ad2app-lib 1.6.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analytics/index.d.ts +99 -0
- package/dist/analytics/index.js +42 -0
- package/dist/legal/meta.d.ts +1 -1
- package/dist/legal/meta.js +1 -1
- package/dist/legal/privacy.js +18 -11
- package/dist/legal/terms.js +16 -6
- package/dist/types/scheduling/I_SchedulingProUpgrade.d.ts +1 -14
- package/dist/types/scheduling/I_SchedulingProUpgrade.js +1 -10
- package/package.json +1 -1
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonical PostHog analytics taxonomy for ad2app.
|
|
3
|
+
*
|
|
4
|
+
* Single source of truth for event names, event property shapes, and person
|
|
5
|
+
* property keys across ALL surfaces (frontend, backend, landing, future MCP).
|
|
6
|
+
* Spec: ad2appus/docs/posthog-implementation.md §3.
|
|
7
|
+
*
|
|
8
|
+
* Naming convention: snake_case, object_verb_past_tense.
|
|
9
|
+
* Do NOT rename events after they ship — historical data does not migrate.
|
|
10
|
+
*/
|
|
11
|
+
/** Canonical PostHog event names. */
|
|
12
|
+
export declare const EVENTS: {
|
|
13
|
+
readonly LANDING_CTA_CLICKED: "landing_cta_clicked";
|
|
14
|
+
readonly SIGNED_UP: "signed_up";
|
|
15
|
+
readonly PROFILE_COMPLETED: "profile_completed";
|
|
16
|
+
readonly LOGGED_IN: "logged_in";
|
|
17
|
+
readonly SOCIAL_ACCOUNT_CONNECTED: "social_account_connected";
|
|
18
|
+
readonly COMPOSE_STARTED: "compose_started";
|
|
19
|
+
readonly POST_SCHEDULED: "post_scheduled";
|
|
20
|
+
readonly POST_PUBLISHED: "post_published";
|
|
21
|
+
readonly ANALYTICS_VIEWED: "analytics_viewed";
|
|
22
|
+
readonly TRIAL_STARTED: "trial_started";
|
|
23
|
+
readonly LIMIT_REACHED: "limit_reached";
|
|
24
|
+
readonly UPGRADE_CLICKED: "upgrade_clicked";
|
|
25
|
+
readonly CHECKOUT_STARTED: "checkout_started";
|
|
26
|
+
readonly SUBSCRIPTION_STARTED: "subscription_started";
|
|
27
|
+
readonly SUBSCRIPTION_CANCELED: "subscription_canceled";
|
|
28
|
+
};
|
|
29
|
+
export type EventName = (typeof EVENTS)[keyof typeof EVENTS];
|
|
30
|
+
/** Property shape per event. Keeps emitters honest across repos. */
|
|
31
|
+
export interface EventProperties {
|
|
32
|
+
[EVENTS.LANDING_CTA_CLICKED]: {
|
|
33
|
+
location: 'hero' | 'pricing' | 'final_cta' | 'nav';
|
|
34
|
+
};
|
|
35
|
+
[EVENTS.SIGNED_UP]: {
|
|
36
|
+
method: 'email' | 'google';
|
|
37
|
+
role: string;
|
|
38
|
+
};
|
|
39
|
+
[EVENTS.PROFILE_COMPLETED]: {
|
|
40
|
+
role: string;
|
|
41
|
+
};
|
|
42
|
+
[EVENTS.LOGGED_IN]: {
|
|
43
|
+
method?: 'email' | 'google';
|
|
44
|
+
};
|
|
45
|
+
[EVENTS.SOCIAL_ACCOUNT_CONNECTED]: {
|
|
46
|
+
platform: string;
|
|
47
|
+
account_count?: number;
|
|
48
|
+
};
|
|
49
|
+
[EVENTS.COMPOSE_STARTED]: {
|
|
50
|
+
source?: 'wizard' | 'quick';
|
|
51
|
+
};
|
|
52
|
+
[EVENTS.POST_SCHEDULED]: {
|
|
53
|
+
platforms: string[];
|
|
54
|
+
platform_count: number;
|
|
55
|
+
scheduled_for?: string;
|
|
56
|
+
};
|
|
57
|
+
[EVENTS.POST_PUBLISHED]: {
|
|
58
|
+
platforms: string[];
|
|
59
|
+
platform_count: number;
|
|
60
|
+
status: 'success' | 'partial' | 'failed';
|
|
61
|
+
};
|
|
62
|
+
[EVENTS.ANALYTICS_VIEWED]: {
|
|
63
|
+
scope?: 'overview' | 'account' | 'post';
|
|
64
|
+
};
|
|
65
|
+
[EVENTS.TRIAL_STARTED]: {
|
|
66
|
+
plan: string;
|
|
67
|
+
};
|
|
68
|
+
[EVENTS.LIMIT_REACHED]: {
|
|
69
|
+
limit: 'x_link_posts' | 'accounts';
|
|
70
|
+
plan: string;
|
|
71
|
+
cap: number;
|
|
72
|
+
};
|
|
73
|
+
[EVENTS.UPGRADE_CLICKED]: {
|
|
74
|
+
from_plan?: string;
|
|
75
|
+
to_plan?: string;
|
|
76
|
+
surface: string;
|
|
77
|
+
};
|
|
78
|
+
[EVENTS.CHECKOUT_STARTED]: {
|
|
79
|
+
plan: string;
|
|
80
|
+
};
|
|
81
|
+
[EVENTS.SUBSCRIPTION_STARTED]: {
|
|
82
|
+
plan: string;
|
|
83
|
+
mrr?: number;
|
|
84
|
+
accounts_included?: number;
|
|
85
|
+
};
|
|
86
|
+
[EVENTS.SUBSCRIPTION_CANCELED]: {
|
|
87
|
+
plan: string;
|
|
88
|
+
reason?: string;
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
/** Canonical person property keys (set via identify / $set). */
|
|
92
|
+
export declare const PERSON_PROPS: {
|
|
93
|
+
readonly EMAIL: "email";
|
|
94
|
+
readonly ROLE: "role";
|
|
95
|
+
readonly PLAN: "plan";
|
|
96
|
+
readonly ACCOUNT_COUNT: "account_count";
|
|
97
|
+
readonly TRIAL_ENDS_AT: "trial_ends_at";
|
|
98
|
+
};
|
|
99
|
+
export type PersonPropKey = (typeof PERSON_PROPS)[keyof typeof PERSON_PROPS];
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Canonical PostHog analytics taxonomy for ad2app.
