Personal Data Policy for Captivate.ly
Provided by ANIPSIA
Effective Date: October 27th, 2025
1. Purpose of This Document
This Personal Data Policy provides a detailed overview of how ANIPSIA collects, processes, stores, and protects personal data when users interact with Captivate.ly, our mobile application for AI-assisted social media content creation. It supplements the Captivate.ly [Privacy Policy].
2. Identity of the Data Controller
ANIPSIA sagl
Registered address: Via Emilio Bossi 35, 6830 Chiasso, Switzerland
Email: privacy@anipsia.com
3. Categories of Personal Data Processed
| Data Category | Examples |
|---|---|
| Authentication Data | Login email address, internal user ID, timestamp |
| Uploaded Content | Event images, caption prompts |
| Usage Data | AI-generated caption drafts, user edits, publish actions |
| System Metadata | Device type, OS version, IP address, anonymized file names |
| API Activity Logs | Posting history, API error/debug events |
4. Purposes of Processing
| Purpose | Legal Basis |
|---|---|
| App functionality and user authentication | Contract (GDPR Art. 6(1)(b)) |
| Caption generation using AI | Consent (GDPR Art. 6(1)(a)) |
| Image storage for post compatibility | Legitimate Interest / Contract |
| Posting to Instagram / LinkedIn | Consent (API opt-in action) |
| Debugging, performance tracking | Legitimate Interest (GDPR Art. 6(1)(f)) |
| Legal compliance and abuse prevention | Legal Obligation (Art. 6(1)(c)) |
5. Data Retention Policy
| Data Type | Retention Period |
|---|---|
| Uploaded images | 24 hours (auto-deleted) |
| Caption prompts & drafts | 90 days |
| User-edited captions | 90 days |
| API activity logs | 180 days |
| Authentication tokens | Until user logout or revocation |
| System/diagnostic logs | 180 days |
We delete or anonymize your data after these periods unless a longer retention is required by law or in the context of an ongoing investigation.
6. Data Hosting and Storage
All data is stored securely in cloud infrastructure compliant with modern security and data protection standards. Temporary image hosting is public-but-unlisted and anonymized, and images are automatically removed after 24 hours.
7. Third-Party Data Processors
We engage the following external services to provide Captivate.ly functionality:
| Service | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Gemini | Caption generation (LLM) | Global (incl. USA) | SCCs, DPA, Encryption |
| Instagram Graph API | Content posting | Global | User authentication |
| LinkedIn API | Content posting | Global | User authentication |
| Google Cloud | Temporary file storage | EU/CH/US | Encryption, auto-delete |
We ensure all processors are bound by appropriate Data Processing Agreements (DPAs) and implement adequate safeguards.
8. Cross-Border Data Transfers
Data transfers outside the EU/EEA or Switzerland (e.g., to Google in the U.S.) are protected via:
-
Standard Contractual Clauses (SCCs)
-
Approved security practices
-
Data minimization and encryption
9. User Rights (GDPR / FADP)
You have the right to:
-
Access – See what personal data we hold about you
-
Rectify – Correct incorrect or incomplete data
-
Delete – Request erasure of your personal data
-
Restrict – Limit processing under certain conditions
-
Object – Challenge processing based on legitimate interests
-
Data Portability – Request export of your data in machine-readable format
-
Withdraw Consent – At any time, without affecting prior lawful use
10. Export / Deletion Request Mechanism
To exercise any of your rights, please email:
Please include the email/account ID you used to sign into Captivate.ly. We will respond to valid requests within 30 days.
11. Security Measures
We implement strong technical and organizational measures to protect personal data, including:
-
End-to-end encryption for data in transit and at rest
-
Role-based access controls
-
Logging of data access and processing
-
Automated cleanup and time-based deletion logic
-
Hosting only with providers that meet EU/Swiss data protection standards
12. Children’s Data
Captivate.ly is not intended for individuals under the age of 16. We do not knowingly collect personal data from minors.
13. Changes to This Policy
We may update this document to reflect changes in the app, legal requirements, or processing practices. The latest version will always be accessible within the app or on our website.
14. Version History
- v1.0 – October 27th, 2025 – Initial release
15. Contact
If you have questions or concerns about this policy or your personal data, contact:
ANIPSIA sagl
Via Emilio Bossi 35, 6830 Chiasso, Switzerland
Email: privacy@anipsia.com