Privacy Policy
Effective date: June 10, 2026 · Last updated: June 10, 2026
1. Data Controller
The data controller responsible for the processing of personal data described in this policy is:
ten2 (company in formation)
Jannis Bewersdorf
Appener Weg 6, 20251 Hamburg, Germany
Email: hello@ten2.xyz
2. Scope of this Policy
This policy applies to (a) visitors of the ten2.xyz website and (b) users of ten2's products and marketing tools that connect to third-party platforms such as Meta / Instagram on the user's behalf.
3. Data We Collect
3.1 Website data
- Contact information you voluntarily provide (e.g. email address when you contact us).
- Usage data such as pages visited, time spent and referring URLs (only with your consent, via Google Analytics with IP anonymization).
- Technical data including browser type, device type and IP address.
3.2 Meta / Instagram platform data
When you connect an Instagram account to a ten2 marketing tool, we obtain the following information from Meta via the Instagram Graph API and the Meta Marketing / Pages APIs, strictly under the permissions you grant:
- Instagram account information: Instagram username, Instagram account ID, profile picture, account type (business / creator), biography and website URL.
- Connected Facebook Page information: Page ID, Page name and the access tokens required to publish on your behalf.
- Media and posts: media files, captions, hashtags, mentions, scheduled and published content, comments and replies.
- Insights and metrics: reach, impressions, likes, comments, shares, saves, profile views, follower counts, website clicks, story metrics and other post- and account-level analytics exposed by the Meta APIs.
- Authentication tokens: short- and long-lived OAuth access tokens issued by Meta to your account, stored encrypted at rest.
We do not collect Meta passwords. Authentication is handled by Meta via OAuth.
4. Purposes of Processing
- Publishing on your behalf — creating, scheduling and publishing posts to the Instagram account and connected Facebook Page that you have explicitly connected, at your direction.
- Performance analytics — retrieving post- and account-level insights so you can evaluate how your content is performing and so our tools can suggest improvements and inform future content.
- Operating and securing the service — authentication, fraud and abuse prevention, debugging and support.
- Legal compliance — meeting obligations under the GDPR and the Meta Platform Terms / Developer Policies.
Legal bases under the GDPR: performance of a contract (Art. 6(1)(b)), your consent for analytics and platform connection (Art. 6(1)(a)), and our legitimate interests in operating and securing the service (Art. 6(1)(f)).
5. Storage, Processors and Sub-processors
- Backend & database: Supabase (hosted on EU infrastructure where available). Application data, including encrypted Meta access tokens, is stored in our Supabase project.
- AI processing: Anthropic (Claude) is used to generate and analyse content (e.g. caption suggestions, content analysis). Only the minimum content required for the requested feature is sent. Anthropic does not train its models on this data under our API terms.
- Website hosting: the ten2.xyz marketing site is hosted on Lovable / Cloudflare infrastructure.
- Analytics: Google Analytics 4 with IP anonymization, loaded only after explicit cookie consent.
All processors are bound by data processing agreements. Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses.
6. Data Retention
Meta / Instagram platform data is retained for as long as your account connection to ten2 is active. You can disconnect your account at any time inside the product, which immediately revokes our access tokens and triggers deletion of the associated platform data within 30 days. You can also request deletion directly — see our Data Deletion Instructions.
Aggregated, fully anonymised metrics that can no longer be tied to an individual or account may be retained for product analytics.
7. Security
We apply industry-standard measures to protect your data: TLS in transit, encryption of secrets and access tokens at rest, role-based access control, row-level security on the database, audit logging and the principle of least privilege for staff access. Access to production data is limited to a small number of authorised personnel.
8. Your Rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data (see Data Deletion Instructions);
- restrict or object to certain processing;
- data portability;
- withdraw consent at any time without affecting the lawfulness of prior processing;
- lodge a complaint with a supervisory authority (in Germany: the data protection authority of your federal state).
To exercise any of these rights, contact us at hello@ten2.xyz.
9. Compliance with Meta Platform Terms
ten2 complies with the Meta Platform Terms and Developer Policies. Data obtained from Meta is used only to provide the functionality described in this policy (publishing on your behalf and surfacing analytics back to you). We do not sell, rent or trade Meta platform data, we do not use it for advertising targeting, and we do not share it with data brokers, ad networks or any party other than the sub-processors listed in section 5, who act on our instructions.
10. Cookies & Analytics
Our website uses essential cookies for proper functionality. With your consent, Google Analytics 4 collects anonymised usage data (pages visited, time spent, referring URLs) to help us improve the website. Your IP address is anonymised before processing. You can change your cookie preferences at any time via the cookie banner.
11. Changes to this Policy
We may update this policy from time to time. Material changes will be announced on this page with an updated effective date.
12. Contact
Questions about this policy or your data? Email hello@ten2.xyz.