This Privacy Policy explains how HMD Digital S.R.L. ("we", "us") processes personal data when you use Orpheus at https://orpheus.hmd.digital. We act as data controller for the processing described here unless stated otherwise.

1. Data Controller

HMD Digital S.R.L., Via Lampedusa 37, 04011 Aprilia (LT), Italy. VAT: IT03280710595. Email: [email protected]. Legal representative: Henrique Milli.

Privacy enquiries: [email protected]. Certified email (PEC): [email protected].

2. Scope

This policy applies to visitors of our website, account holders, workspace members, billing contacts, and anyone who communicates with us about the Service.

It does not cover third-party websites or services you access through links or integrations (such as LinkedIn), which have their own privacy policies.

3. Categories of Data We Process

Account and identity data: name, email address, profile photo, authentication identifiers, sign-in method, and account timestamps.
Workspace and brand data: brand name, guidelines, questionnaire answers, logos, reference images, website URLs, and configuration settings.
Content data: post drafts, briefs, images, carousels, schedules, chat messages, attachments, and AI session metadata.
LinkedIn integration data: OAuth tokens (stored encrypted on our servers), LinkedIn person URN, profile name, connection metadata, published post identifiers, and engagement metrics retrieved via official APIs.
LinkedIn evidence data: publicly available profile, company, or post information retrieved to ground AI features when you provide a LinkedIn URL.
Billing data: subscription status, Mollie customer and payment identifiers, invoice periods—we do not store full payment card numbers.
Communications: support messages and transactional emails (e.g. publish confirmations, billing notices) sent via our email provider.
Technical and usage data: IP address, browser type, device information, logs, security signals, cookie/consent choices, and—if you consent—analytics events via Firebase/Google Analytics and LinkedIn advertising conversion measurement (server-side, hashed email) when you accept marketing cookies.
Pre-authentication local data: LinkedIn handle or brand-setup drafts stored in your browser until you sign up.

4. Purposes and Legal Bases

We process personal data for the following purposes:

Providing and operating the Service (contract performance).
Authentication, security, fraud prevention, and abuse detection (legitimate interests and, where applicable, legal obligation).
AI-assisted features, including content generation, research, and brand analysis (contract performance and legitimate interests in improving the Service).
Publishing and scheduling to LinkedIn at your direction (contract performance).
Billing and subscription management (contract performance and legal obligation).
Transactional and service communications (contract performance and legitimate interests).
Product analytics and measurement, where you have consented to analytics cookies (consent).
LinkedIn advertising conversion measurement (hashed email and optional click ID), where you have consented to marketing cookies (consent).
Compliance with law, regulatory requests, and enforcement of our terms (legal obligation and legitimate interests).
Developing, training, fine-tuning, and evaluating machine-learning models and aggregated analytics using de-identified, anonymized, or aggregated data derived from Service usage (legitimate interests, and consent or contract where required).

5. AI and Automated Processing

The Service sends prompts and context (which may include your content and LinkedIn evidence) to third-party AI providers, including Google (Gemini), OpenAI, and research tools such as Tavily and Bright Data, solely to deliver features you request.

Outputs are assistive only; significant decisions with legal or similarly significant effects are not made solely by automated means without human involvement on your side.

6. Recipients and Processors

We share data with service providers who process data on our behalf under contractual safeguards, including:

Google Firebase (authentication, database, storage, hosting, functions, App Check/reCAPTCHA) — primarily EU region (europe-west1); Google Analytics (Firebase Analytics) when you consent; Google Gemini, OpenAI, Tavily, and Bright Data for AI features; LinkedIn when you connect your account or when you consent to marketing measurement via LinkedIn Conversions API; Mollie for payments; Brevo for email; Google Fonts for typography.

We do not sell your personal data as a standalone commercial product. We may disclose data where required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale subject to appropriate safeguards.

7. International Transfers

Some processors are located outside the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms.

8. Retention

We retain personal data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Backup copies, logs, and anonymized or aggregated data may be retained longer where permitted. You may request deletion subject to exceptions (e.g. billing records, legal holds).

9. Your Rights

Where GDPR or applicable law applies, you may have the right to access, rectify, erase, restrict, object to certain processing, data portability, and to withdraw consent (without affecting prior lawful processing).

You may lodge a complaint with a supervisory authority. In Italy, the Garante per la protezione dei dati personali (www.garanteprivacy.it).

To exercise rights, contact [email protected]. We may need to verify your identity.

10. Cookies

We use cookies and similar technologies as described in our Cookie Policy at https://orpheus.hmd.digital/cookies. Non-essential cookies require your consent via our cookie banner.

11. Security

We implement technical and organizational measures appropriate to the risk, including encryption of LinkedIn refresh tokens, access controls, and EU-hosted infrastructure. No method of transmission or storage is completely secure.

12. Children

The Service is not directed to individuals under 18. We do not knowingly collect data from children.

13. Changes

We may update this Privacy Policy. The effective date at the top will change when we do. Material changes will be communicated through the Service or by email where appropriate.