GDPR Compliance

Tareno acts as both a Data Controller and a Data Processor depending on the context of the data being processed.

• Controller: For account information, billing details, and direct communications with you.
• Processor: For social media content, analytics data, and media files you upload to our platform for scheduling.

To provide our Social Media Management services, we collect:

• Account Data: Name, email address, password (hashed), and billing information.
• Social Data: OAuth tokens for connected platforms (Instagram, TikTok, YouTube, etc.), profile names, and avatars. We do not store your social media passwords.
• Content Data: Images, videos, and captions you upload for scheduling.
• Usage Data: Logs of how you interact with our dashboard to improve system performance and security.

Under GDPR, you have the following rights regarding your personal data:

Your data is stored securely on servers located within the European Union (EU) or in countries with adequacy decisions. We utilize industry-standard encryption (AES-256) for data at rest and TLS 1.3 for data in transit.

Our database providers (Supabase/PostgreSQL) are fully GDPR compliant. We perform regular security audits to ensure the integrity of our systems.

We use trusted third-party services to operate our platform. These subprocessors are bound by Data Processing Agreements (DPAs) to uphold GDPR standards.

• Vercel: Hosting and Edge Network.
• Supabase: Database and Authentication.
• Stripe: Payment processing (if applicable).
• Google/Meta/TikTok/etc: API interactions (only when you explicitly connect an account).