|
|
4
|
+
*
|
|
5
|
+
* Single source of truth for event names, event property shapes, and person
|
|
6
|
+
* property keys across ALL surfaces (frontend, backend, landing, future MCP).
|
|
7
|
+
* Spec: ad2appus/docs/posthog-implementation.md §3.
|
|
8
|
+
*
|
|
9
|
+
* Naming convention: snake_case, object_verb_past_tense.
|
|
10
|
+
* Do NOT rename events after they ship — historical data does not migrate.
|
|
11
|
+
*/
|
|
12
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
+
exports.PERSON_PROPS = exports.EVENTS = void 0;
|
|
14
|
+
/** Canonical PostHog event names. */
|
|
15
|
+
exports.EVENTS = {
|
|
16
|
+
// Acquisition (landing)
|
|
17
|
+
LANDING_CTA_CLICKED: 'landing_cta_clicked',
|
|
18
|
+
// Activation (web app)
|
|
19
|
+
SIGNED_UP: 'signed_up', // server-owned (backend, on user creation)
|
|
20
|
+
PROFILE_COMPLETED: 'profile_completed', // the /complete-profile step (influencers)
|
|
21
|
+
LOGGED_IN: 'logged_in',
|
|
22
|
+
SOCIAL_ACCOUNT_CONNECTED: 'social_account_connected',
|
|
23
|
+
COMPOSE_STARTED: 'compose_started',
|
|
24
|
+
POST_SCHEDULED: 'post_scheduled',
|
|
25
|
+
POST_PUBLISHED: 'post_published', // server-confirmed (backend)
|
|
26
|
+
ANALYTICS_VIEWED: 'analytics_viewed',
|
|
27
|
+
// Revenue (backend = source of truth)
|
|
28
|
+
TRIAL_STARTED: 'trial_started',
|
|
29
|
+
LIMIT_REACHED: 'limit_reached', // cap hit (e.g. X link-post cap) — the upsell trigger
|
|
30
|
+
UPGRADE_CLICKED: 'upgrade_clicked', // client intent
|
|
31
|
+
CHECKOUT_STARTED: 'checkout_started',
|
|
32
|
+
SUBSCRIPTION_STARTED: 'subscription_started',
|
|
33
|
+
SUBSCRIPTION_CANCELED: 'subscription_canceled',
|
|
34
|
+
};
|
|
35
|
+
/** Canonical person property keys (set via identify / $set). */
|
|
36
|
+
exports.PERSON_PROPS = {
|
|
37
|
+
EMAIL: 'email',
|
|
38
|
+
ROLE: 'role',
|
|
39
|
+
PLAN: 'plan', // 'trial' | 'starter' | 'all_platforms' | 'free'
|
|
40
|
+
ACCOUNT_COUNT: 'account_count',
|
|
41
|
+
TRIAL_ENDS_AT: 'trial_ends_at',
|
|
42
|
+
};
|
package/dist/legal/meta.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export declare const LEGAL_META: {
|
|
2
|
-
readonly lastUpdated: "
|
|
2
|
+
readonly lastUpdated: "10 June 2026";
|
|
3
3
|
readonly contactEmail: "kontakt@ad2.app";
|
|
4
4
|
readonly controllerName: "Ad2app sp. z o.o.";
|
|
5
5
|
readonly controllerAddress: "ul. Juliana Smulikowskiego 4A/21, 00-389 Warszawa, Poland";
|
package/dist/legal/meta.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.LEGAL_META = void 0;
|
|
4
4
|
exports.LEGAL_META = {
|
|
5
|
-
lastUpdated: '
|
|
5
|
+
lastUpdated: '10 June 2026',
|
|
6
6
|
contactEmail: 'kontakt@ad2.app',
|
|
7
7
|
controllerName: 'Ad2app sp. z o.o.',
|
|
8
8
|
controllerAddress: 'ul. Juliana Smulikowskiego 4A/21, 00-389 Warszawa, Poland',
|
package/dist/legal/privacy.js
CHANGED
|
@@ -31,20 +31,24 @@ exports.PRIVACY_SECTIONS = [
|
|
|
31
31
|
{ text: '**Identity & contact data:** first name, last name, email address, business name, phone number (if provided).' },
|
|
32
32
|
{ text: '**Account credentials:** hashed password; OAuth access and refresh tokens when you connect social media accounts — we store tokens, not your passwords.' },
|
|
33
33
|
{
|
|
34
|
-
text: '**Social platform data via OAuth:** when you authorise a connection to
|
|
34
|
+
text: '**Social platform data via OAuth:** when you authorise a connection to one of the social media platforms you choose to connect (currently Instagram, TikTok, X (Twitter), YouTube, LinkedIn, Facebook, Threads, Pinterest, Reddit, and Bluesky), we receive data from that platform\'s API as permitted by your OAuth consent. Across all connected platforms this generally includes your account/profile data (such as user ID, username or handle, display name, avatar, and account statistics where the platform exposes them), the content and media of posts you compose, schedule, or publish through the Service, and performance/analytics data for your published posts. The specific data received depends on the platform and the permissions you grant. For some platforms we describe the data in more detail below; the absence of a platform from the detailed list does not mean less data protection — the same general categories and safeguards apply:',
|
|
35
35
|
sub: [
|
|
36
36
|
{ text: '**TikTok:** basic profile (user ID, display name, avatar, biography, profile URL), account statistics (follower count, following count, like count, video count), video list and metadata (titles, view counts, engagement metrics), and — where enabled for scheduling features — video upload and publish permissions. We request only the permissions required for the features you actively use.' },
|
|
37
37
|
{ text: '**Instagram:** Instagram Business account data including username, biography, profile picture, account type, and associated business metrics.' },
|
|
38
38
|
{ text: '**Facebook:** public profile information and, where you grant permission, your Facebook email address. Facebook is an independent OAuth provider separate from Instagram.' },
|
|
39
39
|
{ text: '**YouTube:** YouTube channel data (read-only: videos, statistics, channel metadata) and your Google Account profile (name, profile picture URL, Google Account ID) via the Google identity scope used for authentication.' },
|
|
40
|
+
