Privacy Policy
Last updated: 15 June 2026
This Privacy Policy explains how Wizora Technologies Ltd (trading as Wizora) (“Wizora”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards your personal information when you use our AI marketing platform (“Service”). Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Service.
1. Who We Are and How to Contact Us
Wizora Technologies Ltd (trading as Wizora) is the data controller responsible for your personal data processed under this policy. We are a company incorporated in England and Wales.
Data Controller: Wizora Technologies Ltd (trading as Wizora)
Registered Address: United Kingdom
Privacy enquiries: info@wizora.co.uk
We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process data of individuals in the European Economic Area (EEA), we also comply with EU GDPR.
2. Data We Collect
2.1 Account and Profile Information
When you register for Wizora we collect your name, email address, password (hashed and never stored in plaintext), company name, business type, website URL, industry, and any other information you voluntarily provide during onboarding or while using the Service.
2.2 Third-Party Platform Data (General)
When you connect any third-party platform account to Wizora, we receive and store:
- OAuth access tokens and refresh tokens (encrypted at rest using AES-256)
- Platform account identifiers (Page IDs, channel IDs, organisation IDs, usernames)
- Public profile information returned by the platform's API (e.g. page name, follower count)
- Content performance metrics, analytics, and insights where you have granted permission
- Social media posts and comments that you authorise Wizora to manage on your behalf
Connected platform data is used solely to provide the Service features you have activated. We do not sell, licence, or share this data with third parties for their independent commercial purposes.
2.3 Meta Platform Data (Facebook & Instagram)
When you connect a Facebook Page or Instagram Business Account, Wizora accesses the Meta Graph API under the specific permissions you grant during the OAuth authorisation flow. Depending on the features you use, these permissions may include:
- Facebook Pages:
pages_show_list,pages_read_engagement,pages_manage_posts,pages_manage_engagement,read_insights,ads_read,business_management - Instagram Business:
instagram_business_basic,instagram_business_content_publish,instagram_business_manage_comments,instagram_business_manage_messages,instagram_business_manage_insights
This data is used solely to provide the social media management features of the Service — publishing content, scheduling posts, managing comments, and reading analytics — exclusively on your behalf. We do not sell, licence, or transfer Meta or Instagram data to any third party for their independent commercial purposes. We do not use it to serve advertising or to create profiles unrelated to your own marketing activity.
Data deletion: If you disconnect your Facebook or Instagram account, or submit a Facebook Data Deletion Request, we will delete or anonymise all associated tokens and platform identifiers within 30 days. We receive automated deletion signals from Meta at our data deletion callback (https://api.wizora.co.uk/platforms/data-deletion) and deauthorisation callback (https://api.wizora.co.uk/platforms/deauthorize). Upon processing a deletion request we will provide you with a confirmation tracking code.
2.4 Google API Data
When you connect a Google account, Wizora accesses the following Google APIs under your authorisation:
- YouTube Data API v3 — to upload and manage video content on your YouTube channel
- Google My Business APIs — to read and manage your Google Business Profile and reviews
- Google Search Console API — to access search performance analytics
- Google Ads API — to read your Google Ads performance data
- Google Analytics Data API — to read your website analytics
Wizora's use and transfer of information received from Google APIs to any other app or entity will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically: data obtained through Google APIs is used only to provide or improve user-facing features that are visible to you within the Wizora Service. It is not transferred to third parties for purposes unrelated to operating the Service, is not used to serve advertising, and is not used for any purpose inconsistent with this Privacy Policy. No Wizora employee reads your Google data unless you have given express permission or we are required to do so by law.
2.5 TikTok Data
When you connect a TikTok account using TikTok Login Kit, we receive your TikTok account identifiers, display name, and username. Through the TikTok Content Posting API, we publish video content to TikTok on your behalf under the scopes you authorise (user.info.basic, video.publish). This data is used solely to enable TikTok content publishing within the Service and is not shared with any third party for purposes unrelated to operating the Service.
2.6 LinkedIn Data
When you connect a LinkedIn account, we receive and store OAuth tokens and identifiers for your LinkedIn Profile or Company Page. This data is used solely to enable LinkedIn content publishing and analytics features, in compliance with the LinkedIn API Terms of Use. We do not use LinkedIn member data for any purpose beyond operating the features you have activated within the Service.
2.7 Usage and Technical Data
We automatically collect log data, IP addresses, browser type, device identifiers, pages visited, and feature interactions to operate, secure, and improve the Service.
2.8 Billing Data
Payment card details are collected and processed directly by our payment processor (Stripe) and are never stored on Wizora servers. We retain only a billing reference and the last four digits of your payment method.
2.9 Communications
If you contact us by email or through the platform, we retain those communications to respond to your enquiries and improve our support.
