1. Scope and operator
YUMMY YAP KITCHEN PTE LTD, trading as Publishfy ("Publishfy", "we", "us", or "our"), operates this website and the Publishfy content-operations service. For personal data that we determine how and why to process, Publishfy acts as controller. For customer content processed on a workspace customer's instructions, Publishfy may act as processor or service provider and the customer remains responsible for its own notices and lawful instructions.
2. Data we collect
Depending on how you interact with the service, we may collect:
- Account and workspace data: name, verified email address, user and workspace identifiers, role, invitations, membership history, and authentication records.
- Customer content: brand facts, instructions, uploaded media, drafts, campaigns, captions, schedules, approvals, and publishing records.
- Connected-account data: provider account identifiers, granted permissions, connection status, encrypted access credentials, and content or metrics made available through authorised platform APIs.
- Usage and device data: requests, timestamps, feature usage, error and security logs, IP-derived network information, and browser or device information supplied with requests.
- Communications: support requests, pilot feedback, and information you choose to provide.
We do not intentionally collect payment-card data through this website. Connected-platform credentials are stored in encrypted form and separated by customer brand.
3. How and why we use data
We use personal data to provide and secure the service; authenticate users; maintain workspaces and permissions; create requested AI-assisted content; connect authorised third-party accounts; support approval, scheduling, publishing, and analytics workflows; respond to support; prevent abuse; diagnose reliability issues; comply with law; and improve the service.
Where applicable, our legal bases include performing a contract, taking requested pre-contract steps, our legitimate interests in operating and protecting the service, consent for optional connections or activities, and compliance with legal obligations.
4. AI processing
When a user requests an AI-assisted feature, relevant instructions, brand context, source media, and a pseudonymous safety identifier may be sent to an AI service provider to produce or moderate the requested output. Users must review generated output before relying on or publishing it. We do not sell personal data and do not use customer content for unrelated advertising.
5. How we share data
We may disclose data to infrastructure, identity, AI, security, and connected-platform providers that help deliver the service; to professional advisers; during a lawful business transaction; or when required to protect rights, safety, or comply with law. Providers are permitted to process data only for the relevant service purpose and subject to appropriate terms. We do not sell or rent personal data.
6. International transfers
Our providers and users may operate in multiple countries. Where required, we use contractual or other lawful safeguards for transfers of personal data across borders. Local laws in a recipient country may differ from those in your country.
7. Retention and deletion
We retain account and customer data while needed to provide the service and for legitimate security, audit, dispute, and legal purposes. Retention depends on the data type and customer instructions. Deleted brand workspaces may have a limited recovery period before permanent purge. Provider credentials are removed when a connection is disconnected, subject to narrowly scoped backup and security retention. We delete or de-identify data when it is no longer required.
8. Security
We use measures designed to protect data, including verified identity, opaque sessions, role and tenant checks, private object storage, encrypted provider credentials, restricted administration paths, and security logging. No internet service can guarantee absolute security. Users are responsible for safeguarding their accounts and promptly reporting suspected misuse.
9. Your choices and rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent. You may also complain to your local data-protection authority. Workspace administrators can manage some account and content data directly. We may verify identity and consider lawful exceptions before completing a request.
10. Children
The service is for business users and is not directed to children. We do not knowingly collect personal data from children under 16.
11. Changes to this policy
We may update this policy as the service or law changes. We will post the revised policy here with a new effective date and provide additional notice when required.
12. Contact
For privacy questions or rights requests, contact the Publishfy privacy team at privacy@publishfy.app. Existing customers may also use the support channel provided in their workspace onboarding communications.