Back
Privacy Policy - Nyndoo
Last updated: June 1, 2026
Nyndoo ("we", "our") places great importance on protecting your personal data. This Privacy Policy describes the data we collect when you use the website https://nyndoo.com and the related services, how we use it, and your rights.
This policy complies with the General Data Protection Regulation (GDPR).
1. Data controller
The data controller is Nyndoo, reachable by email at anthony@nyndoo.com.
2. Data collected
2.1 Data provided by the user
- Email (for account creation and sending magic sign-in links)
- Business profile: brand, offer, target, editorial tone, objectives, connected platforms, publishing cadence, time zone
- Payment information: handled exclusively by Stripe. Nyndoo does not store any bank card data; only the Stripe customer identifier ("customer_id") is kept.
- Social network access tokens (LinkedIn, and Meta, TikTok, X coming soon): obtained via OAuth after your explicit consent, encrypted at rest in the database (pgsodium encryption).
2.2 Data generated through use
- Briefs and posts generated by AI
- Publishing history (status, date, LinkedIn URL, targeted platforms)
- Usage costs (OpenAI tokens consumed, spend per user)
- Technical error logs (publishing failures, token expirations)
2.3 Technical data
- Session cookies strictly necessary for operation (Supabase authentication)
- Meta advertising measurement cookies (Facebook pixel): set only after your explicit consent via the banner (see section 12). None are set until you have accepted.
3. Purposes of processing
Your data is used to:
- Provide the automated content generation and publishing service
- Manage your account, your trial, and your subscription
- Publish on your behalf on the social networks you have connected
- Send you essential transactional communications (signup confirmation, failure alerts, trial end)
- Improve the service through anonymized statistical analysis
No fully automated decision producing legal effects concerning you is made without human intervention.
4. Legal basis
- Performance of the contract: for the features of the subscribed service
- Consent: for connecting to social accounts and publishing on your behalf (revocable at any time via Settings), as well as for Meta advertising measurement cookies (revocable via "Manage my cookies" in the footer)
- Legitimate interest: for technical logs and security
- Legal obligation: for billing and accounting
5. Subprocessors
We use the following subprocessors, located or operating in jurisdictions offering an adequate level of protection:
- Supabase / European VPS: hosting and database
- Stripe (Ireland): payment processing
- OpenAI (United States): text and visual content generation - standard contractual clauses applied
- LinkedIn, Meta: publishing via official APIs, under your OAuth authorization
- Meta Platforms Ireland Ltd. (Facebook pixel): advertising audience measurement, only after your consent. Meta acts as joint controller for this processing; data may be transferred to the United States, governed by the Data Privacy Framework and standard contractual clauses.
- Resend / SMTP: sending transactional emails
No data is sold or rented. Data transmitted to Meta via the pixel is only sent with your consent, for advertising measurement purposes.
6. Retention period
- Active account: as long as your account exists
- Deleted account: deletion within 30 days, except for legal obligations (billing: 10 years)
- Technical logs: 90 days maximum
- OAuth tokens: deleted immediately upon disconnecting a social network
7. Your rights (GDPR)
You have the following rights at any time:
- Access: view the data concerning you (Settings → Export my data)
- Rectification: edit your business profile
- Erasure: delete your account (Settings → Delete my account). Irreversible deletion within 30 days.
- Portability: receive a JSON export
- Objection and restriction: contact us at anthony@nyndoo.com
- Complaint: with the CNIL (www.cnil.fr)
8. Security
All exchanges are encrypted via TLS. Social network access tokens are encrypted at rest (pgsodium). Access policies (Row Level Security) ensure that a user can only access their own data.
9. Minors
Nyndoo is not intended for persons under 16 years of age and does not knowingly collect their data. If you notice that a minor has created an account, contact us: we will delete the data concerned.
10. Changes to the policy
We may update this policy. Any substantial change will be notified to you by email at least 15 days before it takes effect.
11. Cookies and trackers
- Strictly necessary cookies (authentication, security): set without consent, essential for the operation of the service.
- Advertising measurement cookies (Meta/Facebook pixel: _fbp, _fbc): set only after your explicit agreement via the banner displayed on your first visit. Until you have clicked "Accept", none of these cookies are set and no data is sent to Meta.
- Withdrawing consent: you can withdraw or change your choice at any time via the "Manage my cookies" link in the footer. Withdrawing is as easy as accepting.
- Duration: your choice is kept for 6 months maximum, after which consent is requested again.
12. Contact
For any question, request to exercise your rights, or complaint, contact:
Email: anthony@nyndoo.com