Privacy Policy

Lyne is a social media scheduling and publishing service operated by Complete Magazine, São Paulo, Brasil (“Lyne”, “we”, “us”). For the purposes of the EU/UK General Data Protection Regulation (GDPR), Complete Magazine is the data controller for the personal data described here. This policy explains what we collect, why, the legal bases we rely on, who we share it with, where it goes, how long we keep it, and the rights you have.

For any privacy question or request, contact us at cnucci@completemagazine.com.br.

• Account information. The email address and password you use to create your Lyne account. Passwords are hashed and never stored in plain text.
• Social account tokens. When you connect a social network (such as Instagram), you authorize Lyne through that platform’s official OAuth flow. We receive a limited access token and basic profile identifiers (platform user ID and username). We never see or store your social network password.
• Post content. The captions, images and scheduling information you create in Lyne, so we can publish them on your behalf at the time you choose.
• Assistant messages. If you chat with the in-product concierge, we store your messages and the replies to operate and improve the feature.
• Usage records. Basic records of features you use (for example, how many captions you generated in a billing period) to enforce plan limits.
• Payment data. If you subscribe to a paid plan, payment is processed by Stripe. We receive your plan and subscription status; we never receive or store your full card number.
• Technical data. Standard server logs (such as IP address and request metadata) needed for security and to operate the service.

Where the GDPR applies, we rely on the following legal bases:

• Performance of a contract · to create your account, publish your content and provide the features you request.
• Legitimate interests · to keep the service secure, prevent abuse, and improve the product, balanced against your rights.
• Consent · where we ask for it (you can withdraw it at any time).
• Legal obligation · where we must keep records to comply with the law.

• To authenticate you and operate your account.
• To publish the posts you compose and schedule, on the networks you connected.
• To write caption suggestions from the topics and drafts you provide.
• To operate the in-product concierge and improve the service.
• To enforce plan limits, process subscriptions and communicate about the service.

We do not sell or “share” your personal data (as those terms are defined under the California CCPA/CPRA), and we do not use your data for cross-context behavioral advertising.

We share data only with the providers strictly necessary to run Lyne, each acting under a data-processing agreement and only on our instructions:

• Supabase · managed database, authentication and storage.
• Vercel · application hosting and delivery.
• Groq · fast inference for caption generation; receives the topic/draft you submit.
• Complete (Olivia gateway / Hermes) · our own inference infrastructure, used for the concierge and as a fallback for captions.
• Stripe · payment processing for paid plans.
• Meta, LinkedIn, X · the networks you choose to connect and publish to.

Lyne operates from Brazil and uses providers located in Brazil, the United States and the European Union. When personal data is transferred outside your country (for example, to providers in the US), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, and on the providers’ own certifications, to protect your data.

Lyne uses only strictly necessary cookies, to keep you signed in and to keep your session secure. We do not use advertising, analytics or cross-site tracking cookies, so no consent banner is required for non-essential cookies. You can clear cookies in your browser at any time, but the service will not work while signed out.

We keep account data while your account is active. Social tokens are kept only while the account stays connected. Post content is kept until you delete it or close your account. Assistant messages are kept for up to 24 months to operate and improve the feature, then deleted or anonymized. When you delete your account, we remove your personal data within 30 days, except where we must retain limited records to comply with the law.

Depending on where you live, you may have the right to access, correct, delete, export (portability), restrict or object to the processing of your personal data, and to withdraw consent. Under the California CCPA/CPRA you may also request the categories and specific pieces of data we hold, request deletion or correction, and opt out of sale or sharing, and we will not discriminate against you for exercising any right. We do not sell or share your data, so there is nothing to opt out of, but you may still make the request.

To exercise any right, email cnucci@completemagazine.com.br from your registered address. We respond within the time required by law. If you are in the EU/UK and believe we have not handled your data properly, you may also lodge a complaint with your local data protection authority. If you are in Brazil, the LGPD gives you equivalent rights, and you may contact the ANPD.

When you connect an Instagram or other Meta account, Lyne receives and processes Meta Platform Data (such as your page or professional account ID, username and an access token) solely to provide the publishing features you request, in accordance with the Meta Platform Terms and Developer Policies. We do not sell Meta Platform Data, do not use it for advertising, and do not share it with third parties except as required to provide the service or by law. Tokens are kept only for as long as the account remains connected.

Your data is stored in Supabase, encrypted in transit (TLS) and at rest. Access tokens for your social accounts are stored server-side and protected by row-level security, so they are only ever readable in the context of your own account. Access to production systems is restricted to authorized personnel. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to any incident.

You can delete your data at any time:

• Disconnect a social account. Go to /dashboard/accounts and disconnect the account. This revokes and permanently deletes the stored access tokens for that network.
• Delete your entire account. Email cnucci@completemagazine.com.br from your registered address requesting deletion. We will delete your account, social tokens, posts and usage records within 30 days and confirm by email.

You can also revoke Lyne’s access directly from the social network’s own settings at any time.

Lyne is not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

If we change this policy in a material way, we will notify you by email or inside the product before the change takes effect.