PLANNER

Last updated: May 5, 2026

· Versione italiana

Privacy Policy

How PLANNER processes data collected during use of the editorial planning and social publishing service.

1. Data Controller

The Data Controller of personal data collected through PLANNER is:

  • Luca Tenneriello (hereinafter "Controller")
  • VAT number: 02135680433
  • Registered address: Via Mazzini 19, 62027 San Severino Marche (MC), Italia
  • General contact: info@worldcapp.com
  • Privacy contact: privacy@worldcapp.com

2. Personal Data Processed

PLANNER processes the following categories of personal data:

  • Account data: email address, display name, password (stored as bcrypt hash), interface preferences (theme, currency, language).
  • Project and configuration data: client/account name, social network configurations, editorial rules, AI configuration, third-party credentials stored in encrypted form (social tokens, AI API keys, storage credentials).
  • Editorial content: topics, monthly editorial plans, AI-generated text drafts, uploaded or AI-generated images and videos, published links and media.
  • Operational data: access logs, publishing logs, AI usage logs (tokens and costs), failed login attempts, IP address (limited to login rate limiting).
  • Third-party data provided by the user: Telegram notification recipients, identifiers of client social pages.

3. Purposes of Processing

Data is processed for the following purposes:

  • Providing the PLANNER service (authentication, project access, AI content generation, scheduling and publishing on social platforms).
  • Fulfilling contractual and legal obligations toward the user.
  • Operational management, security, audit logs and troubleshooting.
  • Service communications (Telegram publishing notifications, technical alerts).

4. Legal Basis for Processing

The legal bases for processing under Article 6 of Regulation (EU) 2016/679 (GDPR) are:

  • Performance of a contract (Art. 6.1.b GDPR) for data necessary to provide the service.
  • Legitimate interest (Art. 6.1.f GDPR) for operational, security and audit logs, within the limits necessary to ensure service continuity and integrity.
  • Compliance with legal obligations (Art. 6.1.c GDPR) for data retention required by applicable law.

5. Processing Methods

Data is processed using electronic tools and stored on servers managed by the Controller through selected hosting providers. Third-party credentials (social tokens, AI API keys, storage credentials) are stored in encrypted form using an application secret key. Access to administration pages is restricted to authenticated users with specific privileges.

6. Retention Period

  • Account data: for the duration of the contractual relationship; upon termination, up to 12 months unless required otherwise by law.
  • Editorial content and publishing logs: retained as operational history while the project is active.
  • AI usage logs: retained as economic data for accounting and audit purposes.
  • Technical backups: retained for a maximum of 30 days in encrypted off-site archive.

7. Recipients of Data / External Processors

The Controller relies on the following providers as Data Processors (sub-processors), all selected for reliability and GDPR compliance:

  • Cloudflare, Inc. (USA) — DNS, CDN, R2 Object Storage, Workers. Compliant with SCCs and Cloudflare DPA.
  • VPS hosting provider (EU) for the application server.
  • Meta Platforms, Inc. (USA) — Graph API for publishing on Facebook and Instagram.
  • OpenAI, L.L.C. (USA) — text generation and image analysis via API.
  • Google LLC (USA) — Gemini AI for text, image and video generation; YouTube Data API for publishing.
  • Pinterest, Inc. (USA), X Corp. (USA), TikTok, LinkedIn when the user activates the corresponding integrations.
  • Telegram FZ-LLC (UAE) — sending service notifications on Telegram channels configured by the user.
  • BetterStack (USA) — service uptime monitoring.

An updated list of sub-processors is available on written request to privacy@worldcapp.com.

8. Data Transfers Outside the EU

Some providers (Cloudflare, Meta, OpenAI, Google, Pinterest, X, Telegram, BetterStack) are established outside the European Union. Transfers occur on the basis of:

  • Standard Contractual Clauses approved by the European Commission.
  • Supplementary technical measures (encryption at-rest and in-transit) where applicable.
  • Adequacy decisions by the European Commission where available (e.g. EU-US Data Privacy Framework for certified providers).

9. Rights of the Data Subject

Pursuant to Articles 15–22 GDPR, the user has the right to:

  • Access their personal data (Art. 15).
  • Obtain rectification of inaccurate data (Art. 16).
  • Obtain erasure of their data ("right to be forgotten", Art. 17), within legal limits.
  • Obtain restriction of processing (Art. 18).
  • Obtain data portability in a structured, machine-readable format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Not be subject to automated decisions producing significant legal effects (Art. 22).

10. Exercising Rights and Complaints

Requests to exercise rights can be sent to privacy@worldcapp.com. The Controller will respond within 30 days of receipt, except for justified extensions allowed by law.

The user also has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with their local supervisory authority if they believe the processing of their data violates applicable law.

11. Cookies

PLANNER uses only technical cookies essential to the operation of the service (login session). For details, please see the Cookie Policy.

12. Changes to This Privacy Policy

This Privacy Policy may be updated at any time to reflect changes to the service, regulatory developments or organisational changes. The "Last updated" date at the top of the page is the official reference of the current version. Material changes will be communicated to the user by email or via notice in the application.

Go to login