{ text: '**Other connected platforms (X (Twitter), LinkedIn, Threads, Pinterest, Reddit, Bluesky):** account/profile data, the post content and media you publish through the Service, and published-post analytics, in each case as permitted by the OAuth permissions you grant on that platform.' },
|
|
40
41
|
],
|
|
41
42
|
},
|
|
42
43
|
{ text: '**Audience data (aggregate only):** demographic and engagement statistics about your social media audience, as provided by the connected platform\'s API. This data is processed exclusively in aggregate statistical form and is not linked to any identified individual within your audience. We have assessed whether this data could constitute special category data under Art. 9 GDPR and confirm that we do not process such special category data — audience data is processed solely as aggregate numeric metrics.' },
|
|
43
44
|
{ text: '**Inbox data:** when you use the platform\'s inbox features, direct message conversations and post comments from your connected social media accounts are fetched and displayed. This includes content sent to you by your followers or other third parties on those platforms. See Section 11 for further detail.' },
|
|
44
45
|
{ text: '**Professional data:** influencer category, social media handles, media kit content.' },
|
|
45
46
|
{ text: '**Campaign & collaboration data:** campaign briefs, offer terms, messages exchanged within the platform between brands and influencers.' },
|
|
46
|
-
{ text: '**
|
|
47
|
-
{ text: '**
|
|
47
|
+
{ text: '**Post content & scheduled posts:** the content you compose, schedule, and publish through the Service — including post text, captions, hashtags, links, scheduling times, and the images, videos, and other media you upload for those posts — together with the publishing status and metadata of each post.' },
|
|
48
|
+
{ text: '**Published-post analytics:** performance and engagement metrics for posts you have published through the Service to your connected accounts (e.g. views, impressions, likes, comments, shares, reach, and other statistics), as provided by the connected platform\'s API.' },
|
|
49
|
+
{ text: '**Media & content:** files you upload (images, videos, documents) for posts, campaigns, or your profile.' },
|
|
50
|
+
{ text: '**Technical & usage data:** anonymised IP address, browser type and version, operating system, pages visited, referral URLs, timestamps, error and crash reports, and usage events (e.g. feature interactions such as button clicks and page views, tracked via PostHog — see Sections 6 and 9). Usage tracking starts only after you give consent via the cookie banner.' },
|
|
51
|
+
{ text: '**Session replay data:** with your consent (see Section 9), we record replays of your interactions with the Service (mouse movement, scrolling, clicks, page navigation) to diagnose usability problems and errors. All text you type into input fields is masked before recording and never leaves your browser in readable form. Recordings are retained for 30 days.' },
|
|
48
52
|
{ text: '**Billing data:** billing address and payment reference. Payment card details are handled exclusively by Stripe and are never stored by ad2app.' },
|
|
49
53
|
{ text: '**Waitlist data:** if you submit your email address via our waitlist form before registering, we store that email address to notify you when access is available.' },
|
|
50
54
|
{ text: '**Feedback data:** free-text feedback submitted via the in-app feedback form. This may incidentally contain personal data you choose to include.' },
|
|
@@ -63,15 +67,15 @@ exports.PRIVACY_SECTIONS = [
|
|
|
63
67
|
headers: ['Purpose', 'Legal basis (GDPR Art. 6)'],
|
|
64
68
|
rows: [
|
|
65
69
|
['Creating and managing your account', 'Art. 6(1)(b) — performance of contract'],
|
|
66
|
-
['Providing platform features (campaigns, collaborations, messaging, inbox)', 'Art. 6(1)(b) — performance of contract'],
|
|
67
|
-
['Processing social media data received via OAuth connections (audience metrics, engagement data, video metadata, inbox messages)', 'Art. 6(1)(b) — performance of contract: necessary to deliver influencer-brand matching, campaign analytics, and inbox features as contracted. Audience data is processed in aggregate and anonymised form only. No Art. 9 special category data is processed.'],
|
|
70
|
+
['Providing platform features (scheduling and publishing posts to your connected accounts, post analytics, campaigns, collaborations, messaging, inbox)', 'Art. 6(1)(b) — performance of contract'],
|
|
71
|
+
['Processing social media data received via OAuth connections (profile/account data, post content and media you publish, published-post analytics, audience metrics, engagement data, video metadata, inbox messages)', 'Art. 6(1)(b) — performance of contract: necessary to deliver post scheduling and publishing, post analytics, influencer-brand matching, campaign analytics, and inbox features as contracted. Audience data is processed in aggregate and anonymised form only. No Art. 9 special category data is processed.'],
|
|
68
72
|
['Automated influencer–campaign matching and recommendations (profiling within the meaning of Art. 4(4) GDPR)', 'Art. 6(1)(b) — performance of contract. No binding automated decision with legal or similarly significant effect is made solely by automated means — all matches require affirmative acceptance by both parties. Human review is available on request.'],
|
|
69
