Legal

Privacy Policy

Last Updated: June 7, 2026  ·  Effective Date: June 7, 2026

Introduction

Dryv (the "Service") is operated by Dryv Social AI ("Dryv," "we," "our," or "us"). We operate dryvsocial.ai and the Dryv AI platform — an AI-powered social media content creation and publishing service built for small and medium businesses. Our AI agents draft social media content (text, images, carousels, and videos) on your behalf; you review and approve that content in your client portal before anything is published.

This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and your rights regarding your data. We are committed to being transparent and handling your information responsibly. By using the Service, you agree to the practices described here.

Information We Collect

We collect information that is necessary to deliver our service:

Account Information

  • Name and email address
  • Encrypted password / authentication credentials (for portal access)
  • Team members you invite, including their names and email addresses

Billing & Subscription Information

  • Subscription plan, billing interval, trial status, and subscription state (e.g. trialing, active, past due, canceled)
  • Payment is processed by Stripe. We do not store full card numbers on our systems — Stripe handles card data directly. We retain a Stripe customer reference and subscription identifiers to manage your plan.

Business & Brand Information

  • Business name and industry
  • Brand guidelines, voice, products, services, and style preferences (your "Brand Brain")
  • Logos, imagery, and brand assets provided during onboarding

Uploaded Content & Knowledge Base

  • Topics, articles, ideas, notes, and other inputs you upload to your knowledge base for our AI agents to turn into content
  • Photos, videos, and other media you upload

Avatar & Voice Data (Optional Feature)

  • If you create an AI avatar, we process the reference photo or video you upload and any voice recording you provide to clone a voice. This may include biometric-style identifiers derived from a person's face and voice.
  • The name of the person providing likeness consent and the consent confirmation you submit when creating an avatar.
  • Avatar and voice creation is powered by HeyGen (see sub-processors below). You must have the right and consent to use any likeness or voice you upload.

Connected Social Accounts

  • OAuth access tokens for connected platforms (e.g. Instagram, Facebook, LinkedIn, TikTok, YouTube, X/Twitter), connected via our publishing partner Upload-Post
  • Connected-account profile information needed to publish on your behalf
  • Access tokens are stored encrypted — we treat access to your accounts with the same care as any sensitive credential

Content & Publishing Data

  • AI-generated posts, captions, images, videos, and carousels
  • Content drafts, approval/rejection decisions, schedules, and publishing history

Performance & Analytics Data

  • Engagement metrics (likes, comments, shares, reach, impressions) pulled back from your connected social media platforms via their official APIs

Usage Data

  • Anonymous website analytics (page views, session data) via Vercel Analytics
  • Operational logs from your use of the portal (for security, debugging, and service reliability)

Contact Form Submissions

  • Name, email, phone, business name, and message content

How We Use Your Information

We use your information to:

  • Generate social media content with our AI agents, present it to you for review, and publish approved content on your behalf
  • Analyze content performance and improve the quality of content we generate for you over time
  • Create AI avatars and voices when you opt into that feature
  • Manage your subscription, process payments, and administer trials and renewals
  • Manage your account and provide portal access
  • Communicate with you about your content, account, billing, and our service
  • Maintain the security, integrity, and reliability of the Service
  • Comply with legal obligations

We will never:

  • Sell your personal data to third parties
  • Use your data for advertising or behavioral targeting

Sub-processors & Data Sharing

To operate the Service, we share data with the trusted third-party sub-processors listed below. We share only what is necessary for each provider to perform its function. This list may change as our service evolves; we will update this page when it does.

OpenAI

Used to generate and rewrite text content (captions, scripts, outlines, strategy) and to generate images (via the GPT Image model). Your business context, brand information, and content inputs are sent to produce relevant content.

Anthropic (Claude)

Used to generate and rewrite text content. Your business context and content inputs are sent to produce relevant content.

Google (Gemini)

Used as an additional / fallback large-language-model provider for text generation.

fal.ai

Image- and video-generation gateway. We route image generation (GPT Image and Nano Banana models) and AI video generation (Seedance) through fal. Content prompts and any reference images you provide are sent to fal to produce media.

HeyGen

Used for AI avatar video creation and voice cloning when you opt into avatar features. Only clients who create avatars have reference media and voice recordings shared with HeyGen. This may include biometric-style data derived from a person's face and voice.

ScreenshotOne

Used to capture website / article screenshots for certain news-style content graphics. Only the source URLs needed for a screenshot are sent.

