1. Introduction
Persai.ai (“Persai”, “we”, “our”, or “us”) operates the Persai platform — an AI-powered social media management service for Threads and Instagram by Meta, TikTok, and LinkedIn (collectively, the “Supported Platforms”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our service. By using Persai, you agree to the practices described in this policy.
2. Data Controller
The data controller responsible for your personal data is MagicStone LLC. If you have questions about how your data is handled, you can contact us at support@persai.ai.
3. What We Collect
We collect the following categories of data:
a) Account Data
- Email address and name (provided during registration)
- Organization name and membership details
- Authentication credentials (hashed passwords, JWT tokens)
b) Connected Social Account Data
- Threads user ID, username, profile picture URL, and biography (for connected Threads accounts)
- Instagram user ID, username, account type (Business / Creator), profile picture URL, and biography (for connected Instagram accounts); where required by Meta, the identifier of the linked Facebook Page
- TikTok open_id and union_id, username, display name, and avatar URL (for connected TikTok accounts); creator info returned by TikTok’s Content Posting API at the time of publishing
- LinkedIn member identifier (sub / person URN), name, email (where granted), and avatar URL returned by LinkedIn’s OIDC userinfo endpoint (for connected LinkedIn accounts)
- OAuth access tokens and refresh tokens for each platform (encrypted at rest)
- Posts, replies, mentions, and comments published on your connected accounts (synced during account connection and, for Meta platforms, via webhooks). Reply, mention, and comment ingestion is currently supported only for Threads and Instagram
c) Content and Interaction Data
- AI-generated posts, replies, and scheduled content created through Persai
- Source materials (text, URLs) you provide for content generation
- AI persona configuration (tone, topics, writing style, bio, language)
- Conversation history with external users who interact with your Threads or Instagram account (Threads and Instagram only)
- Media files (images, videos) uploaded for publishing
d) Technical Data
- IP address, browser type, device information
- Usage logs and feature interaction data
- Error reports and performance metrics
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent:You explicitly authorize Persai to access your Threads, Instagram, TikTok, and/or LinkedIn account(s) via each platform’s OAuth flow and to generate and publish content on your behalf.
- Contractual necessity: Processing is necessary to provide the services you have subscribed to, including AI content generation, scheduling, and publishing.
- Legitimate interest: We process data to improve our service, ensure security, prevent fraud, and provide customer support.
- Legal obligation: We may process data to comply with applicable laws and regulations.
5. User Consent and Authorization
When you connect an account to Persai, you are redirected to that platform’s OAuth flow (Meta, TikTok, or LinkedIn), where you explicitly authorize the permissions requested by Persai for that platform.
a) Threads permissions
- threads_basic: Access to your Threads profile information
- threads_content_publish: Ability to create and publish posts on your behalf
- threads_manage_replies: Ability to manage and respond to replies on your posts
- threads_read_replies: Ability to read reply trees on your posts
- threads_manage_mentions: Ability to read and respond to mentions of your account
- threads_delete: Ability to delete posts published through the service
- threads_keyword_search: Ability to search public Threads posts by keyword for content discovery
- threads_manage_insights: Access to engagement metrics and insights on your posts
- threads_profile_discovery: Ability to look up public Threads profiles and their posts
b) Instagram permissions
Instagram publishing requires an Instagram Business or Creator account. Depending on the OAuth flow Meta makes available to your account (Instagram Business Login or Facebook Login for Business), Persai requests the following permissions:
- instagram_business_basic (or instagram_basic): Access to your Instagram profile information and media
- instagram_business_content_publish (or instagram_content_publish): Ability to create and publish posts, reels, stories, and carousels on your behalf
- instagram_business_manage_comments (or instagram_manage_comments): Ability to read, reply to, hide, and delete comments on your posts
- instagram_business_manage_insights (or instagram_manage_insights): Access to engagement metrics and insights on your posts and account
- pages_show_list, pages_read_engagement, and business_management (when Facebook Login for Business is used): the minimum Facebook Page permissions Meta requires to access an Instagram Business account linked to a Facebook Page
c) TikTok permissions
TikTok publishing requires the TikTok for Developers Content Posting API. Persai requests the following scopes via TikTok’s OAuth flow:
- user.info.basic: Access to your TikTok open_id, union_id, avatar, and display name
- user.info.profile: Access to your username and additional public profile fields
- video.upload: Ability to upload videos to your TikTok account as drafts in the TikTok inbox
- video.publish: Ability to publish videos directly to your TikTok account
- video.list: Ability to list videos published to your account for sync and analytics
d) LinkedIn permissions
LinkedIn publishing is performed in member context via the LinkedIn Posts API. Persai requests the following scopes via LinkedIn’s OAuth 2.0 flow:
- openid: OpenID Connect authentication
- profile: Access to your basic LinkedIn profile (name, avatar, person URN)
- email: Access to your primary email address (where you choose to share it)
- w_member_social: Ability to create, modify, and delete posts on your behalf in member context
You understand and agree that Persai will use AI (powered by OpenAI and/or Anthropic) to generate content — including posts and, for Threads and Instagram, replies to mentions and comments — that is published to your connected Supported Platform account(s). All AI-generated content is created based on your configured persona settings (tone, topics, writing style) and published according to your approval preferences.
You can revoke access at any time by disconnecting the relevant account from Persai or by revoking Persai’s permissions in your account settings on the relevant platform (Meta for Threads and Instagram, TikTok in app/web settings, LinkedIn in your account’s Permitted Services).
6. How We Use the Data
We use the collected data to:
- Generate AI-powered content (posts, replies, mentions) tailored to your persona configuration
- Schedule and publish content to your connected Threads, Instagram, TikTok, and/or LinkedIn accounts
- Analyze your existing posts to bootstrap and refine your AI persona writing style
- Process and respond to replies, mentions, and comments on your Threads and Instagram posts (AI replies are not currently available for TikTok or LinkedIn)
- Extract and summarize content from source URLs for content remixing
- Maintain and improve the service, including bug fixes and feature development
- Provide customer support and respond to inquiries
- Ensure compliance with the developer policies and platform terms of Meta, TikTok, and LinkedIn
- Detect and prevent fraud, abuse, and security threats
7. Types of Content We Create
Through Persai, AI-generated content includes:
- Original posts: AI-generated posts adapted to each platform — Threads and Instagram (single-image, carousel, and reel formats where supported), TikTok (video and photo carousel posts), and LinkedIn (text posts in member context) — based on your persona settings, topics, and source materials
- Replies to comments (Threads and Instagram only): Automated responses to users who comment on your Threads or Instagram posts
- Replies to mentions (Threads and Instagram only):Automated responses when your account is mentioned in other users’ posts
- Scheduled content: Posts queued for future publication at times you configure
- Remixed content: Posts generated from source materials (URLs, text snippets) using customizable prompt templates
All AI-generated content reflects your persona configuration. You can configure approval modes (automatic or manual) to control whether content is published immediately or requires your review.
8. Sharing of Data
We share your data with the following parties, only as necessary to provide our service:
a) Account Owners
Organization members with appropriate roles can view posts, replies, persona settings, and analytics for brands within their organization.
b) AI Processing Providers
We use OpenAI and/or Anthropic to generate AI content. Post content, persona configuration, conversation context, and source materials are sent to these providers for processing. These providers process data according to their respective privacy policies and data processing agreements.
c) Cloud Storage
Media files (images, videos) are stored on Cloudflare R2. Files are stored securely and are only accessible via authenticated URLs.
d) Meta (Threads and Instagram)
Content is published to Threads via the official Threads API and to Instagram via the official Instagram Graph API. We interact with Meta’s platforms exclusively through their authorized API endpoints.
e) TikTok
Content is published to TikTok via the official TikTok for Developers Content Posting API (and read back via the Display API for sync). Media files referenced by uploads are fetched by TikTok directly from publicly accessible URLs we host on Cloudflare R2.
f) LinkedIn
Content is published to LinkedIn in member context via the official LinkedIn Posts API (UGC / Posts). Account identity is established via LinkedIn’s OIDC userinfo endpoint.
g) Hosting and Infrastructure
Our service is hosted on Railway. Database (PostgreSQL) and queue (Redis) services are managed within our hosting infrastructure.
h) Email Service
We use Resend for transactional email delivery (account verification, password resets, notifications).
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
9. Data Security
We implement the following security measures to protect your data:
- Token encryption: All OAuth tokens (access tokens and refresh tokens) for Threads, Instagram, TikTok, and LinkedIn are encrypted at rest using AES-256-GCM encryption
- Password hashing: User passwords are hashed using industry-standard algorithms and are never stored in plain text
- HTTPS: All data in transit is encrypted using TLS/HTTPS
- Webhook verification: All incoming Meta webhooks are verified using HMAC-SHA256 signatures to prevent tampering
- Access control: Role-based access control within organizations ensures users can only access data they are authorized to view
- Infrastructure security: Our hosting environment provides network isolation, automated backups, and monitoring
10. Data Retention
We retain your data as follows:
- Account data: Retained for the duration of your account. Deleted upon account deletion request.
- Platform tokens: OAuth tokens for Threads, Instagram, TikTok, and LinkedIn are retained while the corresponding account is connected. Deleted immediately upon disconnection of that account.
- Posts and content: Retained for the duration of your account. You can delete individual posts at any time.
- Conversation history: Retained to provide context for AI replies. Deleted upon account deletion.
- Media files: Retained while associated posts exist. Deleted when the associated post is deleted or upon account deletion.
- Technical logs: Retained for up to 90 days for debugging and security purposes, then automatically purged.
When you request account deletion, all associated data is permanently removed within 3 business days. See our Data Deletion Instructions for details.
11. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to deletion: Request permanent deletion of your personal data
- Right to data portability: Request your data in a structured, machine-readable format
- Right to restriction: Request that we limit processing of your data in certain circumstances
- Right to object: Object to processing of your data based on legitimate interest
- Right to withdraw consent: Withdraw your consent at any time by disconnecting any connected Supported Platform account (Threads, Instagram, TikTok, or LinkedIn), or by deleting your Persai account
To exercise any of these rights, contact us at support@persai.ai. We will respond to your request within 30 days.
12. Third-Party Services
Persai integrates with the following third-party services:
13. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. We ensure that such transfers are conducted in compliance with applicable data protection laws and that appropriate safeguards are in place, including standard contractual clauses where required.
14. Children’s Privacy
Persai is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@persai.ai and we will promptly delete such information.
15. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
16. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will provide additional notice via email or through the Persai dashboard. Your continued use of the service after such modifications constitutes your acknowledgment and acceptance of the updated policy.
17. Compliance and Oversight
Persai is committed to compliance with applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Meta Developer Policies, the TikTok for Developers Terms of Service, and the LinkedIn API Terms of Use. We regularly review our data practices to ensure alignment with these requirements. If you believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.