

8. International Data Transfers

We are based in the United States. If you use the Service from outside the US, your information may be transferred to and processed in the US or other countries where our service providers operate. By using the Service, you consent to these transfers. We use appropriate safeguards for international data transfers as required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of sale or sharing of personal information (we do not sell or share your data for cross-context behavioral advertising)
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us through the in-app support form or on X (@borkerxyz). We will verify your identity before processing requests.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, you have rights including:

  • Access to your personal data
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Withdrawal of consent at any time

Our legal bases for processing include: performance of our contract with you (providing the Service), legitimate interests (improving the Service, ensuring security), compliance with legal obligations, and your consent where applicable.

To exercise your rights, contact us through the in-app support form. You also have the right to lodge a complaint with your local data protection authority.

11. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Functions: Authentication, session management, and security (required for the Service to function)
  • Workspace Context: Remembering your active workspace across sessions
  • Preferences: Remembering your settings and choices

We do not currently use third-party advertising cookies or cross-site tracking. You can manage cookies through your browser settings. Disabling essential cookies will prevent you from using the Service.

12. API Keys You Provide

When you provide API keys for third-party services (Anthropic, Postiz, Paragraph):

  • Keys are encrypted at rest using AES-256-GCM before storage
  • Keys are only decrypted when making API calls on your behalf
  • We do not share, log, or expose your API keys
  • You can delete your API keys at any time through Settings
  • API usage is billed directly by the third-party provider, not by us

13. Team and Workspace Data

If you create or join a workspace with team members:

  • Workspace owners and admins can see all content, settings, and activity within the workspace
  • Team members can see content based on their assigned role permissions
  • Workspace data is isolated from other workspaces
  • Deleting your account removes you from all workspaces but does not delete workspace data you contributed (this remains owned by the workspace)

14. Administrative Access

For customer support and operational purposes, our team may:

  • Access your account and workspace data to diagnose and resolve issues
  • Temporarily view your account as you see it for troubleshooting

All administrative access is:

  • Logged with timestamps and reasons
  • Restricted to authorized personnel only
  • Performed only when you contact us for support, we detect potential security issues, or as required for legal compliance

You may request access logs for your account by contacting us.

15. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect information from children under 18. If we learn we have collected personal data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on the Service at least 30 days before taking effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

17. Contact Us

Questions about this Privacy Policy or your data? Reach out through the support form in your account settings, or contact us on X (@borkerxyz).

For data deletion requests or privacy concerns, please include “Privacy Request” in your message and provide the email address associated with your account. We will respond within 30 days.