Effective date: October 3, 2025
Summary (plain English): We collect only what we need to help you generate, launch, and optimise marketing with AI agents. You stay in control: you own your accounts and data, you decide what gets published, and you can revoke access at any time. This policy explains what we collect, why, how we keep it safe, and your rights.
Controller: SteelWyre (the “Company”, “we”, “us”, “our”).
Legal entity & address: SteelWyre Corporation, 1619, 701 Tillery Street Unit 12, Austin, TX, Travis, US, 78702
Contact (privacy): contact@steelwyre.com
This Policy applies to www.steelwyre.com and any apps, dashboards, or services we operate (collectively, the “Services”), including our waitlist forms, strategy generator, and AI agents. It covers personal data we process as a controller, as well as account connections you authorise (e.g., Meta, TikTok, Google Ads). If we process data on behalf of a customer (e.g., content generated inside your account), we act as a processor and follow your instructions.
We collect information in these categories:
A. Account & waitlist data
Contact details (e.g., name, email)
Business profile (role, company, industry)
Goals and preferences you optionally provide
B. Usage & device data
Log data (IP address, device/browser type, pages viewed, timestamps)
Product telemetry (feature usage, interactions)
Cookies and similar technologies (see “Cookies”)
C. Content & strategy data
Inputs you provide to generate a strategy (text, URLs, briefs)
Uploaded brand assets and guidelines
Drafts, prompts, and outputs created by AI agents
D. Integrations & tokens (OAuth)
When you connect a platform (e.g., Meta, TikTok, Google Ads, GA4, Shopify, HubSpot, WordPress), we receive scoped tokens and metadata required to perform actions you approve (e.g., create campaigns, fetch metrics). Tokens are stored encrypted and can be revoked at any time via the provider or in our app.
E. Billing data (if applicable in early access)
We use Stripe. Billing contact, plan details, invoices, and payment method tokens handled by our payment processor (we do not store full card numbers).
F. Support & communications
Requests, feedback, and communications (email, in‑app, chat)
Surveys and research responses
G. Third‑party and public sources
Limited business info from partners, analytics, or publicly available sources to enrich profiles (e.g., industry, company size) where permitted by law.
We do not intentionally collect sensitive categories of personal data unless you choose to share them and they are strictly necessary for the Services.
We process data only when we have a valid purpose and legal basis. Examples:
| Purpose | Examples | Legal basis (GDPR/UK GDPR) |
|---|---|---|
| Provide and operate the Services | Account creation, waitlist, strategy generation, agent execution, integrations | Performance of a contract or steps prior to entering into a contract |
| Product improvement & analytics | Usage analytics, quality assurance, research | Legitimate interests (to improve and secure our Services) |
| Security & abuse prevention | Fraud detection, access controls, incident response | Legitimate interests; Legal obligation |
| Communications | Onboarding emails, feature updates, support | Legitimate interests; Consent where required |
| Marketing (limited) | Newsletters and promotions | Consent (opt‑in); Legitimate interests where permitted |
| Compliance | Tax, accounting, regulatory requests | Legal obligation |
Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, we balance those interests against your rights and expectations.
Human‑in‑the‑loop: AI agents propose drafts and changes. Nothing goes live without your explicit approval (unless you configure otherwise).
Model providers: We may use third‑party AI providers (e.g., model APIs) as processors to generate content and insights. We contractually restrict them from using your data for model training without your explicit consent.
Data minimization: We send only what is needed to produce the requested output.
Quality & safety: Outputs can be imperfect. You are responsible for reviewing drafts before publishing.
We share data only as necessary to provide the Services, comply with law, or protect rights. Recipients may include:
Service providers / processors (hosting, storage, analytics, email delivery, payment processing, error monitoring, customer support, and model providers). We require appropriate confidentiality, security, and data protection commitments.
Integration platforms you connect (e.g., Meta, TikTok, Google, Shopify, HubSpot, WordPress) to perform actions you authorise and to retrieve performance data.
Professional advisors (legal, accounting), and authorities if required by law.
Business transfers: In a merger, acquisition, financing, or sale of assets, data may transfer as part of the transaction subject to this Policy.
We do not sell personal data.
We may transfer data to countries outside your own (including outside the EEA/UK). Where we do so, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum, or adequacy decisions) and implement additional security measures when needed.
We keep data only for as long as necessary for the purposes above, including to meet legal, accounting, or reporting requirements. Typical retention guidelines:
Account & waitlist data: while you maintain an account or are on the waitlist, then deleted or anonymised within a reasonable period after inactivity.
Integration tokens: for as long as the integration is connected; removed immediately upon revocation.
Strategy drafts & outputs: while your workspace exists or until you delete them.
Analytics & logs: short, rolling windows unless needed for security or legal reasons.
We employ organizational and technical measures aligned with industry standards, including encryption in transit and at rest, least‑privilege access, audit logging, and regular vulnerability management. No system can be 100% secure; we maintain incident response procedures and will notify you and/or authorities of significant incidents as required by law.
Depending on your location, you may have rights over your personal data, including to:
Access, correct, or delete your data
Object to or restrict processing
Port data in a machine‑readable format
Withdraw consent at any time (where processing is based on consent)
Opt out of marketing communications
EEA/UK users: You also have the right to lodge a complaint with your local supervisory authority.
California residents (CPRA): You may have rights to know, delete, correct, and opt out of certain data sharing. We do not sell personal information. To exercise rights, see “Contact us.”
We will not discriminate against you for exercising your rights. We may need to verify your identity to process requests.
We use cookies and similar technologies to operate the site, remember preferences, analyse usage, and (where permitted) measure campaigns. Categories:
Strictly necessary: required for core functionality
Functional: remember choices
Analytics: understand usage and improve
Marketing: measure performance and reach
Where required, we present a cookie banner and allow you to manage preferences. You can also control cookies via your browser settings. Some features may not work without certain cookies.
Our Services are not directed to children under 16 (or as defined by local law), and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us to request deletion.
The Services may link to third‑party sites or services we do not control. Their privacy practices are governed by their own policies.
We may update this Policy to reflect changes to our practices or legal requirements. We will post the updated version with a new effective date and, where appropriate, notify you by email or in‑app.
Email: privacy@steelwyre.com
Postal: [Insert legal entity name and registered address]
Data subject requests: Submit a request via [insert web form or email]
Categories of personal data: identification data, contact data, business profile, usage data, content data (inputs/outputs), integration tokens/IDs, billing data (tokenised), support communications.
Categories of data subjects: website visitors, waitlist subscribers, customer users/team members, account admins.
Processing operations: collection, recording, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission (to processors/integrations on request), alignment, restriction, erasure.
Subprocessors: We maintain a list of material subprocessors (hosting, analytics, communications, payments, AI model providers) available upon request and in your account settings. We will provide at least 30 days’ notice before adding or replacing a material subprocessor where required.
Cross‑border transfers: safeguarded by SCCs/IDTA or adequacy decisions as applicable.
Training: We do not permit third‑party model providers to train on your identifiable data without your explicit consent.
Filtering: We may filter or transform your prompts/outputs to meet policy or formatting requirements.
Human review: Limited human review may occur for safety, debugging, or support, under confidentiality obligations.
Attribution & IP: You are responsible for the legality and accuracy of content you submit or publish via the Services, including rights to use any third‑party material.
© SteelWyre — All rights reserved.
© SteelWyre Corporation. 2025 All rights reserved.