1. Data Controller and Owner

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws:
Data Controller: Draco Social (when determining the purposes and means of data processing)
Address: Odrowążów 83/31, 44-103 Gliwice, Poland.
Contact: support@draco.social
If you have any questions about this Policy or our data handling practices, please contact us.

2. Personal Data We Collect

We collect and process different types of information depending on how you interact with Draco Social:
1. Account Data: When you create an account, we collect your name, email address, login credentials, and (if applicable) organization or billing details.
2.Payment Information: For paid subscriptions, payments are processed by third-party payment processors. We do not store full credit card or payment details, though we may store transaction IDs or partial payment data for record-keeping.
3.Social Media Credentials: If you connect social media accounts (e.g., Facebook, Instagram, Twitter) to our Service, we collect tokens or credentials for authorized access, subject to each platform’s policies.
4.Usage Data: We collect data about how you use Draco Social, such as your IP address, browser type, device info, interaction times, and pages visited.
5.User-Generated Content: We may store the content (e.g., posts, comments, media) you create or manage via Draco Social.

3. Purpose and Legal Basis of Processing

3.1. Purposes of Processing

We use collected data for:

• Service Provision: Operating and maintaining Draco Social, including account management, post scheduling, analytics, etc.
• Customization: Personalizing content, features, and recommendations.
• Payment and Billing: Processing subscription fees, issuing invoices, administering relevant financial records.
• Communications: Sending updates, product information, or promotional materials (you can opt out of non-essential marketing messages).
• Analytics and Improvements: Monitoring usage trends to enhance functionality and user experience.
• Security and Fraud Prevention: Detecting and preventing unlawful or fraudulent activities.
• Legal Compliance: Complying with laws, regulations, or lawful requests by authorities.

3.2. Legal Basis (EEA/UK Users)

For Users in the European Economic Area (EEA) and United Kingdom (UK), our legal bases under the GDPR/UK GDPR may include:

• Contractual Necessity: Processing is necessary to provide the Service under our Terms & Conditions.
• Legitimate Interests: For improving our Service, preventing fraud, or ensuring IT security, unless overridden by your interests or fundamental rights.
• Consent: When we rely on your explicit consent for certain data processing activities (e.g., receiving marketing emails, certain cookies). You can withdraw your consent at any time.
• Legal Obligation: Where processing is required by applicable law (e.g., tax, accounting).

4. How We Share Your Data

We may share personal data with:

1. Third-Party Service Providers: Hosting providers, analytics services, customer support tools, payment processors. These parties process data on our behalf under data protection agreements.
2. Social Media Platforms: Data is shared as needed to fulfill publishing or analytics (subject to each platform’s privacy policy).
3. Business Transfers: In the event of merger, acquisition, or asset sale, user data may be transferred.
4. Legal or Regulatory Requirements: If required by law or in response to valid requests by authorities. We do not sell personal data to third parties for monetary consideration.

5. Cookies and Similar Technologies

We use cookies, web beacons, and other tracking technologies to:

• Recognize you across sessions,
• Remember preferences, and
• Analyze traffic and usage patterns.

You can manage cookie settings in your browser. However, disabling cookies may limit your ability to use certain features of Draco Social.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this Policy or comply with legal obligations. Once there is no continuing legitimate business need, we will securely delete or anonymize personal data.

7. Security Measures

We employ commercially reasonable security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence, including the United States, which may have data protection laws different from those in your jurisdiction.

• When we transfer personal data from the Poland to other countries, we ensure safeguards (e.g., Standard Contractual Clauses) to protect your data in accordance with GDPR/UK GDPR requirements.

9. Your Rights (EEA/UK Users)

If you are located in the EEA or UK, you have certain rights under the GDPR/UK GDPR, subject to legal exemptions, including the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure (“Right to be Forgotten”): Request deletion of your data under specific circumstances.
• Restriction: Ask us to restrict processing of your data.
• Portability: Obtain your data in a structured, commonly used, and machine-readable format.
• Objection: Object to our processing of your data if done on a legitimate interest basis.
• Withdraw Consent: Where we rely on consent, you can withdraw it at any time (this does not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, please contact us at support@draco.social. We will respond within a reasonable timeframe, typically 30 days for EEA/UK requests.

You also have the right to lodge a complaint with your local data protection authority.

10. Children’s Privacy

Draco Social is not intended for children under the age of 13 (or as defined by local law). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us at support@draco.social so we can delete such information.

11. Complaints and Dispute Resolution

• Internal Resolution: Contact us at support@draco.social if you have questions or concerns.
• EU/EEA/UK Dispute: Users in the EEA/UK may lodge a complaint with their local supervisory authority if they believe our data processing is unlawful or violates GDPR/UK GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. Your continued use of Draco Social after the changes become effective indicates your acceptance of the revised Policy.

13. Contact Us

Draco Social ul. Odrowążów 83/31 44-103 Gliwice, Poland Email: support@draco.social