Privacy Policy
Privacy Policy
Effective date: 8 July 2026
PlugMyBrain (“the Service”) lets brands connect their own social-media and content accounts (e.g. Instagram, Facebook, TikTok, LinkedIn, X, YouTube, Threads) via the platforms’ official OAuth authorization, and to compose, schedule, publish and analyse content on those connected accounts. The Service is operated by Next Lead Generation GmbH (“we”, “us”).
1. Who we are (Controller)
Next Lead Generation GmbH, Stockern 47, Stockern, Austria. Contact: imprint@nextleadgeneration.com. Data-protection contact: imprint@nextleadgeneration.com.
2. What data we process
- Account & profile data you provide (name, email, organisation, billing details).
- Connected-account credentials — OAuth access/refresh tokens issued by the social platforms when you authorize a connection. Tokens are stored encrypted and used only to perform the actions you request.
- Content & publishing data — posts, media, captions, schedules and metadata you create or upload for publication.
- Engagement & analytics data — metrics (reach, likes, comments, etc.) retrieved from the connected platforms to show you performance.
- Technical data — log data, IP address, device/browser information, and cookies (see our Cookie Policy).
3. Why we process it (purposes & legal bases)
- To provide the Service you requested — contract performance (GDPR Art. 6(1)(b)).
- To publish and analyse content on your connected accounts — contract performance / your instructions.
- To secure, maintain and improve the Service — legitimate interests (Art. 6(1)(f)).
- To comply with legal obligations — Art. 6(1)(c).
4. Sharing & third parties
We share data with the social platforms you connect (only as needed to fulfil your requests), and with sub-processors that host and operate the Service (hosting, storage, error monitoring). Each connected platform processes data under its own privacy policy. We do not sell your personal data.
5. International transfers
Where data is processed outside the EEA, we rely on appropriate safeguards (e.g. EU Standard Contractual Clauses).
6. Retention
We keep data for as long as your account is active and as required to provide the Service, then delete or anonymise it, subject to legal retention obligations. OAuth tokens are deleted when you disconnect an account or close your account.
7. Your rights
Subject to applicable law you may access, rectify, erase, restrict or port your data, and object to processing. Contact imprint@nextleadgeneration.com. You may also lodge a complaint with your supervisory authority (in Austria: Österreichische Datenschutzbehörde).
8. Data deletion
You can disconnect any connected account at any time in the app, which revokes and deletes the stored tokens for that account. To delete your account and associated personal data, email imprint@nextleadgeneration.com or use the in-app account-deletion option; we will action the request without undue delay. This section also serves as the data-deletion instructions required by connected platforms.
9. Changes
We may update this policy; material changes will be notified in-app or by email.