Privacy Policy

Introduction

Siryus Creative Media Ltd (“Siryus”, “we”, “us”) operates PAVO (“Service”). This Privacy Policy explains what personal data we collect, how we use it, and your rights under the UK GDPR and EU GDPR when you use pavo.so and the PAVO application.

Data controller: Siryus Creative Media Ltd. Contact for privacy requests: pavo.platform@gmail.com.

What data we collect

Account data: name, email address, authentication identifiers from Supabase Auth, and subscription tier.

Waitlist and marketing signups: email, name, optional company, how you describe yourself (audience), and signup source (for example marketing site or waitlist page) when you join the pre-launch list.

Usage and product data: publish actions, drafts, schedules, workspace membership, and in-app settings such as tone profiles and brand kits.

Connected platform data: OAuth tokens and metadata required to publish on your behalf (stored encrypted at rest). We do not sell your tokens.

Technical data: IP address, browser type, device identifiers, and logs for security and reliability (via Cloudflare and our hosting stack).

Support and contact data: messages you send to support or contact forms.

How we use data

To provide the Service: authenticate you, run AI repurposing, store drafts, schedule posts, and show analytics derived from platform APIs.

To improve reliability: monitor errors, rate limits, and connection health for connected social accounts.

To communicate: transactional email (verification, billing notices, security alerts) and responses to support requests.

To notify waitlist subscribers: launch updates and promotional codes you have opted into, such as early pricing for annual plans.

To comply with law: respond to lawful requests and enforce our Terms of Service.

We process data on the basis of contract (providing the Service), legitimate interests (security and product improvement where not overridden by your rights), and consent where required (e.g. certain cookies).

Third-party services

Supabase: authentication and database hosting. Data is stored according to Supabase configuration and region settings.

Anthropic: AI processing for repurposing. Prompts and content necessary for a request are transmitted to Anthropic in line with our agreements and your instructions.

Cloudflare: DNS, security, and edge services; may process IP addresses and request metadata.

Social platform APIs (Meta, TikTok, LinkedIn, X, YouTube, etc.): when you connect an account, data is exchanged strictly to perform publishing, analytics pulls, and OAuth token lifecycle management you initiate.

Payment processors: if you subscribe to a paid plan, payment data is handled by our processor; we do not store full card numbers on PAVO servers.

Cookies and tracking

We use strictly necessary cookies and similar technologies to keep you signed in and secure sessions.

Analytics or marketing cookies, if used, will be disclosed in the cookie banner or settings and require consent where required by law.

You can control cookies through your browser settings; disabling some cookies may limit functionality.

Data retention

Account data is retained while your account is active.

Analytics metrics derived from published posts are retained for twelve (12) months, after which they may be aggregated or deleted in line with product documentation.

Backups may persist for a short additional period before overwrite.

Legal holds or investigations may extend retention where required.

International transfers

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, as applicable.

Your rights (GDPR)

You may request access to the personal data we hold about you.

You may request rectification of inaccurate data and, in certain cases, erasure (“right to be forgotten”).

You may request restriction of processing or object to processing based on legitimate interests, where applicable.

You may request data portability for data you provided processed by automated means under contract.

You may withdraw consent where processing is consent-based, without affecting prior lawful processing.

You may lodge a complaint with your local supervisory authority.

How to exercise your rights

Email pavo.platform@gmail.com with the subject line “Data request” and describe the right you wish to exercise. We may need to verify your identity before fulfilling requests.

We aim to respond within one month, or inform you of any extension as permitted by law.

Data Protection Officer

For privacy enquiries and regulatory correspondence, contact our Data Protection Officer at pavo.platform@gmail.com. Mark messages for the attention of “DPO, PAVO”.

Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

Changes

We may update this Privacy Policy from time to time. The “Last updated” date will change and, where appropriate, we will notify you by email or in-app notice.