Privacy Policy

A) General Data Protection Information

1. Who is responsible for data processing and who can you contact?

Responsible for data processing is:

2. Use of Website and Software

You can browse our website without registering. If you register for a free trial account or as part of a paid account, the information below applies. For the use of our website and blog, please refer to the Special Privacy Notice under Section C.

3. Your Rights as a Data Subject

In accordance with Art. 15 GDPR, you have the right to request information free of charge about the personal data stored about you and the purpose of the data processing. In accordance with Art. 16, 17 and 18 GDPR, you also have the right to correct incorrect data and to block and delete your personal data. Under the conditions set out in Art. 20 GDPR, you are also entitled to receive your personal data stored by us in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance. In addition, in accordance with Art. 21 para. 1 GDPR, you are entitled to object to the processing of personal data concerning you for reasons arising from your particular situation. You also have the right to lodge a complaint with a data protection supervisory authority.

In addition, pursuant to Tunisian Organic Law n° 2004-5 on the protection of personal data, you have the right to access, rectify, and delete your personal data. You may exercise these rights by contacting us at the address listed above. You also have the right to file a complaint with the National Authority for the Protection of Personal Data (INPDP).

B) Special Data Protection Information for the Social Flows Software

1. Which data is processed and from which sources does it originate?

We process personal data in our software (Art. 4 No. 1 GDPR) which we receive as part of our activities as a provider of cloud software for social commerce management. The personal data processed includes name, address, email addresses, phone numbers, and communication content. We only process personal data that we have received from customers or their employees on the basis of a registration. In our software, we also process the data of people who interact with our customers' social media profiles and online stores — such as profile information, order details, and exchanged communication content — which we process on behalf of our customers on the basis of a data processing agreement.

2. For what purpose is the data processed and on what legal basis?

Insofar as we act as the controller in the context of data processing, we process data in order to provide our services as a cloud software provider. The data processing is legitimized in accordance with Art. 6 para. 1 lit. b) GDPR.

3. SSL Encryption

Our software uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar. If SSL encryption is activated, the data you send to us cannot be read by third parties.

4. Server Logfiles

We collect and store information about the use of our software in so-called server log files, which your browser automatically transmits to us, on the basis of Art. 6 para. 1 lit. f GDPR. These are:

• IP Address
• Browser type / version
• Operating system
• Referrer URL
• Date and time of the server request
• Amount of data transferred

This data is collected exclusively for statistical purposes and is not merged with other data sources.

5. Use of Cookies

Our software uses so-called “cookies” on the basis of Art. 6 para. 1 lit. b GDPR. A cookie stores the information that a user has logged in with their username and password. We set technically necessary cookies required for the operation of the software on the basis of our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. We only set other cookies, such as analytics cookies, with your express consent in accordance with Art. 6 para. 1 a) GDPR. You can manage your cookie preferences via the cookie banner displayed on your first visit. You can also allow or deactivate cookies via the settings in your browser. However, not all functions of our software may then be available.

6. Waitlist & Registration

When you join our waitlist, we store and process the contact information you provide. This includes:

• Your email address, or
• Your phone number

We use this data solely to notify you when the platform becomes available. We do not pass on personal data to third parties. Storage and processing is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. f GDPR (legitimate interest in pre-launch communication).

7. Social Media Integrations

Our software integrates with social media platforms (Facebook, Instagram, TikTok, and others) via their respective APIs. When customers connect their social media accounts, we access profile information, comments, messages, and post data as our customers' processor. This data is used solely within the context of providing our social commerce management services.

9. Information on the transfer of data to a third country

We do not transfer personal data processed by us as the controller within our software to a third country outside the EU/EEA unless permitted under the EU-US Data Privacy Framework or legitimized by standard contractual clauses.

10. Automated Decision-Making

We do not use automated decision-making processes in accordance with Art. 22 GDPR that would have legal consequences for the data subject or similar significant negative effects.

11. List of Sub-processors

In order to provide the functions of Social Flows, it may be necessary to disclose personal data to third parties. The following sub-processors are currently engaged:

• Supabase Inc. — Database hosting and edge function execution (EU region)

An updated list of sub-processors, including the purpose and place of processing, is available upon request.

C) Special Data Protection Information for the Social Flows Website

1. Which data is processed and from which sources does it originate?

We process personal data (Art. 4 No. 1 GDPR) that we collect on our website or receive from you directly. The personal data processed includes name, address, email addresses, and communication content.

2. For what purpose is the data processed and on what legal basis?

We process personal data in order to provide our services and to be able to receive and process your inquiries.

• a) Processing with your consent (Art. 6 para. 1 a) GDPR): We process personal data to draw your attention to our offers.
• b) Processing for fulfillment of legal obligations (Art. 6 para. 1 c) GDPR): Where required by law, such as for tax obligations.
• c) Processing to protect vital interests (Art. 6 para. 1 d) GDPR): In rare cases where processing is necessary to protect the vital interests of the data subject or another natural person.
• d) Processing due to overriding legitimate interests (Art. 6 para. 1 f) GDPR): Processing operations not covered by the aforementioned legal bases.

3. SSL Encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content.

4. Server Logfiles

We collect and store information about your visit to our website in server log files on the basis of Art. 6 para. 1 lit. f GDPR. These are:

• Abbreviated IP address
• Browser type / version
• Operating system used
• Referrer URL
• Date and time of the server request
• Amount of data transferred
• The requesting provider

5. Use of Cookies

Our website uses cookies. We set technically necessary cookies required for the operation of the website on the basis of our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. We only set other cookies, such as analytics cookies, with your express consent in accordance with Art. 6 para. 1 a) GDPR. When you first visit our website, a cookie banner will appear allowing you to accept or decline non-essential cookies. You can change your preferences at any time by clearing your browser cookies, which will cause the banner to reappear.

6. Duration of Storage

We process and store personal data only for the period necessary to achieve the purpose of processing or if this is provided for by laws or regulations. If the storage purpose no longer applies or if a legally prescribed storage period expires, the personal data is routinely blocked or deleted.

7. Analytics

This website may use analytics services to analyze usage and improve our offerings. When analytics tools are used, data such as page views, bounce rate, and session duration are collected. IP addresses are anonymized where possible. You can object to data collection at any time.

8. Contact Forms

We provide a contact form on our website to give you the opportunity to contact us electronically. If you use our contact form, we store and process the following data:

• Name
• Email address
• Phone number
• Company name
• Your message

We do not pass on personal data to third parties. Data is only used to respond to your request. Storage and processing is based on Art. 6 para. 1 lit. f GDPR.

11. Third-Country Data Transfer

For our website, we may use cloud services from providers based outside the EU/EEA. We only transfer personal data to such providers if the transfer is permitted under the EU-US Data Privacy Framework or legitimized by standard contractual clauses.

12. Automated Decision-Making

We do not use automated decision-making processes in accordance with Art. 22 GDPR.

13. Documentation of Consents

If you have given us your consent to contact you via our website in accordance with Art. 7 GDPR, you can revoke your consent at any time free of charge (e.g., by email or by using the unsubscribe function).