Privacy Policy
Last updated: May 2026 — In accordance with the GDPR (EU Regulation 2016/679)
Data controller
The controller of personal data collected on Resonate AI is: Ibrahim Akdeniz, trading as Nova Labs, 12 Rue Sully, 69150 Décines-Charpieu, France — SIREN 104 671 045 — reachable at contact@resonateai.net.
Data we collect
We collect the following data:
| Data | Purpose | Retention period |
|---|---|---|
| Email address | Account creation, login | Duration of account |
| Password (hashed) | Secure authentication | Duration of account |
| Submitted content (transcripts, text, URLs) | Content generation | 90 days after deletion |
| Generated content (outputs) | Job history | 90 days after deletion |
| Billing data (Polar) | Subscription management | 5 years (legal obligation) |
| Anonymized usage data (PostHog) | Product improvement | 13 months |
Purposes of processing
- Providing the content repurposing service
- Managing your account and authentication
- Processing payments and managing subscriptions
- Customer support and service-related communications
- Product improvement through anonymized usage analytics
- Compliance with our legal obligations
Legal basis
Processing is based on:
- Contract performance: processing necessary to provide the service
- Your consent: for analytics cookies (PostHog)
- Legitimate interest: security, fraud prevention, service improvement
- Legal obligation: retention of billing data
Sub-processors and transfers
| Sub-processor | Location | Safeguard |
|---|---|---|
| Supabase (auth & database) | United States | Standard Contractual Clauses (SCC) |
| Vercel (hosting) | United States | Standard Contractual Clauses (SCC) |
| OpenRouter (AI) | United States | Standard Contractual Clauses (SCC) |
| Polar (payments) | United States | Standard Contractual Clauses (SCC) |
| AWS S3 (audio file storage) | EU (eu-west) | GDPR-compliant |
| PostHog (analytics) | EU | GDPR-compliant |
| Resend (transactional emails) | United States | Standard Contractual Clauses (SCC) |
No data is sold to third parties. Sub-processors only access data strictly necessary for their service.
Your rights (GDPR)
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data
- Right of rectification: correct inaccurate data
- Right to erasure: request deletion of your data ("right to be forgotten")
- Right to portability: receive your data in a structured format
- Right to object: object to certain processing operations
- Right to restriction: limit the processing of your data
To exercise your rights, contact us at contact@resonateai.net. We will respond within one month. If you have a complaint, you may lodge it with the CNIL (French data protection authority).
Security
We implement appropriate technical and organizational measures to protect your data: encryption in transit (HTTPS/TLS), encryption at rest, restricted access to production data, hashed passwords (bcrypt via Supabase Auth).
Changes to this policy
This policy may be updated. In case of material changes, you will be notified by email. The current version is always available on this page.