73
|
['Temporary retention of account data for 30 days following account deletion (account recovery window)', 'Art. 6(1)(f) — legitimate interests: ad2app\'s and the user\'s shared interest in preventing irreversible accidental data loss, balanced against the minimal additional retention period.'],
|
|
70
74
|
['Processing payments and issuing invoices (via Stripe)', 'Art. 6(1)(b) & Art. 6(1)(c) — contract & legal obligation'],
|
|
71
75
|
['Complying with legal obligations (tax, accounting, record-keeping)', 'Art. 6(1)(c) — legal obligation: Polish Accounting Act (Ustawa o rachunkowości), Tax Ordinance (Ordynacja podatkowa), VAT Act (Ustawa o VAT).'],
|
|
72
76
|
['Waitlist email: notifying you when platform access is available', 'Art. 6(1)(a) — consent (given at the point of waitlist submission; withdrawable at any time).'],
|
|
73
77
|
['Processing in-app feedback', 'Art. 6(1)(f) — legitimate interests: ad2app\'s interest in improving the Service through user feedback.'],
|
|
74
|
-
['Improving and developing the Service (usage analytics
|
|
78
|
+
['Improving and developing the Service (usage analytics, session replay, and error tracking via PostHog)', 'Art. 6(1)(a) — consent, given via the cookie consent banner and withdrawable at any time. No analytics events are captured and no analytics cookies are set before you make a choice. Supplemented by Art. 6(1)(f) — legitimate interests — for aggregate, pseudonymised product statistics.'],
|
|
75
79
|
['Security, fraud prevention, and abuse detection', 'Art. 6(1)(f) — legitimate interests: ad2app\'s interest in maintaining platform integrity and protecting users from harm, which overrides the minimal intrusiveness of security logging.'],
|
|
76
80
|
['Transfer of personal data in a merger, acquisition, or business asset sale', 'Art. 6(1)(f) — legitimate interests: ad2app\'s legitimate interest in completing lawful business restructuring, balanced against data subjects\' interests. Data subjects will be notified before their data is subject to a materially different privacy policy.'],
|
|
77
81
|
['Sending marketing communications', 'Art. 6(1)(a) — consent (withdrawable at any time without affecting prior processing).'],
|
|
@@ -90,10 +94,13 @@ exports.PRIVACY_SECTIONS = [
|
|
|
90
94
|
items: [
|
|
91
95
|
{ text: '**Account data:** for the duration of your account plus 30 days after deletion (account recovery window), then permanently deleted. You may request immediate permanent deletion — waiving the recovery window — by explicitly stating this in your request to kontakt@ad2.app.' },
|
|
92
96
|
{ text: '**Campaign & collaboration data:** for the duration of your account plus 12 months after account deletion to allow dispute resolution, after which it is permanently deleted. Anonymised aggregated analytics may be retained indefinitely.' },
|
|
97
|
+
{ text: '**Post content, scheduled posts, and published-post analytics:** retained for the duration of your account and deleted with your account data (subject to the 30-day account recovery window). Anonymised aggregated analytics may be retained indefinitely.' },
|
|
93
98
|
{ text: '**OAuth access and refresh tokens:** revoked and deleted immediately upon disconnection or account deletion, with a maximum retention of 24 hours for revocation processing logs.' },
|
|
94
99
|
{ text: '**Inbox data (DMs and comments):** retained for the duration of your account; deleted with your account data.' },
|
|
95
100
|
{ text: '**Invoices and billing records:** 5 years from the end of the fiscal year (Polish Accounting Act).' },
|
|
96
101
|
{ text: '**Technical logs:** up to 90 days.' },
|
|
102
|
+
{ text: '**Product analytics events (PostHog):** retained in pseudonymised form for the operation of our analytics; deleted within 30 days of an erasure request or consent withdrawal.' },
|
|
103
|
+
{ text: '**Session replay recordings (PostHog):** 30 days, then automatically deleted.' },
|
|
97
104
|
{ text: '**Marketing consent records:** until consent is withdrawn plus 3 years for compliance evidence.' },
|
|
98
105
|
{ text: '**Waitlist emails:** until you register for an account or request deletion, or 24 months from submission if you do not register — whichever comes first.' },
|
|
99
106
|
{ text: '**In-app feedback:** up to 24 months from submission.' },
|
|
@@ -116,7 +123,7 @@ exports.PRIVACY_SECTIONS = [
|
|
|
116
123
|
sub: [
|
|
117
124
|
{ text: '**Zernio (ARBICHAT, S.L.)** — social media API aggregation: we pass OAuth tokens, post content, media files, and inbox data to Zernio solely to execute publishing and inbox operations on your behalf. Zernio is incorporated in Spain (EEA); however, data is processed on infrastructure with residency in North America (United States). This constitutes an international data transfer covered by Standard Contractual Clauses (Commission Decision 2021/914).' },
|
|
118
125
|
{ text: '**Stripe** — payment processing: billing address, email, and payment reference are shared with Stripe to process subscription payments. Stripe is located in the United States and operates under the EU–US Data Privacy Framework.' },
|
|
119
|
-
{ text: '**
|
|
126
|
+