Apify

Used to gather news and trend signals from public sources that feed our news/trend content agents. We send query and source parameters; we do not share your account credentials.

Upload-Post

Our social media publishing and scheduling partner. We connect your social accounts through Upload-Post and share post content, captions, media, and connected-account authorizations solely to publish on your behalf and retrieve analytics.

Connected Social Platforms

When content is published, post content (images, videos, captions) is sent to the platforms you connect (e.g. Meta / Facebook & Instagram, LinkedIn, TikTok, YouTube, X/Twitter) using the permissions you grant. We retrieve engagement metrics back from those platforms.

Stripe

Our payment processor. Stripe handles your subscription billing and card data directly. We share the information needed to create and manage your subscription (such as your email, business name, and plan selection).

Supabase

Our database, authentication, and storage provider. Client data is stored in Supabase infrastructure with encryption at rest and Row Level Security policies enforced.

Microsoft Azure

Hosts our backend platform and manages our secrets (Azure Key Vault). Transactional emails (account notifications, content alerts, invitations) are sent via Azure Communication Services from our verified dryvsocial.ai domain.

Vercel

Hosts our marketing site and client portal frontend and handles web traffic. We also use Vercel Analytics for anonymous website usage data — no personal identifiers are collected.

We may also disclose information where required by law, to enforce our Terms, to protect the rights, safety, or property of Dryv or others, or in connection with a merger, acquisition, or sale of assets (subject to this Policy).

Social Media Platform Permissions

We request only the minimum permissions needed to deliver our service. Below is a summary of what we typically request from each platform:

  • Instagram: Content publishing, insights/analytics access, basic account info
  • Facebook: Page post management, page insights
  • LinkedIn: Post creation, profile and organization page access, analytics
  • TikTok: Video publishing, basic account info, content analytics
  • YouTube: Video uploads, channel analytics, basic account info
  • X (Twitter): Post creation, basic account info, engagement analytics

You authorize access via the official OAuth flows for each platform. You can revoke access at any time through your platform account settings or by contacting us. Access tokens are stored encrypted.

International Data Transfers

We are based in the United States, and several of our sub-processors operate in the United States and other countries. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for these transfers.

Data Security

We take reasonable steps to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Access tokens and secrets stored encrypted (secrets managed in Azure Key Vault)
  • Role-based access controls — clients only have access to their own data
  • Supabase Row Level Security (RLS) policies enforced at the database level
  • Regular security reviews of our codebase and infrastructure

No system is completely immune to security risks. If you believe your account has been compromised, please contact us immediately at gunnar@dryvsocial.ai.

Data Retention & Deletion

  • We retain your account, subscription, and content data for as long as your account is active and as needed to provide the Service
  • Content and performance data may be retained to improve the quality of content we generate for you
  • You can cancel your subscription at any time from your portal settings; you can request deletion of your account and data at any time
  • Upon account termination, we delete or de-identify your client data within 30 days, except where we are required to retain certain records (e.g. billing/tax records) for legal or accounting purposes
  • Social media access tokens are revoked upon account termination
  • To request deletion, email us at gunnar@dryvsocial.ai or use the cancel / delete-account options in your portal settings

Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal data (including under the EU/UK GDPR and the California Consumer Privacy Act, as applicable):

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update your information through the portal or by contacting us
  • Deletion: Request deletion of your personal data
  • Portability: Request your content and data in a portable format
  • Objection / Restriction: Object to or restrict certain processing
  • Revocation: Revoke connected social-platform access at any time through platform settings or by contacting us
  • Non-discrimination: We will not discriminate against you for exercising these rights

We do not sell or "share" personal data as those terms are defined under U.S. state privacy laws. To exercise any of these rights, contact us at gunnar@dryvsocial.ai. We may need to verify your identity before fulfilling a request.

Cookies & Tracking

  • We use essential cookies for authentication and session management
  • We use Vercel Analytics for anonymous website usage data — no personal identifiers are included
  • We do not use advertising cookies or tracking pixels
  • We do not engage in cross-site tracking

Children's Privacy

Our Service is designed for businesses and professionals and is not directed to children. We do not knowingly collect personal information from anyone under 18 years of age, and the Service is not intended for use by minors. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Changes to This Policy

  • We may update this Privacy Policy from time to time and will post changes on this page with an updated date
  • Material changes will be communicated via email to active clients
  • Continued use of the Service after changes take effect constitutes acceptance of the updated policy

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please reach out: