Privacy Policy

How we collect, use, and protect your information

Last Updated: October 2025

1. Introduction

Steadily ("we," "our," or "us") operates the website reachsteadily.com and provides social media automation services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website and WordPress plugin.

2. Information We Collect

2.1 Personal Information

  • Account Information: Email address, username, password (securely hashed), and full name
  • Profile Settings: Timezone preferences, notification settings, and contact preferences
  • Contact Information: Email addresses for notifications, ntfy.sh topics for push notifications

2.2 Content and Website Data

  • Website Information: Your website's base URL, sitemap URL, and description
  • Content Sources: Blog post URLs, titles, content text, and associated metadata
  • Generated Content: AI-generated social media posts, their approval status, and scheduling information
  • Social Media Integration: Platform usernames, user IDs, posting preferences, and encrypted API credentials you provide

2.3 Usage and Analytics Data

  • Usage Statistics: Number of posts generated and scheduled per week
  • Content History: Records of posted content, success/failure rates, and posting timestamps
  • Campaign Data: Information about content campaigns and their performance

2.4 Technical Information

  • Log Data: IP addresses, browser type, operating system, and user agent strings
  • Authentication Data: Login attempts (successful and failed), session information
  • Device Information: Information about the device you use to access our Service

2.5 WordPress Plugin Data

  • Site Information: WordPress site URL, admin email, plugin version
  • Content Samples: WordPress post content used for voice profile analysis
  • Authentication Tokens: OAuth tokens for secure plugin communication

3. How We Use Your Information

3.1 Service Provision

  • Generate and schedule social media content using AI
  • Analyze your content to create personalized voice profiles
  • Manage your posting schedule and content approval workflow
  • Provide customer support and respond to your inquiries

3.2 Communication

  • Send you notifications about scheduled posts requiring approval
  • Provide system alerts and important service updates
  • Send product updates, feature announcements, and service improvements
  • Respond to support requests and feedback

3.3 Service Improvement and Analytics

  • Analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Monitor system performance and security
  • Collect analytics data to understand user behavior and service performance (we may implement Google Analytics or similar services in the future)

3.4 Legal and Security

  • Comply with legal obligations and enforce our Terms of Service
  • Protect against fraud, abuse, and security threats
  • Maintain the security and integrity of our Service

4. Third-Party Services and Data Sharing

4.1 AI Content Generation

OpenAI: We use OpenAI's GPT models to generate content. Content may be sent to OpenAI using either:

  • Your own OpenAI API key (for Free plan users)
  • Our OpenAI API key (for Starter and Pro plan users)

OpenAI's usage of this data is governed by their privacy policy and terms of service.

4.2 Social Media Platforms

Twitter/X and Bluesky: We post content to these platforms using your provided API credentials. Data sharing is limited to the content you approve for posting. Each platform's privacy policy governs their handling of posted content.

4.3 Email Services

AWS SES: We use Amazon Simple Email Service to send notification emails. AWS's privacy policy governs their handling of email delivery data.

4.4 Infrastructure Services

  • Redis: Used for caching and session management
  • Django Sessions: For user authentication and session management

4.5 Data Sharing Limitations

We do not sell, trade, rent, or otherwise transfer your personal information to third parties for their marketing or commercial purposes. We may share your information only:

  • As described in this Privacy Policy with service providers
  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and the safety of our users
  • In connection with a business transfer (merger, acquisition, etc.) with appropriate safeguards

5. Data Security

5.1 Security Measures

  • Encryption: Sensitive data like API keys are encrypted in our database
  • Secure Authentication: OAuth2 and secure session management
  • HTTPS: All data transmission is encrypted using SSL/TLS
  • Access Controls: Limited employee access to personal data

5.2 API Key Security

  • Social media API keys you provide are encrypted and stored securely
  • OpenAI API keys (if provided) are encrypted and used only for your content generation
  • We never share your API credentials with unauthorized parties

5.3 Data Breach Response

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of discovering the breach
  • Take immediate steps to secure affected systems
  • Cooperate with relevant authorities as required by law

6. Data Retention

6.1 Account Data

  • We retain your account information for as long as your account is active
  • After account deletion, we may retain some data for legal compliance purposes

