Privacy Policy

1. Information We Collect

2. How We Use Your Data

• Publish and schedule content to your connected social media accounts on your behalf
• Display analytics and engagement metrics for your posts
• Generate AI-powered content suggestions using your brand voice, writing style, and past content
• Manage team collaboration within your organization and workspaces
• Send transactional emails (account verification, billing receipts, post status notifications)
• Improve Griot's features and fix bugs based on anonymized usage patterns

3. AI Features and Your Data

Griot uses AI models (currently Anthropic's Claude) to help generate content drafts, analyze your writing style, and provide suggestions. When you use AI features, relevant context — such as your recent posts, brand memories, and style guides — is sent to the AI provider to generate responses.

Your data is not used to train AI models. Anthropic does not use API inputs or outputs for model training. AI-generated content is presented as suggestions for your review — you always have final control over what gets published.

4. How We Store and Protect Your Data

Your data is stored in Supabase (managed PostgreSQL) with row-level security policies that isolate data between organizations. OAuth tokens and sensitive credentials are stored encrypted. All data is transmitted over HTTPS.

We use WorkOS for authentication, which provides enterprise-grade security including SSO support and organization-level access controls. Team members within your organization can only access data for workspaces they have been granted permission to.

5. Third-Party Services

• WorkOS — Authentication and identity management
• Supabase — Database hosting and storage
• Stripe — Payment processing (we never see or store your full card number)
• Anthropic (Claude) — AI content generation (data is not used for model training)
• PostHog — Anonymized product analytics
• Vercel — Application hosting
• Social media platforms — Publishing and analytics via their official APIs, authorized by you through OAuth

We do not sell your personal data to third parties. Data shared with the services above is limited to what is necessary to provide Griot's features.

6. Data Retention

We retain your account data and content for as long as your account is active. OAuth tokens are stored for the duration of your connection to each social platform and are deleted when you disconnect an account.

If you delete your account, we will remove your personal data and content within 30 days. Anonymized, aggregated analytics data may be retained indefinitely as it cannot be linked back to you.

7. Your Rights

• Access the personal data we hold about you
• Export your content and data
• Correct inaccurate information
• Delete your account and associated data
• Disconnect any social media account at any time, which immediately revokes Griot's access
• Opt out of non-essential analytics tracking

To exercise any of these rights, contact us at [email protected].

8. Cookies

Griot uses essential cookies for authentication and session management. We use PostHog for anonymized analytics, which may set cookies to distinguish unique visitors. We do not use advertising cookies or trackers.

9. Children's Privacy

Griot is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a notice in the Griot application. Your continued use of Griot after changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or how we handle your data, contact us at [email protected].