{ text: '**PostHog (PostHog, Inc.)** — product analytics, session replay, and error tracking: pseudonymised usage event data (feature interactions, page views, device/browser info), masked session recordings, and error reports are processed only after you have given explicit analytics consent via the cookie banner. Our PostHog instance is **PostHog Cloud EU, hosted in Frankfurt, Germany** — analytics data is stored and processed within the EEA. PostHog, Inc. is incorporated in the United States; any residual access from outside the EEA is governed by a Data Processing Agreement incorporating Standard Contractual Clauses (Commission Decision 2021/914).' },
|
|
120
127
|
{ text: '**Vercel Inc.** — backend API hosting and compute: server-side application code, API requests, and associated request logs are processed on Vercel\'s infrastructure. Vercel is located in the United States and transfers are covered by Standard Contractual Clauses (Commission Decision 2021/914).' },
|
|
121
128
|
{ text: '**Neon Inc.** — PostgreSQL database hosting: all structured platform data (accounts, campaigns, collaborations, social account metadata) is stored in a Neon-hosted PostgreSQL database. Neon is located in the United States and transfers are covered by Standard Contractual Clauses (Commission Decision 2021/914).' },
|
|
122
129
|
{ text: '**Google Firebase (Firebase Authentication)** — authentication token verification: authentication tokens issued to users may be verified against Firebase Authentication to validate active sessions. Firebase is a Google service located in the United States and operates under the EU–US Data Privacy Framework.' },
|
|
@@ -133,7 +140,7 @@ exports.PRIVACY_SECTIONS = [
|
|
|
133
140
|
id: 's7',
|
|
134
141
|
title: '7. International Data Transfers',
|
|
135
142
|
blocks: [
|
|
136
|
-
{ kind: 'p', text: 'Your data is primarily processed within the European Economic Area (EEA). We use certain processors located outside the EEA, including processors based in the United States (currently: Vercel, Neon, Google Firebase, Stripe,
|
|
143
|
+
{ kind: 'p', text: 'Your data is primarily processed within the European Economic Area (EEA). Product analytics data (PostHog) is stored and processed on EU servers in Frankfurt, Germany. We use certain processors located outside the EEA, including processors based in the United States (currently: Vercel, Neon, Google Firebase, Stripe, and Zernio; plus residual support access by PostHog, Inc.). For all such transfers we ensure adequate safeguards through one or more of the following mechanisms:' },
|
|
137
144
|
{
|
|
138
145
|
kind: 'ul',
|
|
139
146
|
items: [
|
|
@@ -177,10 +184,10 @@ exports.PRIVACY_SECTIONS = [
|
|
|
177
184
|
items: [
|
|
178
185
|
{ text: '**Strictly necessary cookies:** required for authentication sessions and core platform functionality. Cannot be disabled without breaking the Service. Legal basis: Art. 6(1)(b) — contract performance; no consent required. Duration: session cookies expire when you close your browser; authentication cookies expire after 30 days of inactivity.' },
|
|
179
186
|
{ text: '**Functional cookies:** set only in direct response to an action you take (e.g. selecting a language or theme preference), and strictly necessary to deliver that specific function you have requested. They do not track you across sessions beyond preserving your chosen setting. Legal basis: strictly necessary to fulfil your explicit request under Art. 173 of the Polish Telecommunications Act (ePrivacy); no separate consent required. Duration: up to 12 months, or cleared when you clear your browser data.' },
|
|
180
|
-
{ text: '**Analytics cookies (
|
|
187
|
+
{ text: '**Analytics cookies (PostHog):** collect pseudonymised usage event data, enable session replay (with all typed input masked), and capture error reports to help us understand and improve how the Service is used. Legal basis: Art. 6(1)(a) — consent. **No analytics cookies are set and no analytics events are captured before you make a choice** in the cookie consent banner shown on first visit. If you accept, PostHog sets a first-party cookie (name beginning `ph_`) on the `ad2.app` domain, valid for up to 1 year, shared between our website and the app so you are not asked twice. If you decline, no analytics cookie is set and no events are collected. Analytics data is processed on PostHog Cloud EU servers in Frankfurt, Germany (see Section 6).' },
|
|
181
188
|
],
|
|
182
189
|
},
|
|
183
|
-
{ kind: 'p', text: 'You may withdraw or update your cookie consent at any time
|
|
190
|
+
{ kind: 'p', text: 'You may withdraw or update your cookie consent at any time via the "Cookie settings" link in the footer of our website, or on this Privacy Policy page in the app. Withdrawing analytics consent does not affect platform functionality.' },
|
|
184
191
|
{ kind: 'subheading', text: 'Browser local storage' },
|
|
185
192
|
{ kind: 'p', text: 'In addition to cookies, we use browser local storage to preserve application state between sessions. This includes: your language and theme preferences; a cached copy of your subscription tier and status (retained for up to 30 days then invalidated); and draft campaign deadline data. Local storage data is stored on your device only and is not transmitted to our servers independently of your normal usage. It is cleared when you clear your browser data or log out.' },
|
|
186
193
|
],
|
|
@@ -208,7 +215,7 @@ exports.PRIVACY_SECTIONS = [
|
|
|
208
215
|
id: 's11',
|
|
209
216
|
