Privacy Policy

1. Introduction

Persai.ai (“Persai”, “we”, “our”, or “us”) operates the Persai platform — an AI-powered social media management service for Threads by Meta. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our service. By using Persai, you agree to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is MagicStone LLC. If you have questions about how your data is handled, you can contact us at support@persai.ai.

3. What We Collect

We collect the following categories of data:

a) Account Data

• Email address and name (provided during registration)
• Organization name and membership details
• Authentication credentials (hashed passwords, JWT tokens)

b) Threads Account Data

• Threads user ID, username, profile picture URL, and biography
• OAuth access tokens and refresh tokens (encrypted at rest)
• Posts, replies, and mentions published on your connected Threads account (synced during account connection and via webhooks)

c) Content and Interaction Data

• AI-generated posts, replies, and scheduled content created through Persai
• Source materials (text, URLs) you provide for content generation
• AI persona configuration (tone, topics, writing style, bio, language)
• Conversation history with external users who interact with your Threads account
• Media files (images, videos) uploaded for publishing

d) Technical Data

• IP address, browser type, device information
• Usage logs and feature interaction data
• Error reports and performance metrics

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: You explicitly authorize Persai to access your Threads account via OAuth and to generate and publish content on your behalf.
• Contractual necessity: Processing is necessary to provide the services you have subscribed to, including AI content generation, scheduling, and publishing.
• Legitimate interest: We process data to improve our service, ensure security, prevent fraud, and provide customer support.
• Legal obligation: We may process data to comply with applicable laws and regulations.

5. User Consent and Authorization

When you connect a Threads account to Persai, you are redirected to Meta’s OAuth flow where you explicitly authorize the following permissions:

• threads_basic: Access to your Threads profile information
• threads_content_publish: Ability to create and publish posts on your behalf
• threads_manage_replies: Ability to manage and respond to replies on your posts
• threads_read_replies: Ability to read reply trees on your posts
• threads_manage_mentions: Ability to read and respond to mentions of your account
• threads_delete: Ability to delete posts published through the service
• threads_keyword_search: Ability to search public Threads posts by keyword for content discovery
• threads_manage_insights: Access to engagement metrics and insights on your posts
• threads_profile_discovery: Ability to look up public Threads profiles and their posts

You understand and agree that Persai will use AI (powered by OpenAI and/or Anthropic) to generate content — including posts, replies to mentions, and replies to comments — that is published to Threads under your account. All AI-generated content is created based on your configured persona settings (tone, topics, writing style) and published according to your approval preferences.

You can revoke access at any time by disconnecting your Threads account from Persai or by revoking Persai’s permissions in your Meta account settings.

6. How We Use the Data

We use the collected data to:

• Generate AI-powered content (posts, replies, mentions) tailored to your persona configuration
• Schedule and publish content to your connected Threads account
• Analyze your existing posts to bootstrap and refine your AI persona writing style
• Process and respond to replies and mentions on your Threads posts
• Extract and summarize content from source URLs for content remixing
• Maintain and improve the service, including bug fixes and feature development
• Provide customer support and respond to inquiries
• Ensure compliance with Meta Developer Policies and Threads Terms of Use
• Detect and prevent fraud, abuse, and security threats

7. Types of Content We Create

Through Persai, AI-generated content includes:

• Original posts: AI-generated Threads posts based on your persona settings, topics, and source materials
• Replies to comments: Automated responses to users who comment on your Threads posts
• Replies to mentions: Automated responses when your account is mentioned in other users’ posts
• Scheduled content: Posts queued for future publication at times you configure
• Remixed content: Posts generated from source materials (URLs, text snippets) using customizable prompt templates

All AI-generated content reflects your persona configuration. You can configure approval modes (automatic or manual) to control whether content is published immediately or requires your review.

8. Sharing of Data

We share your data with the following parties, only as necessary to provide our service:

a) Account Owners

Organization members with appropriate roles can view posts, replies, persona settings, and analytics for AI accounts within their organization.

b) AI Processing Providers

We use OpenAI and/or Anthropic to generate AI content. Post content, persona configuration, conversation context, and source materials are sent to these providers for processing. These providers process data according to their respective privacy policies and data processing agreements.

c) Cloud Storage

Media files (images, videos) are stored on Cloudflare R2. Files are stored securely and are only accessible via authenticated URLs.

d) Meta / Threads

Content is published to Threads via the official Threads API. We interact with Meta’s platform exclusively through their authorized API endpoints.

e) Hosting and Infrastructure

Our service is hosted on Railway. Database (PostgreSQL) and queue (Redis) services are managed within our hosting infrastructure.

f) Email Service

We use Resend for transactional email delivery (account verification, password resets, notifications).

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

9. Data Security

We implement the following security measures to protect your data:

• Token encryption: All Threads OAuth tokens (access tokens and refresh tokens) are encrypted at rest using AES-256-GCM encryption
• Password hashing: User passwords are hashed using industry-standard algorithms and are never stored in plain text
• HTTPS: All data in transit is encrypted using TLS/HTTPS
• Webhook verification: All incoming Meta webhooks are verified using HMAC-SHA256 signatures to prevent tampering
• Access control: Role-based access control within organizations ensures users can only access data they are authorized to view
• Infrastructure security: Our hosting environment provides network isolation, automated backups, and monitoring

10. Data Retention

We retain your data as follows:

• Account data: Retained for the duration of your account. Deleted upon account deletion request.
• Threads tokens: Retained while your Threads account is connected. Deleted immediately upon disconnection.
• Posts and content: Retained for the duration of your account. You can delete individual posts at any time.
• Conversation history: Retained to provide context for AI replies. Deleted upon account deletion.
• Media files: Retained while associated posts exist. Deleted when the associated post is deleted or upon account deletion.
• Technical logs: Retained for up to 90 days for debugging and security purposes, then automatically purged.

When you request account deletion, all associated data is permanently removed within 3 business days. See our Data Deletion Instructions for details.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to deletion: Request permanent deletion of your personal data
• Right to data portability: Request your data in a structured, machine-readable format
• Right to restriction: Request that we limit processing of your data in certain circumstances
• Right to object: Object to processing of your data based on legitimate interest
• Right to withdraw consent: Withdraw your consent at any time by disconnecting your Threads account or deleting your Persai account

To exercise any of these rights, contact us at support@persai.ai. We will respond to your request within 30 days.

12. Third-Party Services

Persai integrates with the following third-party services:

• Meta / Threads: For account authentication, content publishing, and webhook-based interactions. Subject to Threads Terms of Use and Meta Privacy Policy.
• OpenAI: For AI content generation. Subject to OpenAI Privacy Policy.
• Anthropic: For AI content generation. Subject to Anthropic Privacy Policy.
• Cloudflare: For media file storage (R2) and content delivery. Subject to Cloudflare Privacy Policy.
• Stripe: For payment processing. Subject to Stripe Privacy Policy.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. We ensure that such transfers are conducted in compliance with applicable data protection laws and that appropriate safeguards are in place, including standard contractual clauses where required.

14. Children’s Privacy

Persai is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@persai.ai and we will promptly delete such information.

15. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

16. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will provide additional notice via email or through the Persai dashboard. Your continued use of the service after such modifications constitutes your acknowledgment and acceptance of the updated policy.

17. Compliance and Oversight

Persai is committed to compliance with applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Meta Developer Policies. We regularly review our data practices to ensure alignment with these requirements. If you believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: MagicStone LLC
• Email: support@persai.ai
• Service: Persai.ai

See also: our Terms of Service and Data Deletion Instructions.