This document is a translation of the original French Privacy Policy. In case of any discrepancy, the original French version shall prevail.

TweetFast Privacy Policy

Last updated: October 7, 2025

Preamble

Welcome to TweetFast. Protecting your privacy is central to our commitments. This policy explains in clear terms what data we collect, why, how we use it, with whom we share it, and the rights available to you.

We only collect data strictly necessary to deliver and improve the service, and we never sell your personal data.

1. Who Are We? (Data Controllers)

TweetFast is jointly operated by the following joint data controllers:

• FRITSCH LOIC (sole proprietorship)
  Address: 29 RUE DE GUEBWILLER, 68500 MERXHEIM, France
  SIRET: 90299703000017
• GREP ONE – Trade name: Grep One (sole proprietorship)
  Full name: GREPIN Thibaud
  Address: 60 rue François Ier, 75008 Paris, France
  SIRET: 98915400000016

Privacy / GDPR contact: contact@tweetfa.st
General contact: contact@tweetfa.st

No Data Protection Officer (DPO) has been appointed. For any questions about this policy or to exercise your rights, contact us at the address above.

2. What Data Do We Collect and Why?

2.1 Data You Provide Directly

• Identification data: name, first name (optional), email address, hashed password. When you register via OAuth (e.g., Google), we receive basic profile information (name, email).
  Purpose: account creation and security, essential communication.
  Legal basis: performance of the contract.
• User content (related to your use of TweetFast): texts/tweets/replies, templates, settings, any media or metadata you choose to import or generate.
  Purpose: deliver creation, interaction, and scheduling features.
  Legal basis: performance of the contract.

2.2 Data Collected Automatically

• Technical and usage data: IP address, browser type/version, OS, technical logs, device identifiers, app events, aggregated usage (features used, performance, errors).
  Purpose: security, abuse prevention, product improvement, and support.
  Legal basis: legitimate interest.

2.3 Payment Data

• Payments are processed by our provider Stripe. We do not store full card details. We keep payment references and information required for invoicing.
  Purpose: subscription management, invoicing, tax compliance.
  Legal bases: performance of the contract and legal obligation.

3. How Do We Use Your Data?

• Service delivery (contract): hosting and processing your content; AI-assisted generation (writing, summarizing, classification, embeddings); scheduling; analytics and personalization.
• Security & integrity (legitimate interest): detecting abuse, preventing fraud, maintaining availability and performance.
• Billing & compliance (legal obligation): bookkeeping, record retention.
• Communication: transactional emails (contract), product notifications (consent when required, unsubscribe available).

Profiling / automated decisions: AI processing is inherent to the service and does not produce decisions with legal effects or similarly significant impacts within the meaning of Article 22 GDPR. Without this processing, the service cannot operate.

4. With Whom Do We Share Your Data? (Processors)

We do not sell your data. We work with carefully selected providers:

Provider	Role	Country
Contabo GmbH	Infrastructure hosting	Germany (EU)
Cloudflare, Inc.	File hosting	USA
Stripe, Inc.	Payments	USA
PostHog, Inc.	Product usage analytics	EU (if EU plan) / UK
OpenRouter / OpenAI / Google / Anthropic / Mistral / Voyage AI / Cohere	AI services (generation, analysis, embeddings)	USA / France / EU

5. Transfers Outside the European Union

Some data may be transferred outside the EU (notably to the United States) when using AI, analytics, or payment services. These transfers are safeguarded by appropriate measures such as Standard Contractual Clauses issued by the European Commission and/or the providers’ adherence to the Data Privacy Framework, where applicable.

6. Retention Periods

• Account data and content: for the duration of your use of the service. Upon termination, retained for 30 days for export/recovery, then deleted unless legal obligations require otherwise.
• Billing data: kept for up to 10 years in line with legal requirements.
• Technical logs: retained for periods proportionate to security and diagnostic needs (typically a few weeks to a few months).

7. Security

• Encryption: TLS/SSL in transit; encryption at rest where relevant (e.g., AES-256).
• Restricted access: access limited to what is strictly necessary; no access to your content without your explicit support request.
• Notification: if a personal data breach occurs, the competent authority is notified within 72 hours and, where high risk exists, affected individuals are informed.

8. Your Rights

Under the GDPR, you have the following rights:

• Access: know whether we process your data and obtain a copy.
• Rectification: correct inaccurate data.
• Erasure: request deletion of your data (within legal limits).
• Restriction: temporarily limit certain processing activities.
• Portability: receive your data in a structured, commonly used format.
• Objection: object to processing based on legitimate interest, including direct marketing.
• Withdrawal of consent: at any time, for processing based on consent.

Exercise your rights via your account area whenever possible, or email us at contact@tweetfa.st.

9. Cookies and Other Trackers

During browsing, cookies/trackers may be placed:

• Strictly necessary: security, session, payment (e.g., Stripe). No consent required.
• Analytics / product usage: e.g., PostHog, depending on configuration. Subject to your consent via our management banner.

You can manage your preferences through the cookie banner or your browser settings. Refusing certain cookies may affect your experience.

10. Children

The service is not intended for individuals under 16. We do not knowingly collect data from minors. If such a case is detected, we will delete the relevant data.

11. Changes to This Policy

We may update this policy to reflect service developments or legal changes. In case of substantial modifications, you will be informed by email and/or in-app notification. The version displayed with the update date is the one in force.

12. Governing Law and Jurisdiction

This policy is governed by French law and Regulation (EU) 2016/679 (GDPR). Failing an amicable resolution, disputes fall under the jurisdiction of the competent courts of Paris, subject to mandatory protective provisions applicable to consumers.

13. Hosting

Primary hosting provider: Contabo GmbH – EU/Germany data centers
Website: https://contabo.com/

Contact

Privacy email: contact@tweetfa.st
General email: contact@tweetfa.st