1. INTRODUCTION
This Privacy Policy explains how Marek Lee Eberhard (ABN 57 877 857 054), trading as My Kompass (""we,"" ""us,"" ""our,"" or ""My Kompass""), collects, uses, discloses, and protects your personal information when you use our social media management platform and related services (collectively, the ""Services"").
Our Contact Details:

Business Name: My Kompass
Legal Entity: Marek Lee Eberhard
ABN: 57 877 857 054
Address: 3/29 River Road, Wollstonecraft 2065, Sydney NSW, Australia
Email: support@my-kompass.com
Phone: +61 490 478 582

Kompass is based in Australia and operates globally. We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
Account Registration Information:

Full name
Email address
Password (stored in encrypted form)
Phone number (optional)

Payment Information:

Payment card details (processed and stored by our payment processor Stripe; we do not store complete card numbers)
Billing address
Transaction history

Content You Create:

Social media posts you create, schedule, or publish through Kompass
Images, videos, and other media files you upload
Captions, hashtags, and post metadata
Scheduled post dates and times

2.2 Social Media Account Information
When you connect your social media accounts to Kompass through our integration partner getLate.dev, we collect:
Access Tokens and Authentication Data:

OAuth tokens that allow us to access your social media accounts
Refresh tokens for maintaining connection
Account IDs and usernames

Profile Information:

Your public profile information from connected platforms (Facebook, Instagram, TikTok, YouTube)
Profile pictures and display names
Follower counts and basic metrics
Page or channel information for business accounts

Important Note: We only access information that you explicitly authorize through the social media platform's permission screens. You can revoke these permissions at any time through your social media account settings.
2.3 Usage and Analytics Data
Automatically Collected Information:

IP address and general location data (city/country level)
Device information (type, operating system, browser)
Usage patterns and feature interactions
Time stamps of activities
Error logs and diagnostic data
Performance metrics

Cookies and Similar Technologies:
While we do not currently use cookies for tracking purposes, we may implement cookies and similar technologies in the future for authentication, preferences, and analytics. We will update this Privacy Policy accordingly and provide appropriate notice.
2.4 Third-Party Service Data
AI Content Processing:
When you use AI-powered features, your content may be processed by OpenAI to:

Generate or enhance social media content
Provide content suggestions
Analyze engagement patterns

Integration Partners:
We receive data from getLate.dev to facilitate social media integrations, including connection status and basic usage metrics.

3. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
3.1 Service Delivery

Creating and managing your Kompass account
Authenticating your identity and securing your account
Connecting to and managing your social media accounts
Publishing, scheduling, and managing your social media content
Processing payments and managing subscriptions
Providing customer support and responding to inquiries

3.2 Service Improvement

Analyzing usage patterns to improve functionality
Developing new features and services
Debugging and fixing technical issues
Conducting research and analytics

3.3 Communications

Sending transactional emails (account notifications, password resets, billing confirmations)
Sending marketing emails about new features, tips, and promotions (you can opt-out at any time)
Responding to your questions and support requests
Sending important service announcements and policy updates

3.4 Legal and Security

Complying with legal obligations and responding to lawful requests
Preventing fraud, abuse, and security incidents
Protecting our rights and property
Enforcing our Terms of Service

3.5 Business Operations

Managing business analytics and operations
Conducting internal audits and quality assurance
Facilitating business transactions (mergers, acquisitions)


4. LEGAL BASIS FOR PROCESSING (GDPR)
For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide our Services under our Terms of Service
Consent: Where you have given explicit consent (e.g., marketing communications, social media integrations)
Legitimate Interests: For analytics, security, and service improvements, where not overridden by your rights
Legal Obligation: To comply with applicable laws and regulations

