Legal

Privacy Policy

Last updated: July 8, 2026

1. What data we collect

When you create an account and use Outsome, we collect the following categories of data:

  • Account informationYour name, email address, and password (stored as a secure hash) when you register.
  • Business informationCompany name, CUI, registration number, phone number, city, website, and industry — used to personalise AI responses and manage your reputation.
  • Social media tokensOAuth access tokens for Meta (Instagram / Facebook) and Google when you connect these platforms. Tokens are stored encrypted and used only to post replies on your behalf.
  • WhatsApp configurationPhone number ID and access token for the WhatsApp Business Cloud API, required to send messages to your customers.
  • Customer interactionsReviews, feedback, and social comments received through connected platforms. We store the text and author name.
  • Usage dataStandard server logs including IP address, browser type, and pages visited. This data is used only for security and debugging.

2. How we use your data

We use collected data exclusively to provide and improve the Outsome service:

  • Authenticate your account and protect access to your dashboard.
  • Generate AI-written replies to reviews and social media comments using your brand tone and FAQ.
  • Send WhatsApp messages to your customers (order confirmations, feedback requests).
  • Publish or post AI-generated replies to Google, Instagram, and Facebook on your behalf.
  • Display analytics about your reviews, response times, and sentiment.
  • Send transactional emails (account verification, registration approval).

We do not sell your data, use it for advertising, or share it with third parties beyond those listed below.

3. Third-party services

Outsome integrates with the following third-party platforms. Each has its own privacy policy and data processing terms.

Anthropic (Claude AI)

We send review and comment text to Anthropic's API to generate AI replies. Anthropic processes this data under their data processing agreement and does not use API inputs to train models.

Meta (Instagram & Facebook)

We use the Meta Graph API to read comments and post replies on your connected pages and Instagram accounts. Access tokens are stored encrypted.

Google

We use Google OAuth for login and the Google My Business API to fetch and respond to reviews on your behalf.

WhatsApp Business Cloud API (Meta)

Used to send automated messages to your customers' phone numbers. Message content is determined by you (order details, feedback links).

Neon (PostgreSQL hosting)

Our database is hosted on Neon's cloud infrastructure in the EU. Your data is stored on their servers and subject to their security practices.

4. Data retention and deletion

We retain your data for as long as your account is active. When you delete your account:

  • Your personal data (email, name, business info) is deleted within 30 days.
  • OAuth tokens for connected platforms are revoked and deleted immediately.
  • Reviews and comments imported from third-party platforms are deleted from our database.
  • Anonymised aggregate statistics (e.g., total reply volume) may be retained for internal analytics.

To request account deletion, email contact@outsome.ro.

5. GDPR — rights for EU users

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — request a copy of all personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — request deletion of your personal data.
  • Right to restriction — ask us to stop processing your data in certain circumstances.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.

The legal basis for processing your data is the performance of the contract between you and Outsome (Art. 6(1)(b) GDPR), and where required, your explicit consent. You may withdraw consent at any time.

6. Cookies

We use strictly necessary session cookies for authentication (NextAuth.js). We do not use advertising or tracking cookies.

7. Contact

For any privacy-related questions, requests, or complaints, contact us at: