Rippelle™ – Privacy Policy

1. Who We Are

Rippelle is a social media automation platform operated by TEAM du Centre ASBL, a nonprofit organization registered in Belgium (enterprise number: 0631.908.478), with its registered office at rue de la Barette 54, 7110 La Louvière, Belgium.

Rippelle enables creators — primarily within virtual worlds such as Second Life — to automate the distribution of their content across multiple social media platforms.

For any questions regarding this Privacy Policy or your personal data, you can contact us at: rippelle.sl@gmail.com

2. What Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

Username or display name
Second Life avatar name or UUID

2.2 Authentication Tokens & API Keys

When you connect your social media accounts to Rippelle, we store the authentication credentials necessary to post on your behalf:

Facebook & Instagram: OAuth access tokens and page tokens issued by Meta
Discord: Webhook URLs
Bluesky: App passwords or session tokens
Plurk: OAuth tokens or API credentials
SmartBots: API key or bot credentials provided by you
Pinterest: OAuth access tokens and refresh tokens issued by Pinterest, plus your Pinterest username and account identifier

2.3 Content Data

Images, text, and captions you submit for publication
Scheduling preferences and posting history
Pinterest pins (images and titles) that you explicitly choose to import into your private Rippelle Moodboards

2.4 Technical Data

IP address (logged temporarily for security purposes)
Timestamps of API requests
Error logs related to failed post deliveries

3. Why We Collect This Data (Legal Basis)

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR): Processing is necessary to provide you with the Rippelle service — specifically, to publish content on your connected social media accounts as you instruct.
Legitimate interest (Art. 6(1)(f) GDPR): We process technical data (IP addresses, error logs) for security, fraud prevention, and service reliability. Our legitimate interest does not override your fundamental rights.

4. How We Use Your Data

We use your data exclusively to:

Authenticate your connected social media accounts
Publish content to the platforms you have authorized (Facebook, Instagram, Discord, Bluesky, Plurk, SmartBots)
Import Pinterest boards you select into your private Rippelle Moodboards for personal creative reference (read-only access; we never publish or modify your Pinterest account)
Display your posting history and scheduling status within the Rippelle interface
Diagnose and resolve technical errors in content delivery
Improve the reliability and performance of our service

What we do NOT do: We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. We do not use your data to build profiles, serve ads, or perform behavioral tracking.
            

5. Third-Party Services & Data Sharing

To deliver our service, your data is transmitted to the following third-party platforms, solely for the purpose of publishing content you have authorized:

Meta Platforms, Inc. (Facebook & Instagram) — via the Meta Graph API
Discord, Inc. — via Webhook API
Bluesky / AT Protocol — via AT Protocol API
Plurk — via Plurk API
SmartBots — via SmartBots HTTP API (Second Life bot service)
Pinterest, Inc. — via the Pinterest API v5 (read-only access to boards and pins you explicitly choose to import)
Cloudflare, Inc. — our hosting and infrastructure provider (Cloudflare Workers & D1 database)

Each of these services has its own privacy policy governing how they handle data once received. We encourage you to review their respective policies.

5.1 Intermediate Service Providers

For certain platform integrations, we may use intermediate service providers to facilitate the connection and posting process. These providers act as technical intermediaries and process your authentication tokens and content solely for the purpose of transmitting your posts to the destination platforms.

Your data is not stored by these intermediaries beyond what is necessary to complete the posting operation. We may change or remove these intermediate providers at any time as we improve our infrastructure.

5.2 Pinterest Integration (Read-Only)

If you choose to connect a Pinterest account to Rippelle, the integration is strictly read-only and user-initiated. We use the Pinterest API to:

List your Pinterest boards (public and, if you grant the relevant scope, secret boards) so you can select which one to import
Fetch the pins (image URLs and titles) of a board you explicitly choose to import
Download the images of those pins so they can be displayed in your private Rippelle Moodboard for personal creative reference

We do not:

Publish, modify, or delete anything on your Pinterest account
Share your Pinterest data with any third party
Combine your Pinterest data with data from other users or other services
Use your Pinterest data for advertising, profiling, or any commercial purpose beyond delivering the import feature you requested

Imported pins remain visually attributed to Pinterest within Rippelle: each imported pin displays a Pinterest icon that links back to the original pin on Pinterest. You can disconnect your Pinterest account at any time from the Rippelle interface, which immediately revokes your access tokens and prevents any further data access. Previously imported pins remain in your Moodboards (as they are now part of your personal Rippelle workspace) until you choose to delete them.

6. Data Storage & Security

Your data is stored on Cloudflare's infrastructure, which provides enterprise-grade security including encryption in transit (TLS) and at rest.

Authentication tokens are stored securely in our database. We implement the following security measures:

Encryption of sensitive credentials at rest
Access controls limiting data access to authorized services only
Regular review and rotation of access credentials
No storage of Facebook or Instagram user passwords — only OAuth tokens issued by Meta

7. Data Retention

Account data & tokens: Retained for as long as your account is active. Deleted within 30 days of account deletion or disconnection.
Content data (images, text): Retained only as long as needed to complete the scheduled publication. Not stored permanently after successful posting.
Error logs & technical data: Retained for up to 90 days for debugging purposes, then automatically deleted.

8. Your Rights Under GDPR

As a data subject in the European Economic Area, you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate data
Right to erasure ("right to be forgotten") — request deletion of your data
Right to restriction of processing — ask us to limit how we use your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interest
Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at rippelle.sl@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données).

9. Data Deletion

You can request the deletion of your data at any time by:

Disconnecting your social media accounts within the Rippelle interface
Contacting us at rippelle.sl@gmail.com with a deletion request
Using our Data Deletion page

Upon receiving a valid deletion request, we will delete all your personal data within 30 days, including authentication tokens, content data, and account information. We will confirm the deletion by email.

10. Cookies & Tracking

Rippelle does not use cookies for advertising or tracking purposes. We may use strictly necessary cookies or local storage to maintain your session and preferences within the application. No third-party analytics or tracking scripts are used.

11. Children's Privacy

Rippelle is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Rippelle interface or by email. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact:

TEAM du Centre ASBL
Rue de la Barette 54, 7110 La Louvière
Belgium
Email: rippelle.sl@gmail.com