Privacy Policy
Last updated: July 9, 2026
This policy explains what data Occasely collects, why we collect it, and the choices you have. The short version: we collect what we need to run the Service, we never sell your data, and your social account credentials are encrypted and never shared.
1. Data we collect
- Account details: your name and email address.
- Brand profile: your business name, category, tone of voice, links, and any images or assets you upload.
- Social account tokens: the credentials that let us publish to your connected channels. They are encrypted at rest and never shared with anyone.
- Content: the briefs you write and the posts generated for you.
- Usage metrics: how you use the Service, including AI generation logs, so we can enforce plan limits and keep the product reliable.
2. How we use your data
- To provide the Service: drafting, scheduling, and publishing your posts, and showing your content calendar.
- AI generation: we use third-party model providers to generate content. Your briefs and brand context are sent to AI providers such as Google and Anthropic to produce your posts. We do not use your data to train models.
- Payments: subscriptions are processed by Razorpay. We never store your card or UPI details — they go directly to Razorpay.
- Service communication: emails about your account, billing, and important product changes.
3. Legal bases and compliance
For users in India, we process personal data in line with the Digital Personal Data Protection Act, 2023 (DPDP Act) — on the basis of your consent and the legitimate uses the Act recognises. For international users at our global launch, we will process personal data in accordance with the GDPR, relying on contract performance and legitimate interests as applicable.
4. Data retention and deletion
We keep your data for as long as your account is active. If you delete your account, your personal data — including brand profile, social tokens, briefs, and generated posts — is removed within 30 days, except where the law requires us to keep specific records (for example, billing records for tax purposes). You can also request deletion by emailing hello@occasely.com.
5. Security
- Social account tokens are encrypted at rest with keys managed separately from the database.
- Each customer’s data is isolated with database row-level security, so one workspace can never read another’s data.
- Access to production systems is restricted and logged. If you find a security issue, please report it to hello@occasely.com.
6. Cookies & analytics
We use essential session cookies — the ones that keep you signed in — and Google Analytics to understand how the product is used (pages visited, approximate location, device type) so we can improve it. Google Analytics sets its own cookies; you can opt out with the Google Analytics opt-out browser add-on. We do not use advertising trackers.
7. Your rights
You can, at any time:
- request access to the personal data we hold about you;
- ask us to correct inaccurate data;
- ask us to delete your data (see section 4);
- withdraw consent for processing that relies on it.
To exercise any of these rights, email hello@occasely.com. Our Grievance Officer under the DPDP Act is [name and contact to be appointed]; until then, the same address reaches the team responsible for data protection.
8. Children
Occasely is a business tool and is not intended for anyone under 18. We do not knowingly collect personal data from children; if you believe we have, contact us and we will delete it.
9. Changes to this policy
We may update this policy as the product and the law evolve. We will post updates here with a new “Last updated” date, and notify you by email or in the app if a change is material.
10. Contact
Questions about privacy at Occasely? Write to us at hello@occasely.com.
This document is a beta-stage template and is undergoing formal legal review.