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

5. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We share your information only in the following circumstances:
5.1 Service Providers and Partners
getLate.dev (Social Media Integration Partner):
We share your social media authentication data and content with getLate.dev to facilitate connections and publishing to Facebook, Instagram, TikTok, and YouTube. getLate.dev processes this data solely to provide integration services.
OpenAI:
When you use AI-powered features, your content (text, prompts) is sent to OpenAI for processing. OpenAI's use of this data is subject to their privacy policy and data processing agreements.
Stripe (Payment Processor):
Payment information is collected and processed directly by Stripe. We receive only limited payment data (last 4 digits, card type, expiration) and transaction confirmations. Stripe's privacy policy governs their data handling.
Bubble.io (Hosting Infrastructure):
Our application is hosted on Bubble.io's infrastructure. Your data is stored and processed on servers managed by Bubble.io, which may be located in the United States or other jurisdictions.
5.2 Social Media Platforms
When you publish content through Kompass, we transmit that content to the social media platforms you've selected (Facebook, Instagram, TikTok, YouTube). Each platform's privacy policy governs how they handle this content.
5.3 Legal Requirements
We may disclose your information if required to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service and other agreements
Protect the rights, property, or safety of Kompass, our users, or others
Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.
5.5 With Your Consent
We may share your information for other purposes with your explicit consent.

6. INTERNATIONAL DATA TRANSFERS
Kompass is based in Australia, but our service providers may process data in other countries, including:

United States: Bubble.io (hosting), Stripe (payments), OpenAI (AI processing)
Other jurisdictions: getLate.dev and social media platforms may process data globally

When we transfer personal information outside Australia or the EEA, we implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with service providers
Ensuring service providers maintain adequate data protection standards

By using our Services, you acknowledge and consent to these international data transfers.

7. DATA RETENTION
We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy.
Specific Retention Periods:

Account Data: Retained until you delete your account
Content and Media: Retained until you delete your account or remove specific content
Payment Records: Retained for 7 years to comply with tax and accounting obligations
Analytics and Logs: Typically retained for 12-24 months
Support Communications: Retained for 3 years

Account Deletion:
When you delete your Kompass account, we will permanently delete or anonymize your personal information within 30 days, except where we must retain certain information to comply with legal obligations, resolve disputes, or enforce agreements.
Social Media Access:
Please note that deleting your Kompass account does not delete content you've already published to social media platforms. You must delete content directly from those platforms.

8. YOUR PRIVACY RIGHTS
Depending on your location, you may have the following rights:
8.1 Rights Under Australian Privacy Law

Access: Request access to your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your information (subject to legal obligations)
Complaints: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

8.2 Rights Under GDPR (EEA, UK, Switzerland)

Access: Obtain a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion (""right to be forgotten"")
Restriction: Restrict processing in certain circumstances
Portability: Receive your data in a portable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent at any time
Complain: Lodge a complaint with your local supervisory authority

8.3 Rights Under CCPA (California Residents)

Know: Request disclosure of personal information collected, used, and shared
Delete: Request deletion of personal information
Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
Non-Discrimination: Exercise rights without discriminatory treatment

8.4 Exercising Your Rights
To exercise any of these rights, contact us at:

Email: support@my-kompass.com
Phone: +61 490 478 582
Mail: 3/29 River Road, Wollstonecraft 2065, Sydney NSW, Australia

We will respond to verified requests within:

30 days for Australian residents
30 days for GDPR requests (extendable to 60 days for complex requests)
45 days for CCPA requests (extendable to 90 days)

We may require verification of your identity before processing requests.

9. CHILDREN'S PRIVACY
While Kompass does not specifically target children, we understand that users under 18 may use our Services.
For Users Under 18:

If you are under 18, you should obtain permission from a parent or legal guardian before using Kompass
We encourage parents and guardians to supervise their children's online activities

For Users Under 13 (or 16 in the EEA):
We do not knowingly collect personal information from children under 13 (or under 16 in the EEA) without verified parental consent. If we discover we have inadvertently collected such information, we will delete it immediately.
Parental Rights:
Parents or guardians can contact us to:

Review their child's personal information
Request deletion of their child's information
Refuse further collection or use of their child's information

If you believe we have collected information from a child without proper consent, please contact us immediately at support@my-kompass.com.

