Privacy Policy

Version 2 (Early Access). Effective April 23, 2026.

Important. AlaskaAutomations is currently in early access. This policy will be replaced with a full production version after attorney review. We will notify you and ask you to re accept when material changes occur.

1. Who we are

AlaskaAutomations (the "Service") is operated by Tommy Golden, an individual based in Anchorage, Alaska, preparing to form AlaskaAutomations LLC. Until the LLC is formed and registered, the data controller for your information is Tommy Golden as an individual sole proprietor. For privacy related questions contact privacy@alaska-automations.com.

2. What we collect

We collect and process the following categories of information:

2.1 Account and authentication data

Email address, hashed password (we never see or store your actual password in plain text), account creation date, verification status, login timestamps, and session identifiers.

2.2 Configuration and connection data

RSS feeds, content sources, social media channel identifiers, Buffer API keys you connect (stored encrypted), Anthropic API keys you connect if you bring your own (stored encrypted), brand voice profiles, and any other configuration you set in your account.

2.3 Content data

Source articles ingested from your connected feeds, generated captions, carousel text, thread copy, rendered images, and associated metadata. Content you author or import into the Service stays yours.

2.4 Usage and telemetry

Records of your interactions with the Service including pipeline runs, generation events, fact check results, publishing events, errors, performance metrics, feature usage, and approximate timing of actions.

2.5 Technical data

IP address, user agent string, browser type, operating system, timezone, session cookies, CSRF tokens, and other technical headers necessary to deliver and secure the Service.

2.6 Billing data

Billing is processed by Stripe. We receive limited billing metadata (subscription status, last four digits of payment method, plan tier) but do not receive or store full payment card numbers. Full billing records are held by Stripe under their Privacy Policy.

2.7 Consent records

When you consent to our Terms of Service or Privacy Policy, we permanently record your account identifier, email, IP address, user agent, timestamp, document type and version, and a cryptographic hash of the exact document version you agreed to. This is required for legal compliance and audit purposes.

2.8 Communications

Emails we send you (transactional and service related) and any replies or support messages you send to us.

3. How we use your information

We use your information to:

Operate the Service, including ingesting content, generating social output, rendering visuals, and publishing on your behalf
Authenticate you and secure your account
Bill you and manage your subscription
Send you transactional emails (verification, password resets, receipts, service notices)
Improve the Service, including refining generation quality, fact checking, and internal models
Analyze aggregate usage to inform product decisions, pricing, features, and business strategy
Monitor and prevent abuse, fraud, and security incidents
Comply with legal obligations and respond to lawful requests from authorities
Enforce our Terms of Service and defend our legal rights

4. AI, machine learning, and model training

We use artificial intelligence throughout the Service to generate content, fact check, and extract brand voice. We may use de identified and aggregated data derived from your use of the Service (data that cannot reasonably be used to identify you or any individual) to improve our prompts, internal models, training datasets, fact checking heuristics, and service quality. We will not share your raw content with third party AI providers for their own model training. When you use your own Anthropic API key, your content is processed under Anthropic's commercial API terms which prohibit training on your data.

5. How we share your information

We share your information only with the following categories of recipients:

5.1 Service providers (processors)

Vendors who operate under our instructions to help deliver the Service, currently including:

Anthropic (when using our Anthropic access for content generation): content is sent for inference only and not used for training under Anthropic's commercial API terms
Buffer: published posts and images are relayed through Buffer to your connected social channels
Stripe: payment processing
Hetzner: server hosting and infrastructure
Resend: transactional email delivery
Cloudflare: DNS, DDoS protection, email routing

This vendor list may change as the Service evolves. Material additions that expand the categories of data shared will trigger a policy update and re consent request.

5.2 Legal compliance

We may share information when required by law, valid legal process, or to protect our rights, the rights of others, or public safety.

5.3 Business transfers

If we are acquired, merge with another entity, or sell substantially all assets, your information may be transferred as part of that transaction, subject to the continued protection of this Privacy Policy.

5.4 We do not sell personal information

We do not sell your personal information to third parties. We do not share personal information for cross context behavioral advertising.

6. Data retention

We retain your information as long as your account is active. After termination:

Account, configuration, and content data: deleted within thirty (30) days
Generated output and rendered assets: deleted within thirty (30) days
Consent records: retained for seven (7) years for legal compliance
Billing records: retained per applicable tax and financial regulations (typically seven years)
Security logs and audit records: retained up to one (1) year
De identified and aggregated data: may be retained indefinitely

7. Security

We protect your information with reasonable administrative, technical, and physical safeguards including:

Encryption in transit (TLS 1.2+)
Encryption at rest for sensitive credentials (Buffer keys, Anthropic keys)
Password hashing using bcrypt with appropriate cost factors
Session management with CSRF protection
Rate limiting on authentication endpoints
Regular security updates and patching

No system is perfectly secure. We cannot guarantee absolute security, but we continuously work to improve our practices.

8. Your rights and choices

Regardless of your location, you can:

Access: request a copy of the information we hold about you
Correct: update inaccurate information through your account settings or by contacting us
Delete: request deletion of your account and associated data (subject to retention requirements above)
Export: request a machine readable copy of your content
Withdraw consent: change your mind about consents you previously gave (this may limit service functionality)
Object: object to specific processing activities

To exercise these rights, email privacy@alaska-automations.com from the email address on your account. We will respond within thirty (30) days.

9. California residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal information (we do not sell or share), the right to limit use of sensitive personal information, and the right to non discrimination for exercising these rights. To exercise them, contact privacy@alaska-automations.com. We do not sell personal information and do not use sensitive personal information for purposes beyond those permitted without your consent.

10. European Union and United Kingdom residents

If you are located in the EU, EEA, or UK, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR. Our legal basis for processing includes: (a) performance of our contract with you; (b) legitimate interests in operating and improving the Service (balanced against your rights); (c) your explicit consent where required; (d) compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority. International transfers of EU/UK data are protected through appropriate safeguards such as Standard Contractual Clauses.

11. Children's privacy

The Service is not directed at anyone under 18 and we do not knowingly collect personal information from minors. If we learn that we have collected information from someone under 18, we will delete it.

12. Cookies and tracking

We use strictly necessary cookies to operate the Service: a session cookie to keep you logged in and a CSRF token cookie to protect against cross site request forgery. We do not currently use advertising cookies, analytics cookies, or cross site tracking. If we add analytics in the future, we will update this policy and provide opt in controls where legally required.

13. Changes to this policy

We may update this Privacy Policy. When we do, we will publish a new version, update the effective date above, and ask you to re accept the updated policy the next time you log in. Material changes will additionally be communicated by email.

14. Contact

Privacy questions or rights requests: privacy@alaska-automations.com