Privacy Policy

Praisma Hub ("Praisma", "we", "us") provides an all-in-one social media management and marketing platform available at https://praismahub.com. We are headquartered in Roermond, Netherlands. This Privacy Policy describes how we process personal data when you visit our websites, create an account, connect social profiles, or use our services.

For data about your own team/account (billing, login, product usage), Praisma is a data controller. For data you manage on behalf of your business (e.g., social posts, messages, comments, analytics from connected social accounts), you are the data controller and Praisma acts as your data processor.

For business workspaces, our Data Processing Agreement forms part of your subscription terms and meets Article 28 GDPR requirements (controller–processor obligations, confidentiality, security, sub‑processing, international transfers, assistance, and deletion/return of data).

• View/accept the DPA in your admin area or at /legal/dpa.
• Our current Sub‑processors list is maintained with purposes, locations, and change history. We will notify you of material changes as required by the DPA.

We prioritize EU hosting. All customer data is hosted in EU (Netherlands/Germany) data centers via Hetzner Cloud, with encrypted storage and network security controls. Some ancillary services (e.g., email delivery, payments, product analytics) may process limited data in- or outside the EEA as detailed in our Sub‑processors page.

Where data is transferred outside the EEA, we implement appropriate safeguards such as the European Commission’sStandard Contractual Clauses (SCCs) and conduct transfer risk assessments, and we apply supplementary measures when appropriate.

• Account & Workspace: name, company, email, password (hashed), role, team membership, tenant ID.
• Subscription & Billing: billing contact, address, VAT number, plan details, payment status (we do not store full card numbers; payments are processed by a PCI-compliant provider).
• Product Usage: actions in-app (e.g., scheduling posts, asset uploads, comments, labels), device & log data (IP address, browser/OS, timestamps), crash and performance diagnostics.
• Content You Provide: drafts, scheduled posts, media files, notes, tags, CMS entries, and related metadata.
• Connected Social Accounts: access tokens, account/page/profile IDs, handles, and data retrieved via official APIs (see “Social Platform Integrations”).
• Support: messages you send us, plus diagnostic logs you choose to share.
• Cookies: essential cookies for authentication and security; optional analytics/performance/marketing cookies with consent where required (see “Cookies & Consent”).

When you connect a Facebook Page/Instagram Business account (via Meta) or a LinkedIn profile/organization, we use official APIs with OAuth. We request the minimum permissions needed to provide features like publishing, inbox management, analytics, and scheduling. Exact permissions are shown during OAuth and may differ by feature and account type.

We do not sell personal data, and we do not use your connected-account content to train third-party models. Access tokens are stored securely and encrypted. Disconnecting a social account revokes our access and triggers deletion of related tokens and queued data (see “Retention & Deletion”).

• Provide, maintain, and improve Praisma Hub features (planner, inbox, media library, CMS, analytics).
• Personalize dashboards and onboarding; recommend workflows and templates.
• Process subscriptions, invoices, renewals, and service communications.
• Monitor reliability, prevent abuse, and secure accounts and workspaces.
• Send product updates and educational content (you can opt out of non-essential email).
• Comply with legal obligations and enforce agreements.

We process personal data under performance of a contract (to deliver the service you requested), legitimate interests (e.g., service improvement, security, fraud prevention), legal obligations(tax, accounting, regulatory), and consent (e.g., optional marketing or analytics cookies where required).

• Account data: kept for the life of your account and then deleted or anonymized within 30 days, except where longer retention is required by law.
• Connected-account content & analytics: retained while the connection is active and for up to 30 days after disconnection to complete processing and backups. Media cache and thumbnails may persist for up to 30 days.
• Access tokens: deleted immediately when you disconnect a social account or upon token revocation/expiry.
• Operational logs: typically retained up to 12 months for security and troubleshooting.
• Backups: encrypted, rolling backups are kept for up to 90 days, after which they are overwritten.

You can request deletion at any time. See “How to Exercise Your Rights” and the platform-specific data deletion instructions below.

If you wish to delete your Facebook or Instagram data processed by Praisma Hub:

1. Log in to "Praisma Hub" and go to Settings → Connected Accounts.
2. Select the Facebook Page or Instagram Business account and click Disconnect.
3. Confirm Delete data to remove tokens and associated cached content/insights.

Alternatively, email support@praismahub.com with subject “Meta Data Deletion Request” and the connected Page/IG IDs. We will verify your identity and complete deletion, typically within 30 days (sooner for tokens).

If you wish to delete your LinkedIn data processed by Praisma Hub:

1. Log in to Praisma Hub and go to Settings → Connected Accounts.
2. Select the LinkedIn profile or organization and click Disconnect.
3. Confirm Delete data to remove tokens and associated cached content/insights.

Or email support@praismahub.com with subject “LinkedIn Data Deletion Request” and the relevant IDs. We will verify and complete deletion, typically within 30 days (sooner for tokens).

We use essential cookies for authentication and security. With your consent (where required), we also use analytics and marketing cookies to understand product usage and improve our services. You can manage preferences via our consent banner and in Settings → Privacy.

• See our Cookie Policy for detailed categories, purposes, and lifetimes.
• You can withdraw consent at any time from the banner or browser settings; essential cookies cannot be disabled.

• Role-based access controls and secure authentication (including optional MFA).
• Encryption in transit and at rest for sensitive data.
• Network segmentation, monitoring, logging, and anomaly detection.
• Least-privilege access for personnel; confidentiality obligations.
• Regular vulnerability assessments and employee security training.
• Secure SDLC practices, code reviews, and dependency management.
• Incident response and breach notification procedures in line with GDPR.

We prioritize EU-based data centers. When transfers outside the EEA occur (for example, to sub‑processors or when required by the social platform you connect), we use European Commission Standard Contractual Clauses and other legally recognized safeguards, and apply additional technical and organizational measures as appropriate.

We use vetted service providers to host infrastructure, deliver emails, process payments, store backups, and analyze performance. These providers act as data processors under contracts that include data protection obligations. We do not sell personal data.

A current list of sub‑processors with services, locations, and purposes is available at /legal/subprocessors. You will be notified of material changes according to our DPA.

• Access the personal data we hold about you.
• Rectify incomplete or inaccurate information.
• Erase data ("right to be forgotten") subject to legal obligations.
• Restrict processing in circumstances defined by GDPR.
• Port data in a structured, commonly used, machine-readable format.
• Object to processing based on legitimate interests or direct marketing.
• Withdraw consent where processing relies on consent.

Email support@praismahub.com or use /support with your request. We may ask for information to verify your identity. We aim to respond within one month as required by GDPR.

You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is theAutoriteit Persoonsgegevens (Dutch Data Protection Authority).

Praisma Hub is not directed at individuals under 16. We do not knowingly collect their data. If you believe a minor has provided personal data, please contact us so we can remove it.

For AI-specific processing (model prompts, completions, caching, training exclusions), please see our separateAI Data Policy. That policy explains how AI features in Praisma Hub handle your data, including retention and opt-out controls.

We may modify this Privacy Policy from time to time. Material changes will be communicated via email or in-app notifications. Continued use of the platform after updates signifies acceptance.

Questions about privacy? Contact us at support@praismahub.com.

You can also reach our privacy team at privacy@praismahub.com.

Postal address: Praisma Hub, Roermond, Netherlands.