Privacy Policy

MiseEnKit ("the Service," "we," "us," or "our")
Operated by DETGAAO LLC

Effective date: April 18, 2026
Last updated: April 18, 2026

1. Who We Are

MiseEnKit is a product of DETGAAO LLC. We provide an AI-powered tool that helps small businesses create consistent visual branding and manage their social media presence.

If you have questions about this policy, contact us at privacy@miseenkit.com.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Password (stored as a cryptographic hash, never in plain text)
Display name (if you sign up via Google OAuth)
Authentication provider (email or Google)

2.2 Business Profile Information

When you set up your brand profile, we collect:

Business name
Business type (e.g., restaurant, cafe, bakery, food truck)
City and country
Canton (optional, for Swiss users)
Preferred language (English or Swiss German)
Brand color preference
Preferred posting days
Voice examples (caption text you provide to train your brand voice)

2.3 Photos and Media

When you upload content to the Service, we collect:

Photos you upload (JPG, PNG, HEIC, WebP formats)
PDF documents you upload (menus, flyers)
Category tags you assign to photos
Metadata we generate: thumbnails, processed versions of your photos, AI-generated descriptions of photo content

We strip GPS coordinates and device information from uploaded photos before storage. We retain only image orientation data.

2.4 AI-Generated Content

The Service generates content based on your photos and profile. We store:

AI-generated captions and hashtags
AI quality scores (used internally to improve output quality)
Your edits to generated content
Weekly plans and scheduled posts

2.5 Usage and Interaction Data

We collect information about how you use the Service:

Login timestamps and session data
Feature usage patterns (e.g., weekly planner completion time)
Post approval actions (approved, edited, skipped)
Notification preferences
IP address (for security and legal compliance)

2.6 Payment Information

We use Stripe to process payments. We do not store your credit card number, bank account details, or other payment credentials on our servers. Stripe handles all payment data under their own privacy policy. We store only a Stripe customer reference ID to link your account to your subscription.

2.7 Pre-Launch Waitlist

If you signed up for our pre-launch waitlist, we collected your email address and the source of your signup. This data will be migrated to our email platform after launch and is subject to this policy.

3. How We Use Your Data

To provide the Service: Processing your photos, generating captions and hashtags, scheduling and publishing posts to your connected social media accounts, managing your subscription.

To improve AI output quality: Your brand profile, voice examples, and menu context are used as inputs to our AI caption generation system. Your approval and editing patterns help us understand output quality (we track whether captions are approved as-is or edited, but we do not use your specific edits to train AI models).

To communicate with you: Sending account verification emails, password resets, subscription-related notifications, post scheduling reminders, and service updates.

To maintain security: Detecting unauthorized access, preventing abuse, and maintaining audit logs.

To comply with legal obligations: Tax reporting (via Stripe Tax), responding to lawful data requests, and maintaining records as required by applicable law.

4. Third-Party Data Sharing

We share your data with the following third-party service providers, and only to the extent necessary to deliver the Service:

4.1 Anthropic (AI Processing)

Your photos and brand profile information are sent to Anthropic's Claude API for:

Photo analysis (identifying what is in your photos)
Caption and hashtag generation
Caption quality evaluation

Anthropic processes this data under their data usage policy. We use their API in a configuration where your data is not used to train their models.

4.2 Meta (Social Media Publishing)

If you connect your Instagram Business account or Facebook Page, we share:

Photos you approve for posting
Captions and hashtags you approve
Scheduling information

This sharing only occurs when you explicitly approve a post for publishing. We access your Meta accounts using OAuth tokens you authorize, and we request only the permissions necessary for posting content.

4.3 Stripe (Payments)

We share your email address with Stripe to create your customer account and process payments. Stripe collects payment method details directly. We share location data (country) with Stripe Tax for VAT/tax compliance.

4.4 Supabase (Infrastructure)

Our backend infrastructure runs on Supabase. Your data is stored in Supabase's European data center (Zurich, Switzerland region). Supabase acts as a data processor under our instructions.

4.5 Vercel (Hosting)

Our application is hosted on Vercel. Vercel processes web requests and may collect standard server logs (IP addresses, request timestamps, browser information).

4.6 Sentry (Error Tracking)

We use Sentry to track and resolve application errors. Error reports may include technical context about your session but do not include your photos, captions, or business profile content.

4.7 Image Processing Providers

Your photos are sent to third-party image processing services for background removal and photo enhancement. The specific provider will be identified here before launch. These providers process your photos only for the purpose of returning the processed result and do not retain your images.

