Privacy Policy.

What we collect, why, who sees it, and how you stay in control. Same content in casual and formal form.

Last updated: April 2026·Questions? privacy@orangepotato.app

Plain EnglishThe human version.

FormalThe clause that holds up.

1. What we collect

Your email, name, company, billing info. What you post, what the AI writes, what you approve or reject. Basic analytics like "this page loaded."

We collect: (a) account data (email, name, organization, password hash, billing address and payment method via Stripe); (b) content data (brand kit inputs, generated drafts, approval history, published posts); (c) usage data (device type, IP address, page events, feature interactions).

2. Why we collect it

To run the service. To bill you. To improve the product. To email you about your account. Not to sell to third parties.

We process personal data to: (i) provide and maintain the Service; (ii) process payments and manage subscriptions; (iii) improve product functionality; (iv) send transactional and, with consent, marketing communications; (v) comply with legal obligations. We do not sell personal data.

3. Who we share it with

Service providers we need to run the app: Stripe (payments), AWS (hosting), Anthropic & OpenAI (AI models). That's it.

We share personal data with sub-processors strictly as necessary to provide the Service, including: Stripe, Inc. (payment processing), Amazon Web Services (infrastructure), Anthropic, PBC and OpenAI, L.L.C. (model inference). A current list of sub-processors is available on request.

4. AI training

We don't use your content to train general-purpose AI models. The prompts we send to AI providers use their no-training options.

User Content is transmitted to AI model providers under agreements that prohibit use of that content for model training. Orange Potato does not train machine learning models on User Content outside the bounds of your individual brand.

5. Your rights

You can see, export, or delete your data anytime. Email us at privacy@orangepotato.app — we respond within 30 days.

You have the right to access, rectify, port, and delete your personal data, and to object to certain processing activities. To exercise these rights, contact privacy@orangepotato.app. We will respond within thirty (30) days.

6. Cookies

We use cookies for login sessions and basic analytics (PostHog). You can turn off analytics in settings.

We use strictly necessary cookies for session management and authentication, and analytics cookies (PostHog, self-hosted) for aggregate product analytics. Analytics cookies may be disabled via in-app preferences without degrading core functionality.

7. How long we keep it

While your account is active, plus 90 days after you close it. Billing records we keep for 7 years, because the IRS.

Account and content data are retained for the duration of your subscription plus a 90-day grace period. Financial records required for tax compliance are retained for seven (7) years. Anonymized aggregate data may be retained indefinitely.

8. Where your data lives

US East and EU West (Ireland), depending on where you signed up.

Personal data is stored in AWS regions us-east-1 (United States) and eu-west-1 (Ireland). EU-originated data is processed under Standard Contractual Clauses where applicable.

9. Requests from public authorities

If a government agency or law enforcement asks for data, we review the request first, share only what the law requires, and keep an internal record of what happened. If a request looks invalid or too broad, we may push back or ask for it to be narrowed.

If Hehl Holdings LLC receives a request for user data from a government agency, law enforcement authority, or other public authority, we review the request for legal validity before disclosing any information. We limit any disclosure to the minimum data required by applicable law, document the request and our response internally, and may challenge or seek to narrow requests that appear unlawful or overly broad where appropriate.

10. Kids

This isn't for kids. You need to be 18+.

The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact privacy@orangepotato.app and we will delete it promptly.

11. Changes to this policy

If we change something meaningful, you'll get an email 30 days ahead.

We may update this Privacy Policy periodically. Material changes will be communicated via email at least thirty (30) days prior to taking effect.