title: '11. Third-Party Links, Social Platforms, and Inbox Data',
|
|
210
217
|
blocks: [
|
|
211
|
-
{ kind: 'p', text: 'The Service allows you to connect social media accounts
|
|
218
|
+
{ kind: 'p', text: 'The Service allows you to connect the social media accounts you choose to enable platform features. Supported platforms currently include Instagram, TikTok, X (Twitter), YouTube, LinkedIn, Facebook, Threads, Pinterest, Reddit, and Bluesky. When you authorise an OAuth connection, ad2app receives data from that platform\'s API as permitted by your OAuth consent screen. The source of all such data is the respective social media platform\'s API.' },
|
|
212
219
|
{ kind: 'p', text: '**Inbox data and third-party communications:** when you use the inbox features, direct message conversations and post comments from your connected social media accounts are fetched and stored. This includes messages and comments sent by your followers and other third parties on those platforms. Those individuals have not directly provided their data to ad2app. We process this data under Art. 6(1)(b) (to provide the inbox feature you have contracted for) and rely on the exemption in Art. 14(5)(b) GDPR — providing individual notice to each such person would require disproportionate effort given the volume and platform-derived nature of the data. Inbox data is not used for profiling, advertising, or any purpose beyond displaying your social media communications within the platform.' },
|
|
213
220
|
{ kind: 'p', text: '**Audience data (Art. 14 GDPR):** when you connect a social media account, the connected platform may provide aggregate audience data (e.g. demographic statistics about your followers). This data originates from the social platform and relates to individuals who are not in a direct relationship with ad2app. We rely on Art. 14(5)(b) GDPR — individual notification is impossible given the aggregate and platform-derived nature of this data. It is processed solely in aggregated form for influencer–brand matching and campaign analytics, and is not used for any other purpose.' },
|
|
214
221
|
{ kind: 'p', text: 'We are not responsible for the privacy practices of third-party social platforms. Please review their privacy policies before connecting your accounts.' },
|
package/dist/legal/terms.js
CHANGED
|
@@ -14,7 +14,17 @@ exports.TERMS_SECTIONS = [
|
|
|
14
14
|
id: 's2',
|
|
15
15
|
title: '2. Service Description',
|
|
16
16
|
blocks: [
|
|
17
|
-
{ kind: 'p', text: 'ad2app is a
|
|
17
|
+
{ kind: 'p', text: 'ad2app is a social media management platform for content creators. At its core, the Service lets you connect your own social media accounts, compose a post once, schedule and publish it to the platforms you choose, and track the performance of your published posts. The Service includes:' },
|
|
18
|
+
{
|
|
19
|
+
kind: 'ul',
|
|
20
|
+
items: [
|
|
21
|
+
{ text: 'Connecting your own social media accounts via authorised access (OAuth) — currently Instagram, TikTok, X (Twitter), YouTube, LinkedIn, Facebook, Threads, Pinterest, Reddit, and Bluesky.' },
|
|
22
|
+
{ text: 'Composing a post once and scheduling and publishing it to the connected platforms you select.' },
|
|
23
|
+
{ text: 'Analytics and reporting on your published posts.' },
|
|
24
|
+
{ text: 'Media and content file management.' },
|
|
25
|
+
],
|
|
26
|
+
},
|
|
27
|
+
{ kind: 'p', text: 'ad2app also operates as a broader B2B influencer marketing platform. Depending on your account type and the features made available to you, the Service may additionally enable brands and agencies ("Advertisers") to discover, manage, and collaborate with content creators and influencers ("Influencers") on marketing campaigns, including:' },
|
|
18
28
|
{
|
|
19
29
|
kind: 'ul',
|
|
20
30
|
items: [
|
|
@@ -23,10 +33,9 @@ exports.TERMS_SECTIONS = [
|
|
|
23
33
|
{ text: 'Collaboration and offer management workflows.' },
|
|
24
34
|
{ text: 'Messaging between Advertisers and Influencers.' },
|
|
25
35
|
{ text: 'Social media inbox management (DMs and comments from connected platforms).' },
|
|
26
|
-
{ text: 'Analytics and reporting features.' },
|
|
27
|
-
{ text: 'Media and content file management.' },
|
|
28
36
|
],
|
|
29
37
|
},
|
|
38
|
+
{ kind: 'p', text: 'Not all features described in these Terms are available to every User or in every plan. Where a clause applies only to a particular feature or account type (for example, campaigns or collaborations between Users), it applies to you only to the extent you use that feature.' },
|
|
30
39
|
{ kind: 'p', text: 'We reserve the right to modify, suspend, or discontinue any part of the Service at any time, with reasonable prior notice where technically or commercially practicable.' },
|
|
31
40
|
],
|
|
32
41
|
},
|
|
@@ -82,7 +91,7 @@ exports.TERMS_SECTIONS = [
|
|
|
82
91
|
},
|
|
83
92
|
{ kind: 'subheading', text: 'Platform non-liability for User Content' },
|
|
84
93
|
{ kind: 'p', text: '**ad2app does not create, edit, endorse, or control User Content.** We act solely as a hosting intermediary within the meaning of Article 6 of the EU Digital Services Act (Regulation (EU) 2022/2065) and are not liable for User Content unless we have actual knowledge of its illegal nature and fail to act expeditiously to remove or disable access to it.' },
|
|
85
|
-