10. DATA SECURITY
We implement industry-standard security measures to protect your information, including:
Technical Safeguards:

Encryption of data in transit (SSL/TLS)
Encrypted storage of passwords
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Secure API connections with social media platforms

Organizational Safeguards:

Limited access to personal information on a need-to-know basis
Regular staff training on data protection
Incident response procedures

Third-Party Security:
Our service providers (Bubble.io, Stripe, getLate.dev, OpenAI) maintain their own security measures. We select partners who demonstrate strong security practices.
Your Responsibilities:

Use a strong, unique password
Do not share your account credentials
Log out after using shared devices
Enable two-factor authentication when available
Report suspicious activity immediately

No Guarantee:
While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security, and you use our Services at your own risk.

11. THIRD-PARTY LINKS AND SERVICES
Our Services may contain links to third-party websites, services, or social media platforms. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of:

Facebook, Instagram, TikTok, YouTube, or other social media platforms
getLate.dev
OpenAI
Stripe
Any other linked websites or services

We encourage you to review the privacy policies of any third-party services you interact with.

12. MARKETING COMMUNICATIONS
Email Marketing:
We may send you promotional emails about new features, tips, updates, and special offers. You can opt out at any time by:

Clicking the ""unsubscribe"" link in any marketing email
Updating your preferences in your account settings
Contacting us at support@my-kompass.com

Transactional Emails:
You cannot opt out of essential service-related emails (account notifications, billing confirmations, security alerts), as these are necessary for the operation of your account.

13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:

Update the ""Last Updated"" date at the top of this policy
Notify you via email at the address associated with your account
Provide prominent notice within the Services
For significant changes, we may require your renewed consent

Your Continued Use:
Your continued use of Kompass after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should discontinue use and delete your account.
Review Regularly:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. DO NOT TRACK SIGNALS
Some browsers support ""Do Not Track"" (DNT) signals. Currently, we do not respond to DNT signals because there is no industry-wide standard for how to interpret and respond to them. If standards are established, we may implement appropriate responses and update this Privacy Policy.

15. CALIFORNIA SHINE THE LIGHT LAW
California residents may request information about disclosures of personal information to third parties for direct marketing purposes. As stated in this policy, we do not share personal information with third parties for their direct marketing purposes.

16. NEVADA PRIVACY RIGHTS
Nevada residents have the right to opt out of the sale of personal information. We do not sell personal information as defined under Nevada law. If this changes, we will update this Privacy Policy and provide appropriate opt-out mechanisms.

17. DISPUTES AND GOVERNING LAW
Governing Law:
This Privacy Policy is governed by the laws of New South Wales, Australia, and applicable federal Australian laws.
Dispute Resolution:
For Australian residents, disputes should first be directed to the Office of the Australian Information Commissioner (OAIC).
For EEA residents, you have the right to lodge a complaint with your local data protection authority.
For all other disputes, the parties agree to attempt good faith resolution before pursuing legal action.

18. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Kompass Privacy Inquiries

Email: support@my-kompass.com
Phone: +61 490 478 582
Mail: Marek Lee Eberhard (ABN 57 877 857 054), 3/29 River Road, Wollstonecraft 2065, Sydney NSW, Australia

Response Time:
We aim to respond to all privacy inquiries within 7 business days.
Complaints:
If you are not satisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

For EEA Residents:
Contact your local data protection supervisory authority.

19. ACKNOWLEDGMENT AND CONSENT
By creating a Kompass account or using our Services, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and disclosure of your information as described
You understand that your information may be transferred internationally
You consent to the processing of your content by AI services when you use those features
If you are under 18, you have obtained parental or guardian permission to use Kompass


20. DATA PROTECTION OFFICER
While not currently required under Australian law, we take data protection seriously. For privacy-related inquiries, please contact:
Email: support@my-kompass.com
Subject Line: ""Privacy Inquiry - DPO""

DEFINITIONS
Personal Information: Information that identifies, relates to, or could reasonably be linked with you.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
Services: The Kompass platform, website, applications, and related services.
Third Parties: Entities that are not Kompass, including service providers, partners, and social media platforms.