Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: November 4, 2025

Introduction

Nawaaa ("we," "us," or "our") operates a SaaS platform for AI-powered personal brand growth and social media management. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

This policy complies with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and other applicable international data protection laws. By using Nawaaa, you consent to the data practices described in this policy.

1. Company Information

Service Provider: Nawaaa

Contact Email: hello@nawaaa.ai

Contact Address: Available upon request

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Name, email address, password (encrypted), profile details
  • Billing Information: Payment card details (processed securely through Stripe), billing address
  • Profile Data: Professional niche, target audience, brand voice preferences, content preferences
  • User-Generated Content: Posts, drafts, comments, messages created through our platform
  • Social Media Integration Data: OAuth tokens, profile information, and posting permissions from connected platforms (LinkedIn, X, Instagram, Facebook, Threads)

2.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent, interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Analytics Data: Engagement metrics, post performance, audience growth statistics
  • Cookies and Tracking Technologies: Session cookies, preference cookies, analytics cookies

2.3 Information from Third Parties

  • Social Media Platforms: Profile data, follower counts, engagement metrics from connected accounts
  • Payment Processors: Transaction confirmations, payment status from Stripe
  • OAuth Providers: Google, LinkedIn authentication data
3. How We Use Your Information

3.1 Service Delivery

  • • Create and manage your account
  • • Generate AI-powered content tailored to your brand
  • • Schedule and publish posts to connected social media platforms
  • • Provide analytics and performance insights
  • • Process payments and manage subscriptions
  • • Deliver customer support and respond to inquiries

3.2 AI Processing and Content Generation

  • Content Creation: We use trusted AI providers to generate personalized content based on your profile, niche, and preferences
  • Sentiment Analysis: AI analyzes engagement data to provide insights and recommendations
  • AI-Assisted Replies: Generate contextual responses to social media interactions
  • Community Intelligence: Automated segmentation and prioritization of audience interactions
  • Training Data: Your content may be used to improve AI personalization within your account only. We do NOT share your data with third parties for AI model training

3.3 Platform Improvement

  • • Analyze usage patterns to improve features and user experience
  • • Conduct research and development for new features
  • • Monitor and prevent fraud, abuse, and security threats
  • • Comply with legal obligations and enforce our Terms of Service

3.4 Marketing and Communications (With Your Consent)

  • • Send product updates, newsletters, and promotional materials
  • • Provide personalized recommendations and tips
  • • You can opt-out of marketing communications at any time
4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our services (account management, content generation, posting)
  • Legitimate Interests: Analytics, fraud prevention, platform improvement (balanced against your rights)
  • Legal Obligation: Tax compliance, responding to legal requests
  • Consent: Marketing communications, non-essential cookies, optional features
5. Data Sharing and Third-Party Services

We share your information with the following categories of third parties under strict data processing agreements:

5.1 Service Providers

  • AI Services: Trusted third-party AI providers for content generation and sentiment analysis under strict data processing agreements
  • Stripe: Payment processing and subscription management
  • Cloud Database: Secure database hosting and storage services
  • Resend: Transactional email delivery (password resets, notifications)

5.2 Social Media Platforms

  • LinkedIn, X, Instagram, Facebook, Threads: OAuth authentication, content publishing, analytics retrieval
  • • Each platform's privacy policy applies to data they collect

5.3 Analytics and Monitoring

  • Plausible Analytics: Privacy-friendly, anonymized usage analytics (GDPR-compliant, no cookies)

5.4 Legal and Safety

We may disclose your information if required by law, court order, or to protect our rights, safety, or property, or that of others.

We do NOT sell your personal information to third parties.

6. Data Retention

We retain your personal information for specific periods based on data type and legal requirements:

  • Account Data: Retained while your account is active, plus 90 days after deletion request
  • Payment Records: 7 years (tax and accounting requirements)
  • Content and Drafts: Retained while account is active; deleted within 30 days of account closure
  • Analytics Data: Aggregated and anonymized after 24 months
  • OAuth Tokens: Deleted immediately upon disconnection of social media account
  • Support Communications: 3 years from last interaction
  • Marketing Consents: Until withdrawn, then 30 days

After retention periods expire, data is securely deleted or anonymized.

7. Your Privacy Rights

7.1 Rights for All Users

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Receive your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications

7.2 Additional GDPR Rights (EEA/UK Users)

  • Object to Processing: Object to processing based on legitimate interests
  • Restrict Processing: Limit how we use your data
  • Withdraw Consent: Withdraw consent for consent-based processing at any time
  • Lodge a Complaint: File a complaint with your local data protection authority

7.3 Additional CCPA/CPRA Rights (California Users)

  • Know: Know what personal information is collected, used, shared, or sold
  • Delete: Request deletion of personal information
  • Opt-Out of Sale/Sharing: We do not sell your personal information
  • Correct: Correct inaccurate personal information
  • Limit Use of Sensitive Data: Limit use of sensitive personal information
  • Non-Discrimination: Not be discriminated against for exercising your rights

7.4 Automated Decision-Making and Profiling

We use AI for the following automated processes:

  • Content Generation: AI-generated posts based on your preferences
  • Sentiment Analysis: Automated categorization of engagement interactions
  • Community Segmentation: Automated audience classification (Super Fans, Prospects, etc.)

