Privacy Policy

Pyxsoft Computing Ltd. ("we", "us", "our") operates MediaBuilder (www.mediabuilder.app). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform.

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a cryptographic hash, never in plain text). If you join as part of a team, we also store your role within the workspace.

Content Data

To provide our service, we process content you provide or authorize us to access, including:

• Documents you upload (PDFs, presentations, text files)
• Website content fetched from URLs you provide
• Brand voice profiles generated from your content
• Social media posts created, scheduled, or published through the platform

Usage Data

We collect information about how you interact with the platform, including pages visited, features used, and actions taken. This data is used solely to improve the service and is not shared with third parties.

Social Media Credentials

When you connect social media accounts, we store OAuth tokens (encrypted with AES-256) to publish content on your behalf. We never store your social media passwords.

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the MediaBuilder platform
• Generate brand voice profiles and content strategies based on your inputs
• Create and publish social media content on your behalf
• Manage your account, subscriptions, and team access
• Communicate with you about service updates or support requests
• Improve the platform based on aggregated, anonymised usage patterns

We do not sell your personal data. We do not use your content to train AI models. Your content is processed solely to deliver the service you requested.

3. Data Storage & Security

Your data is stored on servers located in the United Kingdom. We implement appropriate technical and organisational measures to protect your data, including:

• AES-256 encryption for sensitive credentials (OAuth tokens)
• Passwords hashed using industry-standard algorithms
• Strict tenant isolation ensuring each organisation's data is completely separated
• HTTPS encryption for all data in transit
• JWT authentication with HttpOnly cookies (immune to XSS attacks)

4. Third-Party Services

To deliver our service, we interact with the following categories of third-party providers:

• AI providers — We send content data to AI services to generate brand voice profiles, content strategies, posts, and images. Data is transmitted securely and not retained by these providers beyond processing.
• Social media platforms — When you connect accounts and schedule posts, we interact with their APIs (LinkedIn, Instagram, Twitter/X, etc.) using your authorised OAuth tokens.

We do not share your personal data with advertisers, data brokers, or any other third parties for their own purposes.

5. Cookies

MediaBuilder does not currently use cookies for tracking or analytics purposes. We use HttpOnly cookies solely for authentication (session management). These are strictly necessary cookies and do not require consent under UK GDPR.

If we introduce non-essential cookies in the future, we will update this policy and obtain your consent before using them.

6. Your Rights Under UK GDPR

As a data subject, you have the following rights:

• Right of access — Request a copy of all personal data we hold about you
• Right to rectification — Request correction of inaccurate personal data
• Right to erasure — Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing — Request we limit how we use your data
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to object — Object to processing based on legitimate interests
• Right to withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. When you delete your account:

• Account data is deleted within 30 days
• Content data (uploaded documents, generated posts, brand profiles) is deleted within 30 days
• OAuth tokens are immediately revoked and deleted
• Anonymised, aggregated usage data may be retained for analytical purposes

We may retain certain data longer where required by law or to resolve disputes.

8. Children's Privacy

MediaBuilder is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through a notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of MediaBuilder after changes take effect constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us: