Privacy Policy
Last updated · June 2, 2026
1. Introduction
This Privacy Policy explains what personal data bylin (operated by Tov AI Technologies) collects, how we use it, and the choices you have. It applies to the Service available at bylin.app.
2. Data we collect
We collect:
- Account data — name, email address, and authentication identifiers (including from Google OAuth).
- Voice and content data — onboarding inputs, source material you submit, drafts generated for you, and your approval / rejection / edit feedback.
- Connected accounts — OAuth tokens for X (Twitter) and any other platform you link, used solely to post on your behalf.
- Billing data — handled by Polar (our Merchant of Record); we never see your full payment card.
- Usage and diagnostic data — error reports (Sentry), product analytics (PostHog), and basic hosting logs (Vercel).
3. How we use your data
We use your data to:
- Provide and operate the Service;
- Generate drafts that match your voice;
- Post approved drafts to platforms you have connected;
- Bill you for paid plans;
- Detect, prevent, and respond to abuse and security incidents;
- Maintain and improve the Service, which may include using your content to develop or train our own models.
4. AI and third-party processors
To provide the Service, your data is shared with the third-party processors below. Importantly, the source material you submit is sent to third-party large language model providers (e.g. OpenAI GPT, Anthropic Claude, Google Gemini, and xAI Grok, routed via OpenRouter) to generate your drafts. We do not control whether these providers use your content to train their models. Separately, we may use your content to develop or train our own models.
| Processor | What it touches |
|---|---|
| Supabase | Account data, authentication, all stored app data |
| Polar | Billing and payment data (as Merchant of Record) |
| OpenRouter | Your submitted source content, routed to LLMs (Gemini, Grok, GPT) |
| TwitterAPI.io | Reference-tweet scraping from X handles you provide |
| Jina Reader | URL / article scraping for source links you submit |
| Vercel | Hosting and request logs |
| OAuth sign-in (email, name, account id) | |
| X (Twitter) API | Posting on your behalf (OAuth token, post content) |
| Telegram | Bot delivery, if you use the Telegram entry point |
| Sentry | Error monitoring (stack traces, user id, request URL) |
| PostHog | Product analytics and session recording |
5. Data retention
We retain your personal data, including your voice playbook, source material, and drafts, for as long as your account remains active with us, because this data is required to operate the product and deliver the Service to you. When you delete your account, we delete or anonymize your personal data, except where we are required to retain certain records (such as billing records) to comply with law.
7. Your rights
Depending on your jurisdiction you may have rights to access, correct, export, or delete your personal data, to object to certain processing, and to withdraw consent. Contact legal@bylin.app to exercise these rights.
8. Security
We use industry-standard measures including TLS in transit, encryption at rest for credentials and tokens, and row-level security in our database. No system is perfectly secure.
9. Children
bylin is not intended for users under 18. We do not knowingly collect personal data from children.
10. International transfers
We are based in India and use sub-processors located in India, the United States, and other countries. Your data may therefore be processed outside your own country. Where required, we rely on appropriate safeguards for such transfers.
11. Changes to this policy
We will update the “Last updated” date and, for material changes, notify you by email or in-app notice before the change takes effect.
12. Contact
For privacy questions or requests, contact legal@bylin.app.