Start for free
Legal

Privacy Policy

This Privacy Policy explains how A21 Reports Ltd. collects, uses, stores, and protects your personal information when you use A21 Social and its services.

Effective Date: February 9, 2026

Last Updated: February 9, 2026

This Privacy Policy describes how A21 Reports Ltd. ("we", "us", "our"), a company registered in Bulgaria, collects, uses, and protects your personal data when you use A21 Social (accessible at a21social.com) and related services (the "Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Bulgarian and EU data protection laws.

By using the Service, you agree to the collection and use of information as described in this policy.

1. Data Controller

The data controller responsible for your personal data is:

A21 Reports Ltd. bul. Cherni Vrah 47, 1407 Sofia, Bulgaria Email: hello@a21social.com

For any questions or requests regarding your personal data, please contact us at the email above.

We have not appointed a Data Protection Officer as it is not mandatory for our organization under Art. 37 GDPR. For data protection inquiries, contact us at the email above.

2. Information We Collect

2.1 Account Information

When you register or log in, we collect:

  • Email address and password (for email/password registration)
  • Name and email address (from social login providers)
  • Profile photo (from social login providers, if available)

2.2 Social Login Data

We support login via Google and Facebook. When you use a social login, we receive basic profile information from the respective provider (name, email, profile photo). We do not receive or store your social media passwords.

2.3 Billing Information

When you subscribe to a paid plan, your payment information is processed by a third-party payment processor. We do not store your full credit card details on our servers. We may store billing-related metadata such as your billing address, subscription status, and invoice history.

2.4 Dealer-Provided Content

If you are a dealer using the Service, you may provide website URLs from which our automated systems extract information to generate video content. This may include text, images, pricing, product descriptions, and other publicly available information from those URLs.

2.5 Usage Data and Analytics

We automatically collect data about how you interact with the Service, including:

  • Pages visited and features used
  • Device type, browser type, and operating system
  • IP address and approximate location
  • Session duration and interaction patterns

2.6 Social Media Posting Data

When you connect your social media accounts (Facebook, Instagram, TikTok) for automated posting, we may access and store authentication tokens and basic account information necessary to publish content on your behalf.

2.7 Whether Data Provision Is Required

Providing your email address and creating an account is necessary to use the Service (contractual requirement). If you do not provide this data, you cannot use the Service. Providing social login data and connecting social media accounts is optional.

3. Purposes, Legal Basis, and Retention (GDPR Art. 13)

The following table describes each purpose for which we process your personal data, the specific data involved, the legal basis, and the retention period:

| Purpose | Data Processed | Legal Basis | Retention | | ------------------------------- | ------------------------------------------ | --------------------------------------------------------------------- | ----------------------------------------- | | Account creation & management | Email, name, password, profile photo | Contract performance (Art. 6(1)(b)) | Until account deletion | | AI video content generation | URLs, extracted text/images/pricing | Contract performance (Art. 6(1)(b)) | Until content deletion or account closure | | Payment processing | Billing metadata, subscription status | Contract performance (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c)) | 10 years (Bulgarian tax law) | | Social media autoposting | Auth tokens, account info for FB/IG/TikTok | Consent (Art. 6(1)(a)) | Until disconnection or account deletion | | Social login (Google, Facebook) | Name, email, profile photo from provider | Consent (Art. 6(1)(a)) | Until account deletion | | Analytics & service improvement | Usage data, device info, IP, session data | Legitimate interest (Art. 6(1)(f)) | 12 months (anonymized) | | Security & fraud prevention | IP address, session data, access logs | Legitimate interest (Art. 6(1)(f)) | 6 months | | Communications | Email address | Contract performance (Art. 6(1)(b)) | Until account deletion | | Legal compliance | Billing records, tax data | Legal obligation (Art. 6(1)(c)) | 10 years |

You may withdraw your consent at any time by contacting us at hello@a21social.com. Withdrawal does not affect the lawfulness of processing before withdrawal.