{ kind: 'p', text: 'You are **solely and exclusively responsible** for any content you create, publish, share, or distribute through the Service, including — but not limited to —
|
|
94
|
+
{ kind: 'p', text: 'You are **solely and exclusively responsible** for any content you create, publish, share, schedule, or distribute through the Service, including — but not limited to — scheduled posts, captions, images, videos, hashtags, campaign materials, promotional posts, sponsored content, and any other material posted on third-party platforms (including the social media platforms you connect, such as Instagram, TikTok, X (Twitter), YouTube, LinkedIn, Facebook, Threads, Pinterest, Reddit, and Bluesky) using ad2app as a tool or workflow. ad2app assumes no liability for such content regardless of whether it was composed, scheduled, planned, briefed, or tracked through the platform.' },
|
|
86
95
|
{ kind: 'p', text: 'In particular, you are responsible for ensuring that all published content complies with: (a) applicable advertising and marketing laws; (b) platform-specific community guidelines and terms of service of any third-party social media platform; (c) intellectual property rights of third parties; and (d) all applicable laws of the jurisdiction(s) where the content is distributed or viewed.' },
|
|
87
96
|
{ kind: 'subheading', text: 'Digital Services Act — Points of Contact (Art. 11 DSA)' },
|
|
88
97
|
{ kind: 'p', text: 'In accordance with Art. 11 of Regulation (EU) 2022/2065 (Digital Services Act), ad2app designates the following single point of contact for direct communication with Member State authorities, the European Commission, and the European Board for Digital Services: kontakt@ad2.app. Communications may be conducted in Polish or English.' },
|
|
@@ -104,7 +113,7 @@ exports.TERMS_SECTIONS = [
|
|
|
104
113
|
id: 's6',
|
|
105
114
|
title: '6. Intellectual Property',
|
|
106
115
|
blocks: [
|
|
107
|
-
{ kind: 'p', text: 'The Service, including its software, design, logos, trademarks, and documentation, is owned by or licensed to ad2app and is protected by intellectual property laws. You are granted a limited, non-exclusive, non-transferable, revocable licence to access and use the Service solely for your
|
|
116
|
+
{ kind: 'p', text: 'The Service, including its software, design, logos, trademarks, and documentation, is owned by or licensed to ad2app and is protected by intellectual property laws. You are granted a limited, non-exclusive, non-transferable, revocable licence to access and use the Service solely for your own purposes in accordance with these Terms. You must not:' },
|
|
108
117
|
{
|
|
109
118
|
kind: 'ul',
|
|
110
119
|
items: [
|
|
@@ -119,7 +128,7 @@ exports.TERMS_SECTIONS = [
|
|
|
119
128
|
id: 's7',
|
|
120
129
|
title: '7. Campaigns and Collaborations Between Users',
|
|
121
130
|
blocks: [
|
|
122
|
-
{ kind: 'p', text: '
|
|
131
|
+
{ kind: 'p', text: 'This section applies where the Service is used to facilitate campaigns or collaborations between Users; it does not apply to your use of the scheduling, publishing, and analytics features for your own accounts. Where the Service facilitates agreements between Advertisers and Influencers, ad2app is not a party to any agreement reached between Users through the platform and has no control over the performance, quality, legality, or accuracy of campaigns or content produced. **In all cases, ad2app is not responsible for any content that Users publish, broadcast, schedule, or distribute on any platform — including third-party social media platforms — whether or not that content was composed, scheduled, planned, briefed, approved, or tracked through the Service.**' },
|
|
123
132
|
{ kind: 'p', text: 'Each User is solely responsible for:' },
|
|
124
133
|
{
|
|
125
134
|
kind: 'ul',
|
|
@@ -208,6 +217,7 @@ exports.TERMS_SECTIONS = [
|
|
|
208
217
|
title: '13. Data Protection',
|
|
209
218
|
blocks: [
|
|
210
219
|
{ kind: 'p', text: 'Our collection and use of personal data is governed by our {PRIVACY}, which forms part of these Terms. By accepting these Terms, you acknowledge that you have read and understood our Privacy Policy.' },
|
|
220
|
+
{ kind: 'p', text: 'The Service uses third-party data processors — including EU-hosted product analytics (PostHog Cloud EU), payment processing (Stripe), and social media API aggregation (Zernio) — as listed and described in the Privacy Policy. Usage analytics and session replay operate only with your consent, which you may give or withdraw at any time via the cookie consent controls described in the Privacy Policy.' },
|
|
211
221
|
{ kind: 'p', text: 'Where you, as an Advertiser, use the Service to access, communicate with, or manage Influencer personal data through the platform, ad2app acts as a **data processor** on your behalf under Article 28 GDPR, and you act as the **data controller** for that processing. Our Data Processing Agreement (available on request at kontakt@ad2.app) governs that relationship. You remain solely responsible for ensuring you have a valid legal basis for any personal data processing you direct through the platform and for your own compliance with GDPR in your capacity as controller.' },
|
|
212
222
|
],
|
|
213
223
|
},
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Covers subscription tier state, Stripe checkout flows,
|
|
5
5
|
* and the customer portal redirect.
