Privacy Policy

Service provider: STANMAR Konzalting j.d.o.o. Registered address: Trg Drage Iblera 10, 10000 Zagreb, Hrvatska. OIB: 61861416110. Contact email: promio.business@gmail.com.

For GDPR purposes, PromioAgent acts as a controller for account, billing, security, and service administration data. For content that customers upload or instruct us to publish on their behalf, PromioAgent may also act as a processor under the customer's instructions.

Account data: email address, authentication data, business name, business type, preferences, subscription status, and support messages.

Content data: uploaded business images, generated captions, scheduled posts, chat instructions, agent memory, approval status, and publish logs.

Connection data: Facebook, Instagram, and Meta identifiers, page/account names, access tokens, token expiry dates, and publish result IDs.

Billing data: Stripe customer ID, subscription ID, plan, trial/active/cancel status, billing portal events, and payment status. Card data is processed by Stripe and is not stored by PromioAgent.

Context data: location label, coordinates if provided, weather context, local event context, and Google Places information if enabled.

To create and manage your account, provide the SaaS service, generate and schedule social posts, publish content to connected channels, send approval emails, process subscriptions, prevent abuse, maintain security, and comply with legal obligations.

Legal bases may include contract performance, legitimate interest, legal obligation, and consent where required, for example for optional integrations or non-essential cookies.

PromioAgent uses third-party providers to run the service, including Supabase for authentication, database, and storage; Vercel for hosting; Stripe for payments; Resend for emails; OpenAI for AI generation; Meta/Facebook/Instagram for social login and publishing; Google Maps/Places for location context; Open-Meteo for weather context; and Ticketmaster/local event APIs if event-aware context is enabled.

These providers may process data in the EU, EEA, United States, or other countries. Where required, appropriate transfer mechanisms such as Standard Contractual Clauses should be used.

We keep account and billing records for as long as required to provide the service and comply with legal/accounting obligations. Uploaded images, scheduled posts, chat instructions, and generated content are kept while the account is active unless deleted earlier by the customer or required for security/legal reasons.

When an account is deleted, PromioAgent should delete or anonymize service data unless retention is legally required.

Depending on applicable law, you may request access, correction, deletion, restriction, portability, or objection to processing of your personal data.

Requests can be sent to promio.business@gmail.com. You may also contact the Croatian Personal Data Protection Agency (AZOP) if you believe your rights have been violated.

PromioAgent uses authentication, backend authorization checks, environment secrets, provider security controls, and access restrictions to protect user data. No online service can guarantee perfect security, but we work to reduce risk and respond to incidents responsibly.