You have the right to: Request human review of automated decisions, opt-out of profiling, and receive explanations of AI-driven outcomes.

7.5 How to Exercise Your Rights

To exercise any of these rights, contact us at hello@nawaaa.ai. We will respond within:

  • GDPR: 30 days (may extend to 60 days for complex requests)
  • CCPA: 45 days (may extend to 90 days with notification)
8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: Enterprise-grade encryption for data in transit and at rest
  • Access Controls: Role-based access and multi-factor authentication for team accounts
  • Regular Audits: Security assessments and penetration testing
  • Secure Infrastructure: Hosted on trusted cloud providers with enterprise security standards
  • Password Security: Industry-standard password hashing and protection
  • OAuth Token Protection: Tokens encrypted and stored securely

Data Breach Notification: In the event of a breach affecting your personal data, we will notify you and relevant authorities within 72 hours (GDPR) or as required by applicable law.

9. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Session management, authentication (required for service functionality)
  • Analytics Cookies: Plausible Analytics (privacy-friendly, no personal data, GDPR-compliant)
  • Preference Cookies: Language settings, theme preferences

Managing Cookies: You can control cookies through your browser settings. Disabling essential cookies may impact functionality.

10. Children's Privacy

Nawaaa is not intended for users under 16 years of age (or 13 in jurisdictions where applicable). We do not knowingly collect personal information from children. If we discover we have collected data from a child without parental consent, we will delete it immediately. Parents or guardians who believe their child has provided us with personal information should contact us at hello@nawaaa.ai.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved transfer mechanisms
  • Data Privacy Framework: Adherence to EU-U.S. and Swiss-U.S. frameworks where applicable
  • Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate protection
12. AI and Machine Learning Disclosures

12.1 AI Capabilities

  • Content Generation: AI-powered creation of posts, captions, and replies
  • Sentiment Analysis: AI analysis of engagement data and audience insights
  • Image Generation: AI-powered visual content creation (premium feature)

12.2 How AI Uses Your Data

  • Personalization: Your profile data (niche, audience, tone) is used to generate contextually relevant content
  • Training Isolation: Your data is NOT used to train third-party AI models. We work with providers under strict enterprise agreements that prohibit model training on customer data
  • Temporary Processing: Content is processed by AI services and not retained beyond session requirements
  • Quality Improvement: Aggregate, anonymized metrics may be used to improve our AI implementation

12.3 Bias Mitigation and Fairness

We monitor AI outputs for bias and inaccuracies. Users can report problematic AI-generated content to help us improve fairness and accuracy.

12.4 Your AI Rights

  • Transparency: Request information about how AI processes your data
  • Human Review: Request manual review of AI-generated content or decisions
  • Opt-Out: Disable AI features and use manual content creation
  • Explanation: Receive explanations of AI-driven recommendations
13. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, but we use privacy-friendly analytics (Plausible) that do not track individuals across websites.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • • We will update the "Last Updated" date at the top of this policy
  • • We will notify you via email or in-app notification
  • • For significant changes, we may request your renewed consent

Your continued use of Nawaaa after changes become effective constitutes acceptance of the updated policy.

16. Limitation of Liability

While we implement robust security measures, no system is 100% secure. By using Nawaaa:

  • • You acknowledge that data transmission over the internet carries inherent risks
  • • We are not liable for unauthorized access resulting from circumstances beyond our reasonable control
  • • Our liability for data breaches is limited to the extent permitted by applicable law
  • • You are responsible for maintaining the security of your account credentials

DISCLAIMER: TO THE MAXIMUM EXTENT PERMITTED BY LAW, NAWAAA AND ITS AFFILIATES DISCLAIM ALL LIABILITY FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES ARISING FROM YOUR USE OF THE SERVICE OR ANY DATA BREACH.

17. Contact Us

For privacy-related questions, concerns, or to exercise your rights, please contact us:

Email: hello@nawaaa.ai

Subject Line: "Privacy Request" or "Data Subject Access Request"

Response Time: Within 30 days (GDPR) or 45 days (CCPA)

18. Supervisory Authority (EEA/UK Users)

If you are located in the EEA or UK and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority. A list of authorities can be found at: https://edpb.europa.eu

19. Consent and Acknowledgment

By using Nawaaa, you acknowledge that you have read, understood, and agree to this Privacy Policy. You consent to our collection, use, and disclosure of your information as described herein.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.