3. How We Use Your Data
We process your personal data for the following purposes and legal bases:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing and operating the Service | Contract performance (Art. 6(1)(b)) |
| Managing connected social media accounts and publishing content on your behalf | Contract performance (Art. 6(1)(b)) |
| Sending service notifications and transactional emails | Contract performance (Art. 6(1)(b)) |
| Processing payments and preventing fraud | Contract performance & Legitimate interests (Art. 6(1)(b)(f)) |
| Analysing usage to improve and develop the Service | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations and responding to lawful requests | Legal obligation (Art. 6(1)(c)) |
| Sending marketing communications (where you have opted in) | Consent (Art. 6(1)(a)) |
4. Third-Party Platforms and Data Sharing
4.1 Connected Platform APIs
Your use of Wizora requires us to interact with third-party APIs including Meta (Facebook and Instagram), Google, TikTok, LinkedIn, Twitter/X, and WordPress. By connecting these accounts you authorise Wizora to access and act on data held by those platforms on your behalf. Each platform's own privacy policy governs how they handle your data independently of Wizora.
4.2 Data Deletion and De-authorisation
You may request deletion of data associated with any connected platform account at any time by:
- Emailing us at info@wizora.co.uk
- Disconnecting the account in Settings → Integrations (access tokens are deleted within 30 days)
- For Facebook/Instagram accounts: submitting a Data Deletion Request via Facebook. We receive automated deletion signals at
https://api.wizora.co.uk/platforms/data-deletionand will delete all associated data within 30 days, providing a confirmation tracking code.
Deleting your Wizora account will trigger deletion of all connected platform tokens and campaign data in accordance with our retention schedule in Section 6.
4.3 Sub-processors
We share data with the following trusted sub-processors solely to operate the Service. All sub-processors are bound by data processing agreements and are required to implement appropriate technical and organisational safeguards.
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Cloud database, authentication, and file storage | EU / US |
| Railway | Backend application hosting | US |
| Vercel | Frontend application hosting | Global CDN |
| Cloudflare R2 | Media and campaign asset storage | EU / US |
| Anthropic | AI language model inference (content generation) | US |
| xAI (Grok) | AI image and video generation | US |
| Firecrawl | Website crawling for brand research | US |
| Tavily | Web search for market intelligence | US |
| Stripe | Payment processing and billing | US |
| Resend | Transactional email delivery | US |
No personal data is sent to AI sub-processors (Anthropic, xAI) without anonymisation or aggregation, except content you explicitly instruct Wizora to generate on your behalf.
4.4 We Do Not Sell Your Data
Wizora does not sell, rent, or trade your personal data or your connected social media data to any third party for their independent commercial purposes.
4.5 Legal Disclosures
We may disclose your data where required by law, court order, or government authority, or where necessary to protect the rights, safety, or property of Wizora, our users, or the public.
5. International Data Transfers
Some of our sub-processors operate outside the UK and EEA (see Section 4.3). Where we transfer personal data internationally, we ensure adequate protections are in place via:
- UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs)
- Adequacy decisions issued by the UK Secretary of State or the European Commission
You may request details of the safeguards in place for any specific transfer by contacting us at info@wizora.co.uk.
6. Data Retention
We retain your personal data only as long as necessary for the purposes set out in this policy:
| Data type | Retention period |
|---|---|
| Account data | Duration of account + 2 years after closure |
| OAuth tokens (connected platforms) | Deleted immediately on disconnection or account closure |
| Campaign content and generated outputs | 3 years from creation, or until you delete them |
| Social media performance data | 2 years from collection |
| Billing records | 7 years (UK financial regulation requirement) |
| API usage and operational logs | 90 days |
| Security and audit logs | 12 months |
After the applicable retention period, data is securely deleted or anonymised.
7. Security
We implement industry-standard technical and organisational measures to protect your data, including:
- Encryption of OAuth tokens and sensitive credentials at rest using AES-256 symmetric encryption
- TLS 1.2+ encryption in transit for all API communications
- Row-level security policies ensuring each tenant can access only their own data
- Access controls and audit logging for all data access by Wizora staff
- Regular security reviews and dependency updates
No method of transmission or storage is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours as required by UK GDPR.
8. Cookies
Wizora uses strictly necessary session cookies to maintain your authenticated session. We do not use advertising cookies or tracking cookies. If we introduce analytics or preference cookies in the future, we will update this policy and seek your consent where required.
9. Your Rights Under UK GDPR
You have the following rights in respect of your personal data. To exercise any of them, contact us at info@wizora.co.uk:
- Right of access — obtain a copy of the personal data we hold about you
- Right to rectification — have inaccurate or incomplete data corrected
- Right to erasure (“right to be forgotten”) — request deletion of your data where no overriding legal basis exists
- Right to restriction of processing — ask us to pause processing while accuracy is disputed or a legal basis is assessed
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making — not be subject to solely automated decisions that significantly affect you
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing
We will respond to verifiable requests within one calendar month. No fee is charged for reasonable requests.
10. Children's Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@wizora.co.uk and we will delete it promptly.
11. Third-Party Links
The Service may contain links to third-party websites or platforms. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or an in-app notice at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes your acceptance of the revised policy.
13. How to Complain
If you have concerns about how we handle your personal data, please contact us first at info@wizora.co.uk so we can try to resolve the matter.
You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
If you are in the EEA, you may also complain to the supervisory authority in your country of residence.
Privacy questions?
Email us at info@wizora.co.uk. We aim to respond within 2 business days.