nkonsept SMMnkonsept SMM

Privacy Policy

nkonsept SMM — AI-powered Social Media Manager

Last updated: May 6, 2026

1. Who We Are

nkonsept ("we", "us", "our") operates nkonsept SMM (also referred to as smm_ai_app), an AI-powered social media management application available at app.nkonsept.com. This policy explains how we collect, use, and protect your personal data when you use nkonsept SMM.

2. What Data We Collect

We collect only what is necessary to provide the Service:

Account information

Name, email address, and organization name provided during registration.

Social media access tokens

OAuth tokens required to publish and read analytics on your behalf. Tokens are encrypted at rest using AES-256-GCM encryption and never shared with third parties.

Content and analytics

Posts you create or import, captions, published dates, and engagement metrics fetched from social platforms.

Brand profile

Business description, tone, target audience, and other brand settings you provide to configure the AI engine.

Usage data

Basic server logs including IP addresses (for rate limiting and security purposes). Logs are retained for 30 days.

3. How We Use Your Data

  • To provide the core scheduling and publishing features
  • To generate AI content suggestions tailored to your brand
  • To fetch and display analytics from your social platforms
  • To send transactional notifications (plan ready, post published, trial ending)
  • To prevent abuse and protect the security of the platform

We do not sell your data, use it for advertising, or share it with third parties other than the service providers listed below.

4. Third-Party Services

The following third-party services process data on our behalf:

  • Meta (Facebook / Instagram) — content publishing and analytics via official Graph API
  • TikTok — analytics and video list retrieval via TikTok Open API (when connected)
  • OpenAI — AI content generation (captions, weekly plans, brand analysis)
  • Resend — transactional email delivery

5. Data Storage and Security

Your data is stored on servers located in the EU (Helsinki, Finland). We implement the following security measures:

  • AES-256-GCM encryption for social OAuth tokens at rest
  • HTTPS / TLS encryption for all data in transit
  • Rate limiting on all authentication endpoints
  • Weekly database backups with 28-day retention
  • Session tokens invalidated on logout

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of all personal data we hold about you
  • Correction — ask us to fix inaccurate data
  • Deletion — request deletion of your account and all associated data
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain types of processing

To exercise any of these rights, contact us. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. After account termination, data is deleted within 30 days. Anonymized aggregate analytics may be retained indefinitely.

8. Cookies

We use a single session cookie for authentication (NextAuth.js). No advertising or tracking cookies are used. The session cookie is essential to the operation of the Service and cannot be disabled.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy when our practices change. We will notify you by email for material changes. The date at the top of this page indicates the most recent revision.

11. Contact

For privacy questions or data requests, contact us.