Legal

Privacy Policy

This policy explains how Publishfy collects, uses, discloses, and protects personal data when you visit our website or use our invitation-only services.

Effective and last updated: 17 July 2026

1. Scope and operator

YUMMY YAP KITCHEN PTE LTD, trading as Publishfy ("Publishfy", "we", "us", or "our"), operates this website and the Publishfy content-operations service. For personal data that we determine how and why to process, Publishfy acts as controller. For customer content processed on a workspace customer's instructions, Publishfy may act as processor or service provider and the customer remains responsible for its own notices and lawful instructions.

2. Data we collect

Depending on how you interact with the service, we may collect:

  • Account and workspace data: name, verified email address, user and workspace identifiers, role, invitations, membership history, and authentication records.
  • Customer content: brand facts, instructions, uploaded media, drafts, campaigns, captions, schedules, approvals, and publishing records.
  • Connected-account data: provider account identifiers, granted permissions, connection status, encrypted access credentials, and content or metrics made available through authorised platform APIs.
  • Usage and device data: requests, timestamps, feature usage, error and security logs, IP-derived network information, and browser or device information supplied with requests.
  • Communications: support requests, pilot feedback, and information you choose to provide.

We do not intentionally collect payment-card data through this website. Connected-platform credentials are stored in encrypted form and separated by customer brand.

3. How and why we use data

We use personal data to provide and secure the service; authenticate users; maintain workspaces and permissions; create requested AI-assisted content; connect authorised third-party accounts; support approval, scheduling, publishing, and analytics workflows; respond to support; prevent abuse; diagnose reliability issues; comply with law; and improve the service.

Where applicable, our legal bases include performing a contract, taking requested pre-contract steps, our legitimate interests in operating and protecting the service, consent for optional connections or activities, and compliance with legal obligations.

4. AI processing

When a user requests an AI-assisted feature, relevant instructions, brand context, source media, and a pseudonymous safety identifier may be sent to an AI service provider to produce or moderate the requested output. Users must review generated output before relying on or publishing it. We do not sell personal data and do not use customer content for unrelated advertising.

5. How we share data

We may disclose data to infrastructure, identity, AI, security, and connected-platform providers that help deliver the service; to professional advisers; during a lawful business transaction; or when required to protect rights, safety, or comply with law. Providers are permitted to process data only for the relevant service purpose and subject to appropriate terms. We do not sell or rent personal data.

6. International transfers

Our providers and users may operate in multiple countries. Where required, we use contractual or other lawful safeguards for transfers of personal data across borders. Local laws in a recipient country may differ from those in your country.

7. Retention and deletion

We retain account and customer data while needed to provide the service and for legitimate security, audit, dispute, and legal purposes. Retention depends on the data type and customer instructions. Deleted brand workspaces may have a limited recovery period before permanent purge. Provider credentials are removed when a connection is disconnected, subject to narrowly scoped backup and security retention. We delete or de-identify data when it is no longer required.

8. Security

We use measures designed to protect data, including verified identity, opaque sessions, role and tenant checks, private object storage, encrypted provider credentials, restricted administration paths, and security logging. No internet service can guarantee absolute security. Users are responsible for safeguarding their accounts and promptly reporting suspected misuse.

9. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent. You may also complain to your local data-protection authority. Workspace administrators can manage some account and content data directly. We may verify identity and consider lawful exceptions before completing a request.

10. Children

The service is for business users and is not directed to children. We do not knowingly collect personal data from children under 16.

11. Changes to this policy

We may update this policy as the service or law changes. We will post the revised policy here with a new effective date and provide additional notice when required.

12. Contact

For privacy questions or rights requests, contact the Publishfy privacy team at privacy@publishfy.app. Existing customers may also use the support channel provided in their workspace onboarding communications.