|
|
6
6
|
*/
|
|
7
|
-
export type SchedulingSubscriptionTier = 'free' | '
|
|
7
|
+
export type SchedulingSubscriptionTier = 'free' | 'pro';
|
|
8
8
|
export type SchedulingSubscriptionStatus = 'active' | 'canceled' | 'expired';
|
|
9
9
|
/**
|
|
10
10
|
* Current subscription state for the authenticated user.
|
|
@@ -14,7 +14,6 @@ export declare class SchedulingSubscriptionInfoDTO {
|
|
|
14
14
|
tier: SchedulingSubscriptionTier;
|
|
15
15
|
status: SchedulingSubscriptionStatus;
|
|
16
16
|
expiresAt: string | null;
|
|
17
|
-
maxPlatforms: number;
|
|
18
17
|
constructor(data: SchedulingSubscriptionInfoDTO);
|
|
19
18
|
}
|
|
20
19
|
/**
|
|
@@ -33,18 +32,6 @@ export declare class SchedulingPortalSessionResultDTO {
|
|
|
33
32
|
url: string;
|
|
34
33
|
constructor(data: SchedulingPortalSessionResultDTO);
|
|
35
34
|
}
|
|
36
|
-
export interface SchedulingPlanPriceDTO {
|
|
37
|
-
tier: 'starter' | 'pro';
|
|
38
|
-
amount: number;
|
|
39
|
-
currency: string;
|
|
40
|
-
interval: string;
|
|
41
|
-
maxPlatforms: number;
|
|
42
|
-
}
|
|
43
|
-
export declare class SchedulingProductPricesDTO {
|
|
44
|
-
starter: SchedulingPlanPriceDTO;
|
|
45
|
-
pro: SchedulingPlanPriceDTO;
|
|
46
|
-
constructor(data: SchedulingProductPricesDTO);
|
|
47
|
-
}
|
|
48
35
|
/**
|
|
49
36
|
* Aggregated Pro-upgrade context DTO.
|
|
50
37
|
* Combines subscription info with action URLs for UI display.
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
* and the customer portal redirect.
|
|
7
7
|
*/
|
|
8
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
-
exports.SchedulingProUpgradeDTO = exports.
|
|
9
|
+
exports.SchedulingProUpgradeDTO = exports.SchedulingPortalSessionResultDTO = exports.SchedulingCheckoutSessionResultDTO = exports.SchedulingSubscriptionInfoDTO = void 0;
|
|
10
10
|
// ── SchedulingSubscriptionInfoDTO ────────────────────────────────────────────
|
|
11
11
|
/**
|
|
12
12
|
* Current subscription state for the authenticated user.
|
|
@@ -17,7 +17,6 @@ class SchedulingSubscriptionInfoDTO {
|
|
|
17
17
|
this.tier = data.tier;
|
|
18
18
|
this.status = data.status;
|
|
19
19
|
this.expiresAt = data.expiresAt;
|
|
20
|
-
this.maxPlatforms = data.maxPlatforms;
|
|
21
20
|
}
|
|
22
21
|
}
|
|
23
22
|
exports.SchedulingSubscriptionInfoDTO = SchedulingSubscriptionInfoDTO;
|
|
@@ -43,14 +42,6 @@ class SchedulingPortalSessionResultDTO {
|
|
|
43
42
|
}
|
|
44
43
|
}
|
|
45
44
|
exports.SchedulingPortalSessionResultDTO = SchedulingPortalSessionResultDTO;
|
|
46
|
-
// ── SchedulingProductPricesDTO ────────────────────────────────────────────────
|
|
47
|
-
class SchedulingProductPricesDTO {
|
|
48
|
-
constructor(data) {
|
|
49
|
-
this.starter = data.starter;
|
|
50
|
-
this.pro = data.pro;
|
|
51
|
-
}
|
|
52
|
-
}
|
|
53
|
-
exports.SchedulingProductPricesDTO = SchedulingProductPricesDTO;
|
|
54
45
|
// ── SchedulingProUpgradeDTO ───────────────────────────────────────────────────
|
|
55
46
|
/**
|
|
56
47
|
* Aggregated Pro-upgrade context DTO.
|