Where we rely on legitimate interest (Art. 6(1)(f)), we have conducted a balancing test to ensure our interests do not override your fundamental rights. Our legitimate interests include: improving service quality, ensuring platform security, and preventing fraud. You have the right to object to processing based on legitimate interest at any time (see Section 10).

4. Automated Content Generation

Our Service uses automated processes, including artificial intelligence, to generate video content from URLs and data you provide.

4.1 Automated Decision-Making (GDPR Art. 22)

Under Article 22 GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

Our AI-powered content generation uses automated processes to extract information from URLs you provide and generate video content. While this process is automated, it does not produce legal effects on you, you retain full control over whether to publish, edit, or discard generated content.

We implement reasonable safeguards in our AI systems, including restrictions on prohibited content and factual accuracy requirements. However, we cannot guarantee that all generated content will be accurate, complete, or appropriate.

You may request human review of any AI-generated content by contacting us. You also have the right to express your point of view and contest any automated processing.

5. Social Media Autoposting

When you enable autoposting, the Service may automatically publish generated video content to your connected Facebook, Instagram, and TikTok accounts. You are solely responsible for:

  • Ensuring that autoposted content complies with the terms of service of each social media platform
  • Reviewing and managing content published to your accounts
  • Any consequences arising from content posted to your social media accounts through the Service

We are not responsible for actions taken by social media platforms in response to autoposted content, including account suspension or content removal.

6. Third-Party Services and Recipients

We share your personal data with the following categories of recipients, each bound by data processing agreements in compliance with GDPR:

  • Payment processor: Stripe, for subscription billing and payment processing
  • AI/ML services: [AI PROVIDER NAME], for video content generation
  • Cloud hosting: [HOSTING PROVIDER NAME], for data storage and processing
  • Analytics: PostHog, for usage tracking and service improvement. Privacy policy: https://posthog.com/privacy
  • Error monitoring: Sentry (Functional Software, Inc.), for error tracking and performance monitoring. Privacy policy: https://sentry.io/privacy/
  • Email delivery: [EMAIL PROVIDER NAME], for transactional communications
  • Social media APIs: Meta (Facebook/Instagram), TikTok, for autoposting content to your connected accounts

We do not sell your personal data to third parties.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on the Service. For full details on what cookies we use, their purposes, and how to manage them, please refer to our separate Cookie Policy.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you request account deletion
  • Billing records: Retained as required by tax and accounting laws (typically 5-10 years)
  • Usage analytics: Retained in anonymized form
  • Generated content: Retained until you delete it or close your account

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls limiting data access to authorized personnel

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability, receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interest (Art. 21), upon your objection, we will cease processing unless we demonstrate compelling legitimate grounds
  • Withdraw consent at any time
  • Not be subject to automated decision-making (Art. 22), see Section 4 for details on our automated processing
  • Lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) or the supervisory authority in your country of residence. For German residents, this is your state data protection authority (Landesdatenschutzbehörde).

To exercise any of these rights, contact us at hello@a21social.com. We will respond within 30 days.

11. Account Deletion

You may request full deletion of your account and all associated personal data at any time by contacting us at hello@a21social.com. Upon receiving your request, we will:

  • Delete your account and personal data
  • Remove generated content associated with your account
  • Retain only data required by law (e.g., billing records)

Deletion is typically completed within 30 days of your request.

12. International Data Transfers

Your data may be processed by third-party providers located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data.

Specifically, your data may be transferred to the following third countries: United States (AI model providers, analytics, error monitoring). For transfers to the US, we rely on the EU-US Data Privacy Framework adequacy decision and/or Standard Contractual Clauses (SCCs) approved by European Commission Decision 2021/914, supplemented by additional safeguards where necessary.

13. Children's Privacy

The Service is not directed at children. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

A21 Reports Ltd. bul. Cherni Vrah 47, 1407 Sofia, Bulgaria Email: hello@a21social.com