Privacy Policy

Last updated: April 17, 2026

Data controller

The data controller is CODEGON SRL, a company incorporated in Romania.

• CUI: 49415663
• Reg. Com.: J9/41/16.01.2024
• Registered office: Str. Industriei, Nr. 7, Bl. D6, Sc. 1, Et. 2, Ap. 8, Ianca, Jud. Brăila, Romania
• Contact: vali@codegon.com

What we collect from the website

When you fill out our early access form, we collect:

• What your business does (free text)
• Your biggest pain with social media content (free text)
• Your approximate monthly content spend (selected range)
• Your email address (only if you choose to provide it)

Data obtained via Meta Platforms (Facebook and Instagram)

When you connect a Facebook Page or Instagram Business/Creator account to Atonomuse, we request access via Facebook Login and the Meta Graph API. We only request permissions strictly necessary to operate the product. Depending on what you enable, we may obtain and store the following on your behalf:

• Pages and Instagram accounts you administer — identifiers, names, profile pictures, category (from pages_show_list, instagram_basic)
• Page and Instagram content we publish for you — posts, carousels, reels, captions, publish timestamps (via pages_manage_posts, instagram_content_publish)
• Engagement data for published content — likes, reach, impressions, saves, follows (via pages_read_engagement, instagram_manage_insights)
• Comments and basic commenter information on your posts — for moderation, reply generation, and alerting (via instagram_manage_comments)
• Access tokens — stored encrypted at rest and used only to perform the above operations on your behalf

We use this data solely to generate, publish, analyze, and moderate content for your account. We do not sell it, rent it, share it with third parties for advertising, or use it for any purpose outside the product features you have enabled. We do not use Meta data to build profiles of end users or for retargeting.

How we use data collected

• Website survey responses help us prioritize features and positioning
• Email addresses are used to notify you about launch, billing, and critical service events
• Meta-derived data is used strictly to operate the publishing, analytics, and moderation features of Atonomuse
• We do not sell, rent, or share personal data with third parties

Lawful basis: legitimate interest in operating the service, performance of the contract you agree to when you sign up, and — where you provide an email address or connect a social account — your consent.

Cookies

This site stores a single preference in your browser's local storage: your light/dark theme choice. We do not use tracking cookies. We do not use analytics cookies at this time.

Third-party services (sub-processors)

We rely on the following third parties to operate the website and the product. Each is bound by a data-processing agreement and the linked privacy policies:

• Supabase — survey responses are stored in a Supabase PostgreSQL database hosted in the EU (AWS eu-west-1, Ireland). Privacy.
• Meta Platforms (Facebook, Instagram) — when you connect an account, data flows through Meta's Graph API. Privacy.
• Anthropic — Claude models are used to generate and review content. Privacy.
• Google Cloud (Vertex AI) — Imagen, Veo, Lyria, and Cloud TTS are used to generate images, video, music, and voiceover. DPA.
• ElevenLabs — optional audio generation (TTS, music, sound effects). Privacy.
• Stripe — payments and invoicing. We do not store card details; Stripe handles them directly. Privacy.
• Railway — application hosting and managed PostgreSQL. Privacy.
• Google Fonts — web fonts. Privacy.

Data retention

Retention periods by category:

• Waitlist entries and survey responses — until we no longer need them for launch communication, then deleted within 90 days of your request.
• Account data and connected-platform data — for as long as your account is active. After cancellation, deleted within 30 days unless required to retain for legal reasons.
• Published content and engagement metrics — retained while your account is active for reporting; deleted together with the account.
• Billing records (invoices, VAT data) — retained for 10 years as required by Romanian tax law, redacted of personal identifiers where possible.

Your rights and how to exercise them

Under the GDPR you have the right to access, correct, delete, restrict, or port any personal data we hold about you, and to object to its processing. To delete data associated with your account or a connected Facebook/Instagram account, follow the data deletion instructions. For any other request, email vali@codegon.com. You also have the right to lodge a complaint with a supervisory authority — in Romania, the ANSPDCP (dataprotection.ro).

Contact

For any privacy-related questions or to exercise your rights, reach us at vali@codegon.com.