Privacy Policy

Last Updated: January 27, 2025

Introduction

Welcome to SetuAI ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website setuai.io and our services (collectively, the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

When you create an account, we collect:

Email address
Full name (optional)
Password (encrypted)
Company/website name (optional)

Profile Information:

Blog URL
WordPress site information (if using WordPress plugin)
User preferences and settings

1.2 Information Collected Automatically

Usage Data:

IP address
Browser type and version
Pages visited
Time and date of visit
Device information

Cookies and Tracking:

We use cookies and similar tracking technologies to track activity on our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

1.3 Information from Third-Party Services

Pinterest Integration:

When you connect your Pinterest account to our Service, we access the following information from Pinterest:

Data We Access:

Your Pinterest username and display name
Your Pinterest boards (names and IDs only)
Permission to create pins on your behalf only after your explicit review and approval of each pin
Basic account information (profile picture, bio - for display purposes only)

Data We Do NOT Access:

Your Pinterest private messages
Your followers or following lists
Your Pinterest analytics data
Pins created by other users
Your browsing history on Pinterest
Your password or login credentials

OAuth Authentication:

We use Pinterest's OAuth 2.0 protocol for secure authentication. This means:

We never see or store your Pinterest password
You control which permissions you grant us
You can revoke our access at any time through your Pinterest settings
All communication with Pinterest is encrypted (HTTPS)

Pinterest API Scopes We Request:

boards:read - To fetch your boards so you can select where to post pins
pins:write - To create pins on your Pinterest account only when you explicitly approve each pin
boards:write - To manage board selection for pin posting

User Control:

Every pin requires your individual review and approval. We never post automatically or in bulk. You see a full preview of each pin (title, description, image, hashtags) before clicking "Post to Pinterest".

2. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery:

Create and manage your account
Generate AI-powered pin content from your blog posts
Post pins to your Pinterest account only after you review and approve each individual pin
Display your Pinterest boards for selection
Track your pin posting history and statistics

Communication:

Send account-related emails (confirmations, notifications)
Respond to your inquiries and support requests
Send service updates and important announcements
Marketing communications (you can opt-out)

Service Improvement:

Analyze usage patterns to improve our Service
Develop new features and functionality
Monitor and prevent technical issues
Ensure platform security and prevent fraud

3. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties.

We may share your information in the following circumstances:

Pinterest:

We send blog post content to Pinterest API to create pins only when you click "Post to Pinterest" after reviewing and approving the pin
This includes post titles, descriptions, images, and links
All data sent to Pinterest is done on your behalf and only with your explicit approval for each individual pin
No automatic posting or bulk operations - each pin requires individual user action
Pinterest's use of data is governed by their Privacy Policy

Service Providers:

We may share data with third-party service providers who assist us in operating our Service:

Anthropic (Claude AI): Blog post analysis and content generation
Payment Processors: For billing (they never see your blog content)
Hosting Providers: For infrastructure
Database Provider: Supabase for secure data storage
Email Service: For transactional emails

All service providers are contractually obligated to keep your information confidential.

4. Data Security

We implement appropriate security measures to protect your information:

Technical Measures:

All data transmission uses HTTPS/TLS encryption
Passwords are hashed using industry-standard algorithms
API keys are encrypted at rest
Regular security audits and updates
Secure database access controls

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification:

In the event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours of becoming aware of the breach (GDPR requirement)
Notify relevant supervisory authorities as required by applicable law
Provide information about the nature of the breach, affected data, and steps we're taking
Offer guidance on protective measures you can take

5. Data Retention

Account Data:

Retained while your account is active
Deleted within 30 days of account deletion request

Pinterest Integration Data:

Board information cached for 24 hours
Pin IDs and URLs retained for history tracking
Deleted immediately when you disconnect Pinterest

Blog Content:

Analyzed in real-time, not permanently stored
Temporary caching (max 1 hour) for processing
Automatically deleted after processing

6. Your Data Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (right to be forgotten)
Portability: Request your data in a structured, machine-readable format
Objection: Object to processing of your personal data
Withdraw Consent: Withdraw consent for data processing

To Exercise Your Rights:

Email us at: support@setuai.io

We will respond within 30 days.

Pinterest Access:

You can disconnect your Pinterest account at any time through:

Our dashboard settings
Your Pinterest account settings at pinterest.com/settings

7. Cookies and Tracking

Cookies We Use:

Essential Cookies:

Session cookies for authentication
Security cookies for fraud prevention
Required for Service functionality

Analytics Cookies:

Usage statistics and performance monitoring
Can be disabled in your browser

Cookie Management:

You can control cookies through your browser settings. Disabling cookies may limit Service functionality.

8. Third-Party Links

Our Service may contain links to third-party websites:

We are not responsible for privacy practices of other sites
We encourage you to read their privacy policies
This Privacy Policy applies only to our Service

Third-Party Services We Use:

Pinterest: Privacy Policy
Anthropic (Claude AI): Privacy Policy

9. Children's Privacy

Minimum Age Requirements:

India: 18 years of age
European Union: 16 years of age
United States and other countries: 13 years of age

Our Service is not intended for users below the minimum age requirement in their jurisdiction.

We do not knowingly collect personal information from children. If we discover that we have collected information from a user below the minimum age, we will delete it immediately.

If you believe we have collected information from an underage user, please contact us at support@setuai.io.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own.

For EU Users: If you are in the European Economic Area (EEA), your data may be transferred to countries outside the EEA. We ensure appropriate safeguards are in place through Standard Contractual Clauses with service providers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to Know: What personal information we collect, sources, and purposes
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

12. GDPR Compliance (EU Users)

If you are in the European Union, we process your data based on:

Legal Bases:

Consent: When you authorize Pinterest integration
Contract: To provide our Service to you
Legitimate Interests: To improve and secure our Service
Legal Obligation: To comply with applicable laws

13. India Data Protection Compliance (DPDPA 2023)

If you are in India, we comply with the Digital Personal Data Protection Act (DPDPA) 2023:

Your Rights Under DPDPA:

Right to Access: Obtain confirmation and access to your personal data
Right to Correction: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data
Right to Grievance Redressal: Lodge complaints regarding data processing
Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity

Consent:

We obtain your free, specific, informed, and unambiguous consent before processing your personal data. You can withdraw consent at any time by contacting us.

Data Localization:

We process and store your data in accordance with Indian data protection laws and regulations.

Data Breach Notification:

In the event of a data breach, we will notify affected users and the relevant authorities as required by law.

Grievance Officer:

For any concerns or complaints related to data protection, you may contact our Grievance Officer at:

Email: support@setuai.io
Location: Ajmer, Rajasthan, India

We will address your grievance within the timeframe specified under applicable law (typically within 30 days).

14. Canada Privacy Compliance (PIPEDA)

If you are in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA):

We obtain meaningful consent before collecting, using, or disclosing your personal information
We limit collection of personal information to what is necessary
We use personal information only for the purposes for which it was collected
You can withdraw consent at any time, subject to legal or contractual restrictions
You have the right to access and correct your personal information

To exercise your rights or file a complaint, contact: support@setuai.io

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

We will notify you of changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification (for material changes)

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Email: support@setuai.io
Website: setuai.io
Location: Ajmer, Rajasthan, India

Grievance Officer (India DPDPA Compliance):

For data protection concerns, contact our Grievance Officer at: support@setuai.io

Location: Ajmer, Rajasthan, India

For Pinterest-Specific Privacy Questions:

Please note that Pinterest's privacy practices are governed by Pinterest's Privacy Policy, available at policy.pinterest.com/privacy-policy