We do not sell your data to anyone. We do not share your data with advertisers. We do not use your data for any purpose other than providing and improving the Service.

5. Data Storage and Retention

5.1 Where Your Data Is Stored

Your data is stored in Supabase's European data center (eu-central-2, Zurich, Switzerland). Application hosting is provided by Vercel with global edge distribution.

5.2 Retention Periods

Photos: Retained for 12 months from upload date. We will notify you before deletion (at 10 months and 11.5 months) and provide an option to download your photos before removal.
Account data and business profile: Retained for the duration of your active subscription plus 90 days after cancellation or trial expiration.
Post history and captions: Retained for the duration of your active subscription plus 90 days after cancellation.
Audit logs (IP address, login timestamps): Retained for 90 days, then deleted.
Payment records: Stripe retains billing records under their own retention policy. We delete our local Stripe reference when your account is deleted.

5.3 Account Deletion

You can delete your account from Settings at any time. When you request deletion:

Your account enters a 48-hour cooling period during which you can cancel the deletion.
After 48 hours, we permanently delete: your account, brand profile, all photos (originals and processed versions), captions, posts, weekly plans, social media connection tokens (revoked via Meta API), notification preferences, and all other user data.
Published posts on Instagram and Facebook are not removed by account deletion. You must delete those directly on the respective platforms.
Stripe retains its own billing records per their policy.

6. Your Rights

6.1 For All Users

Access: You can request a copy of your data. We provide a downloadable export (ZIP file) containing your brand profile, photos, captions, and post history.
Correction: You can update your brand profile and account information at any time through the app.
Deletion: You can delete your account and all associated data as described in Section 5.3.
Data portability: Your data export is provided in standard, machine-readable formats.

6.2 European Union and European Economic Area (GDPR)

If you are in the EU/EEA, you also have the right to:

Restrict processing of your data in certain circumstances
Object to processing based on legitimate interests
Lodge a complaint with your local data protection authority

Our legal basis for processing your data is: performance of a contract (providing the Service you signed up for), legitimate interests (improving service quality, maintaining security), and legal obligations (tax compliance, responding to lawful requests).

6.3 Switzerland (DSG)

If you are in Switzerland, you have rights under the Swiss Federal Act on Data Protection (DSG), including rights of access, correction, deletion, and data portability. You may contact the Federal Data Protection and Information Commissioner (FDPIC) with complaints.

6.4 California (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, contact us at privacy@miseenkit.com.

7. Cookies and Tracking

We use essential cookies for authentication and session management. These are necessary for the Service to function.

We do not use advertising cookies. We do not use third-party tracking pixels. We do not serve ads.

We use Vercel Analytics to measure basic application performance (page load times, error rates). This data is aggregated and does not identify individual users.

8. AI Processing Disclosure

MiseEnKit uses artificial intelligence to:

Analyze the content of your photos (identifying dishes, ingredients, settings)
Generate captions and hashtags based on photo analysis and your brand profile
Evaluate caption quality before presenting options to you

All AI-generated content is presented to you for review before publishing. You have full control to edit, regenerate, or reject any AI-generated content.

The AI system may occasionally produce inaccurate descriptions or inappropriate suggestions. You are responsible for reviewing all content before it is published to your social media accounts.

We do not use your data to train AI models. Your photos and brand information are processed through the Anthropic Claude API for the sole purpose of generating content for your use.

9. Children

MiseEnKit is a business tool designed for business owners. We do not knowingly collect personal information from anyone under 16 years of age. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Security

We protect your data through:

Encrypted data transmission (HTTPS/TLS)
Encrypted storage of sensitive credentials (social media access tokens)
Row-level security in our database (your data is isolated from other users)
Regular security monitoring via Sentry error tracking

No system is perfectly secure. If we discover a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.

11. International Data Transfers

Your data is primarily stored in Switzerland (Supabase eu-central-2 region). Some processing occurs through services based in the United States (Anthropic, Stripe, Vercel, Sentry). These transfers are made under appropriate safeguards, including standard contractual clauses where applicable.

12. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via email or in-app notification at least 14 days before the changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, data requests, or complaints:

Email: privacy@miseenkit.com

Mailing address:
DETGAAO LLC
7880 W. Maule Ave, STE 1018
Las Vegas, NV 89113
United States

This privacy policy is provided in English. A German-language version will be made available in a future update.