6.2 Content Data

  • Generated content is retained based on your plan tier and settings
  • Content cooldown periods prevent republishing of the same content
  • Cache data expires automatically based on configured timeouts

6.3 Log Data

  • Authentication logs are retained for security monitoring purposes
  • System logs are retained for operational and debugging purposes
  • IP address data in logs is subject to automatic rotation

7. Your Rights and Choices

7.1 Access and Control

  • Account Settings: Update your profile, notification preferences, and content settings
  • Content Management: View, edit, approve, or reject generated content
  • Data Access: Request information about what personal data we have about you

7.2 Communication Preferences

  • Notification Method: Choose between email and ntfy.sh notifications
  • Frequency Settings: Control how often you receive notifications
  • Marketing Opt-out: Unsubscribe from product updates and promotional communications
  • Essential Communications: Some service-related emails (security alerts, billing) cannot be disabled

7.3 Content Control

  • Approval Workflow: Control whether content requires your approval before posting
  • Content Flagging: Flag inappropriate or unwanted articles to exclude them
  • Posting Methods: Choose between manual review and automated posting

7.4 Data Deletion

  • Account Deletion: Request complete deletion of your account and associated data
  • Content Deletion: Remove specific pieces of content or generated posts
  • Selective Deletion: Choose which types of data to retain or delete

8. Cookies and Tracking

8.1 Cookie Types

  • Essential Cookies: Required for user authentication and service functionality
  • Security Cookies: Used for CSRF protection and secure authentication
  • Preference Cookies: Store your settings and preferences
  • Analytics Cookies: May be used to understand user behavior and improve our Service (when implemented)

8.2 Cookie Management

  • Essential cookies are required for the Service to function properly
  • You can control non-essential cookies through your browser settings
  • We will provide cookie consent options for analytics cookies when implemented
  • Disabling cookies may limit some functionality of our Service

9. International Data Transfers

  • Our Service is operated from the United States
  • By using our Service, you consent to the transfer of your information to the United States
  • We implement appropriate safeguards to protect your data during international transfers

10. Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

11. Plan Tiers and Data Handling

11.1 Free Plan

  • Content sources have a 2 posts/week limit
  • Users must provide their own OpenAI API key
  • Basic notification and approval features

11.2 Starter Plan ($10/year)

  • Up to 7 posts/week per content source
  • We provide OpenAI API access
  • Enhanced features and support

11.3 Pro Plan ($10/month)

  • Unlimited posts per content source
  • Advanced AI features and priority support
  • Additional integrations and customization options

12. WordPress Plugin Privacy

12.1 Plugin Data Collection

  • Site URL and basic WordPress configuration
  • Admin email for user identification
  • Content samples for voice profile analysis
  • Plugin version and technical diagnostics

12.2 Plugin Authentication

  • OAuth2 tokens for secure communication with our Service
  • No direct access to your WordPress database or files
  • Authentication can be revoked at any time

12.3 Content Access Methods

  • Website Scraping: For users without the plugin, we may scrape publicly available content
  • Plugin Access: Direct database access through the plugin for better reliability
  • Content analysis is identical regardless of access method

13. Third-Party Insights Feature

Our Pro plan includes the ability to incorporate insights from third-party industry sources:

  • We analyze publicly available content from industry blogs and publications
  • No personal information from these sources is collected or stored
  • Attribution is provided when third-party insights are used in your content

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us through our contact page.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will notify you by email or through a prominent notice on our Service
  • The "Last Updated" date at the top of this policy will be revised
  • Continued use of our Service after changes constitutes acceptance of the updated policy

16. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing personal information includes:

  • Contract Performance: To provide our Service as described in our Terms of Service
  • Legitimate Interests: To improve our Service, ensure security, and provide customer support
  • Consent: For marketing communications, analytics cookies, and optional features (you may withdraw consent at any time)
  • Legal Compliance: To comply with applicable laws and regulations

16.1 Your EU Rights

If you are located in the EU, you have additional rights including:

  • Right to Access: Request information about how we process your data
  • Right to Rectification: Correct inaccurate personal information
  • Right to Erasure: Request deletion of your personal information
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge a Complaint: Contact your local data protection authority