---

1. Introduction

---

TypeHero ("we", "us", or "our") is an AI-powered SaaS platform operated by Neural Banana LLC. We help users create and publish travel and marketing content via our web-based services.

We respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), as well as other applicable data-protection laws.

This policy explains:

• what data we collect,
• how and why we use it,
• with whom we share it, and
• your rights under GDPR (and other applicable laws).

---

2. Data Controller & Contact Information

---

Data Controller: Neural Banana LLC
Contact Email: privacy@typehero.ai

If you have any questions about this policy or your personal data, you may contact us at privacy@typehero.ai.

---

3. What Data We Collect

---

a. User Account Data

• First name, last name
• Email address
• Time-zone and date-format preferences
• Login credentials (hashed)
• Subscription details and account settings

Purpose: To create, manage, and provide your account.

Legal Basis: Contractual necessity (Article 6(1)(b) GDPR).

b. Billing and Payment Data

When you subscribe or make payments, your data (name, email, billing-address information, payment method) is collected and processed by our payment processor. We do not store your full credit-card details.

Processor: e.g., Paddle (acting as a data processor under GDPR).

Legal Basis: Contractual necessity (Article 6(1)(b) GDPR).

c. Brand / Company Data

You may enter information about a brand, company, or client you manage, including company name and type (e.g., hotel, travel agency), website and location, amenities, services, unique selling propositions (USPs), price range or market segment.

Purpose: To generate tailored marketing content and campaigns.

Legal Basis: Legitimate interest (Article 6(1)(f)) or contractual necessity (Article 6(1)(b)).

Note: Business data about companies is only personal data if it identifies an individual (e.g., "Anna's Travel Blog").

d. Product or Service Data

You may input details about products or services (e.g., hotel rooms, car rentals, menus, packages).

Purpose: Used by our AI engine to create descriptive or promotional content.

Legal Basis: Legitimate interest (Article 6(1)(f)).

e. Personas (Fictitious Audience Profiles)

You may define fictional audience personas (e.g., "Luxury Explorer," "Budget Backpacker") to help generate more relevant content.

These are not intended to contain any real personal data. Please do not include real names or identifying details in persona fields.

f. Social-Media & Web Integrations

If you connect your Facebook, Instagram, blog/website, or other platforms to publish generated content automatically, we process:

• Limited access tokens (OAuth)
• Page or account identifiers
• Publishing permissions

Purpose: To enable posting content on your connected platforms.

Legal Basis: Consent (Article 6(1)(a) GDPR) – obtained when you connect your account.

We do not access, read, or store your messages, comments, or your followers' personal data. You can revoke access at any time via your account settings or directly on the social-media platform.

g. Automatically Collected Data

When you use our Services we collect device information, IP address, browser type, operating system, usage logs including pages visited, features used, and time spent within our Services.

Legal Basis: Legitimate interest (service security, analytics, improvement).

---

4. How We Use Your Data

---

We use your data to:

• Create and manage your account;
• Process payments and subscriptions;
• Generate and deliver AI-based content;
• Publish authorised content to your connected social-media accounts;
• Provide support and communicate about service updates;
• Maintain security and prevent fraud.

We do not sell your personal data to third parties.

---

5. Automated Content Generation (AI Processing)

---

Our system uses AI to create marketing content based on the information you provide.

This automated processing helps generate descriptions, social-media posts, and promotional materials, but does not produce decisions that legally or significantly affect individuals.

We do not train our AI models on your private data unless explicitly stated and you have given consent.

---

6. Sharing and Sub-Processing

---

We share data only with trusted third parties necessary for providing the Service:

• Payment processor (e.g., Paddle) for billing and payments.
• AI infrastructure providers (for content generation).
• Hosting and cloud-services (secure storage and processing).
• Social-media platforms (when you connect your account).

Each third party acts as a processor under a Data-Processing Agreement (DPA) and complies with GDPR.

---

7. International Data Transfers

---

Some of our processors (like Paddle, hosting, or AI providers) may store or process data outside the European Economic Area (EEA).

When this occurs, we ensure an adequate level of protection through:

• the EU–US Data Privacy Framework, or
• Standard Contractual Clauses (SCCs) approved by the European Commission.

---

8. Data Retention

---

We retain:

• Account data — for the duration of your active subscription + 12 months.
• Payment data — as required for tax and legal compliance.
• OAuth tokens — until you disconnect your account or delete your profile.
• AI content and campaign data — until you delete it or request erasure.

After these periods, data is securely deleted or anonymised.

---

9. Security

---

We apply appropriate technical and organisational measures including:

• Encryption of data in transit and at rest;
• Secure OAuth authentication for social-media connections;
• Role-based access controls;
• Regular security audits.

However, no method of transmission over the internet or method of electronic storage is completely secure.

---

10. Your Rights Under GDPR (and Other Laws)

---

Depending on your jurisdiction, you may have the following rights:

• Access your personal data;
• Rectify incorrect data;
• Delete your data ("right to be forgotten");
• Withdraw consent (for social-media integration or marketing emails);
• Data portability — receive your data in a structured, commonly-used format;
• Object to processing based on legitimate interest;
• Restrict processing;
• Lodge a complaint with a supervisory authority in the EEA.

To exercise these rights, contact us at privacy@typehero.ai.

---

11. Children's Data

---

Our Services are not directed at individuals under 16 years of age. We do not knowingly collect or process children's personal data.

If you believe that a child has provided us with personal information, please contact us so we can take appropriate action.

---

12. Cookies & Tracking Technologies

---

We use cookies and similar technologies to:

• Authenticate users;
• Remember preferences;
• Improve website and service performance;
• Analyse site traffic and trends.

You can manage or disable cookies through your browser settings. Please note that disabling cookies may impact certain features of the Services.

---

13. Marketing Communications

---

If you have consented to receive marketing emails or other promotional communications, you may opt out at any time by following the unsubscribe link in each email or by contacting privacy@typehero.ai.

We will stop sending marketing communications, but we may still send you service-related messages (e.g., about your account or updates).

---

14. Changes to This Policy

---

We may update this policy from time to time to reflect changes in our practices or legal requirements.

Any material changes will be communicated through the application or by email before they take effect.

Continued use of the Services after any update constitutes acceptance of the revised policy.

---

15. Contact Us

---

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Neural Banana LLC
Email: support@typehero.ai
Website: https://www.typehero.ai