Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy describes how SetterAI ("we", "us", "our") collects, uses, stores, and shares information when you use our platform at setter.adrianzielinski.com and related services.

SetterAI is operated by Adrian Zielinski, NIP: [YOUR_NIP], based in Poland.

1. Information We Collect

Information You Provide

When you create an account and use our services, we collect:

  • Account information: name, email address, password
  • Payment information: processed securely through Stripe (we do not store card details)
  • Organization settings: AI configuration, conversation preferences, custom prompts
  • Instagram account data: when you connect your Instagram Business or Creator account through Facebook Login, we receive your Instagram page ID, access token, and basic profile information

Information Collected Through Instagram Integration

When you connect your Instagram account and use our messaging features, we process:

  • Direct Messages (DMs): content of incoming and outgoing messages between you and your contacts
  • Contact information: Instagram usernames, profile names, and publicly available profile data of people who message your account
  • Conversation metadata: timestamps, message status, delivery confirmations
  • Media content: images, audio messages, and other media shared in conversations (processed temporarily, not permanently stored from Instagram CDN)

Information Collected Automatically

  • Usage data: pages viewed, features used, interaction patterns within our dashboard
  • Device information: browser type, operating system, IP address
  • Cookies: essential cookies for authentication and session management

2. How We Use Your Information

We use collected information to:

  • Provide our core service: process incoming Instagram messages and generate AI-assisted response suggestions for your review
  • AI response generation: your conversation history and AI settings are used to generate contextually relevant response suggestions using third-party AI models (Anthropic Claude, Google Gemini, OpenAI)
  • Follow-up management: schedule and manage follow-up messages based on your configured settings
  • Dashboard functionality: display conversations, analytics, and settings in your dashboard
  • Billing: process subscription payments and manage your plan
  • Service improvement: analyze usage patterns to improve our platform
  • Support: respond to your questions and technical issues

AI Processing Disclosure

SetterAI uses artificial intelligence (AI) to assist in generating message responses. Specifically:

  • AI models process conversation context to suggest relevant replies
  • AI-generated suggestions are available for human review before sending
  • You maintain full control over AI settings, including the ability to disable AI per contact
  • AI processing is performed by third-party providers (Anthropic, Google, OpenAI) under their respective data processing agreements
  • We do not use your conversations to train AI models

3. Information Sharing

We share your information only in the following circumstances:

  • AI Service Providers: conversation data is sent to AI model providers (Anthropic, Google, OpenAI) solely for generating response suggestions. These providers process data under strict data processing agreements and do not use your data for model training.
  • Infrastructure Providers: we use Supabase (database), Railway (backend hosting), and Vercel (frontend hosting) to operate our service. Data is processed according to their respective privacy policies and DPAs.
  • Payment Processing: Stripe processes all payment transactions. We do not store your credit card information.
  • Legal Requirements: we may disclose information if required by law, regulation, or legal process.
  • With Your Consent: we may share information when you explicitly authorize us to do so.

We do not sell your personal information to third parties.

4. Instagram Data Handling

Regarding data obtained through the Instagram API:

  • We access Instagram data only with permissions you explicitly grant through Facebook Login
  • We process DM content solely to provide our messaging service
  • We do not cache or permanently store media URLs from Instagram's CDN
  • We do not use Instagram data for advertising, profiling, or purposes unrelated to our service
  • We comply with Meta's Platform Terms and Instagram's API Terms of Use
  • You can revoke our access to your Instagram data at any time by disconnecting your account in Settings or through Facebook's app permissions

5. Data Retention

  • Account data: retained while your account is active and for 30 days after deletion
  • Conversation data: retained while your account is active. You can request deletion at any time.
  • AI processing logs: retained for up to 90 days for debugging and service quality
  • Payment records: retained as required by applicable tax and accounting laws
  • Backup data: removed within 30 days of primary data deletion

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Database access restricted with row-level security (RLS) policies
  • API authentication using secure tokens
  • Access tokens encrypted at rest
  • Regular security reviews and updates

7. Your Rights (GDPR / RODO)

Under the General Data Protection Regulation (GDPR/RODO), you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate personal data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Restriction: request limitation of processing
  • Data portability: receive your data in a machine-readable format
  • Object: object to processing of your personal data
  • Withdraw consent: withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. Data Deletion

You can request complete deletion of your data by:

  1. Deleting your account through Settings in the dashboard
  2. Contacting us at privacy@adrianzielinski.com

Upon deletion request, we will remove all your personal data, conversation history, AI settings, and connected account information within 30 days.

9. International Data Transfers

Your data may be processed in the European Union and United States (where our infrastructure providers operate). All transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs).

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our dashboard. Continued use of our services after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

Email: privacy@adrianzielinski.com

Company: Adrian Zielinski | NIP: [YOUR_NIP]

Address: [YOUR_BUSINESS_ADDRESS]

Data Protection: For GDPR-related inquiries, contact privacy@adrianzielinski.com