Privacy Policy
This Privacy Policy explains how EMQM Limited ("we," "us," "our") collects and uses personal data when you visit firstorg.ai or use FirstOrg ("the Service").
We are the data controller for the personal data described in this policy.
EMQM Limited
12 London Road, Morden SM4 5BQ, United Kingdom
Contact: hello@firstorg.ai
1. What we collect
When you create an account and use FirstOrg, we collect:
- Account information from Google sign-in — your name, email address, profile picture, and Google account identifier, received when you sign in with Google. We do not receive your Google password.
- Connected channel information — when you connect your Buffer account, we access the social media channels available through it and store the access tokens, channel details, and the content we create, schedule, publish, or delete on your behalf, along with basic publishing and engagement information.
- Content inputs — the information you provide so we can generate content, such as your company details, brand and voice preferences, topics, and other instructions.
- Billing information — your plan, billing status, and transaction records. Payments are processed by Stripe; we do not store your full card details.
- Technical and usage information — such as your IP address, browser type, and pages viewed, used for analytics and security only.
2. Why we collect it
We use this information to:
- Create and secure your account and authenticate you through Google
- Generate your content and, where you authorise it, schedule and publish it to your connected channels
- Operate your trust controls and respect your chosen approval settings
- Process your subscription and payments
- Provide support and send you communications about FirstOrg, including product updates and offers for our own services
- Improve the Service
We do not sell your data. We do not share your data with third parties for their own marketing purposes.
3. Who we share it with
We share personal data with the service providers that help us run FirstOrg. These act as our processors or as independent controllers for their own services:
- Google — sign-in and authentication
- Buffer — access to your connected social media channels for publishing
- Stripe — payment processing
- OpenAI and Anthropic — AI content generation
- Brevo — email and marketing communications
- Railway — application hosting and database
- Google Analytics — site usage analytics
4. Access to your social media channels
When you connect Buffer, you grant FirstOrg permission to read, create, schedule, publish, and delete content on the social media channels you connect. We use this access only to provide the Service. You can disconnect Buffer at any time from within the app, which revokes our access going forward.
5. Use of AI services
To generate your content, we send some of the information you provide to large language model providers, including OpenAI and Anthropic. This may include your company details, brand and voice preferences, topics, and other content inputs.
These providers process this data on our behalf to return outputs we use in your content. They do not use your data to train their models when accessed through their commercial APIs, in line with their published API terms. We do not send your name or email address to these providers as part of content generation.
6. Lawful basis for processing
Under UK GDPR, our lawful bases for processing your personal data are:
- Performance of a contract — to provide the Service you sign up for, including generating and publishing your content.
- Consent — when you connect your Google and Buffer accounts and authorise access to your channels. You can withdraw consent at any time by disconnecting them.
- Legitimate interests — to operate, secure, improve, and market our own Service to you. You can object to this at any time.
7. How long we keep it
We keep your information for as long as your account is active and as required by law. If you disconnect a channel, close your account, or ask us to delete your data, we will delete or anonymise it, subject to any retention obligations we are required to meet. To request deletion, email hello@firstorg.ai.
8. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Ask us to delete your data
- Object to processing for marketing
- Withdraw consent at any time
- Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk)
To exercise any of these rights, email hello@firstorg.ai.
9. Cookies
firstorg.ai uses essential cookies to operate the site and keep you signed in, and may use analytics cookies to understand how the site is used. You can control cookies through your browser settings.
10. International transfers
Some of our service providers — including Google, Buffer, Stripe, OpenAI, Anthropic, Brevo, and Railway — may process your data outside the United Kingdom. Where this happens, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions to protect your data.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be notified by email where appropriate.
12. Contact
For any questions about this policy or how we handle your data:
EMQM Limited
12 London Road, Morden SM4 5BQ, United Kingdom
hello@firstorg.ai