Privacy Policy

Last updated: March 30, 2026

1. Data Controller

The data controller for personal data collected on the Best Zen Buddy platform is:

  • Best Zen Buddy
  • Simplified Joint-Stock Company with Sole Shareholder (SASU)
  • Registered office: 1566 route de la Badelle, 84220 Gordes, France
  • SIREN number: 994 786 507

2. Personal Data Collected

When using the platform, Best Zen Buddy may collect the following data:

  • Identification data: name, first name, email address, phone number (optional)
  • Connection data: IP address, browsing data, connection logs
  • Platform usage data: created content, uploaded files (documents, images), user preferences
  • Third-party service data: login identifiers and tokens for social media accounts (Facebook, Instagram via Meta Business), only if the user voluntarily connects these accounts
  • Payment data: managed by Stripe, a PCI-DSS certified payment provider. Best Zen Buddy does not store any banking data directly.

3. Purposes of Processing

The collected data is used to:

  • Provide and improve platform services
  • Personalize user experience, particularly through artificial intelligence features (content generation, personalized suggestions)
  • Manage customer relations (support, billing, communication)
  • Enable integration with third-party services (social networks, calendar tools)
  • Ensure security and prevent fraudulent use

4. Legal Basis for Processing

Data processing is based on the following legal grounds:

  • Contract performance: to provide the services the user has subscribed to
  • Consent: for certain optional features (social media connection, non-essential cookies)
  • Legitimate interest: to improve services, ensure platform security, and perform anonymized statistical analyses

5. Data Hosting and Security

Data is hosted by Amen.fr, 200 rue de la Croix Nivert, 75015, Paris, France. Best Zen Buddy implements appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Strict data access control
  • Regular backups and disaster recovery plans

Your primary data is stored exclusively within the European Union. However, certain features using artificial intelligence may involve processing by technical service providers located outside the EU, under the conditions described in section 6 below.

6. Processing via Artificial Intelligence Systems

Certain platform features (content generation, personalized suggestions, writing assistance) use artificial intelligence systems provided by third-party technical service providers. Best Zen Buddy uses the OpenAI API to power these features. These processes are governed by the following safeguards:

  • No directly personal or identifying data (name, first name, email address, etc.) is transmitted to these systems
  • The data sent is minimized beforehand and, where applicable, anonymized, to strictly limit the information transmitted to what is necessary for the service to function
  • No data transmitted to these systems is retained by the providers or used for training or improving their own models

These providers (notably OpenAI, Inc.) may be located outside the European Union. In such cases, Best Zen Buddy ensures that appropriate safeguards are in place (standard contractual clauses, certifications, or adequacy decisions) in accordance with Articles 44 to 49 of the GDPR, to guarantee a level of protection equivalent to that offered within the EU.

7. Data Retention Period

Data is retained:

  • For the duration of the active subscription
  • After account deletion: data is anonymized or deleted within 30 days, unless there is a legal obligation for longer retention (billing data retained for 10 years in accordance with accounting requirements)
  • Social media-related data is deleted immediately when the user disconnects their Meta Business account

8. User Rights

In accordance with GDPR, each user has the following rights:

  • Right of access: obtain a copy of personal data held
  • Right of rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of personal data
  • Right to restriction of processing: temporarily suspend data use
  • Right to data portability: receive data in a structured, machine-readable format
  • Right to object: oppose data processing for legitimate reasons

9. Exercising Your Rights – Data Deletion

To exercise your rights, you can contact us via the contact form available on the website.

Requests will be processed within a maximum of 30 days, in accordance with GDPR. In case of a complaint, you may also contact the CNIL (French National Commission for Information Technology and Civil Liberties) or your local data protection authority.

10. Cookies and Trackers

Best Zen Buddy uses cookies to:

  • Ensure proper platform functioning (essential cookies)
  • Analyze service usage and improve user experience (analytical cookies)

You can manage your cookie preferences at any time through your browser settings or our consent banner.

11. Meta User Data Disclosure (Facebook & Instagram)

Best Zen Buddy accesses certain data from your Meta Business account (Facebook and Instagram) as part of the features described below. In compliance with Meta's Platform Terms, this section comprehensively discloses how our application accesses, uses, stores, and shares Meta user data.

Meta Business Account Connection

When you voluntarily connect your Meta Business account, we access the following information:

  • Facebook Page information (page name, page ID, page access token)
  • Instagram Business Account information (account ID, username)
  • User profile information (Meta user ID, locale, profile picture URL)

This data is used to enable social media management features on the platform. Access and page tokens are stored securely in our database hosted within the European Union.

Social Media Publishing

Best Zen Buddy enables you to create and publish content on your connected Facebook Page and Instagram Business account. When publishing, we access:

  • Facebook Page feed (create posts, upload images/videos, create carousels)
  • Instagram media publishing (create image posts, carousels, reels)
  • Post deletion on both platforms

Published content is created on your behalf using your page access token. Best Zen Buddy stores references to published posts (post IDs, timestamps, captions) for tracking and management purposes.

Post Analytics and Insights

To provide performance tracking, we access engagement metrics for your published posts:

  • Facebook: impressions, likes, comments, shares, reach
  • Instagram: views, reach, likes, comments, saves

These metrics are stored locally to display analytics dashboards and help optimize your content strategy.

Comments Management

Best Zen Buddy allows you to read and reply to comments on your Facebook and Instagram posts. Comment data accessed includes:

  • Comment text, author username, timestamp
  • Nested replies (text, author, timestamp)

Comments and replies are stored locally to enable in-app management.

Direct Messages (Messenger & Instagram DMs)

If enabled, Best Zen Buddy synchronizes and displays your Messenger and Instagram Direct Messages to allow you to manage conversations from the platform. Data accessed includes:

  • Conversation participants (username, profile)
  • Message content (text, attachments)
  • Message timestamps and direction (sent/received)

Messages are stored locally in our database. Best Zen Buddy can send replies on your behalf through the Messenger and Instagram Messaging APIs. Real-time message delivery is handled via Meta Webhooks.

Meta Ads (Advertising Campaigns)

Best Zen Buddy enables you to create and manage advertising campaigns on Meta platforms (Facebook & Instagram). When using ads features, the following data is processed:

  • Campaign configuration (name, objective, budget, schedule)
  • Targeting parameters (age range, gender, locations, interests)
  • Ad creative (headline, text, images, call-to-action, destination URL)

Ad campaigns are created through Meta's Marketing API using Best Zen Buddy's business account. Campaign data is stored locally for management and tracking purposes.

Webhooks and Real-Time Events

Best Zen Buddy subscribes to Meta Webhooks to receive real-time notifications for:

  • Incoming direct messages (Messenger and Instagram)
  • New comments on your posts
  • Feed changes on your Facebook Page

Webhook payloads are validated using X-Hub-Signature-256 verification to ensure authenticity.

Storage and Sharing of Meta Data

Your Meta data is stored exclusively on our servers hosted within the European Union. Best Zen Buddy does not share, sell, or transfer your Meta data to third parties for advertising, commercial profiling, or data resale purposes.

  • Data is only shared with our technical service providers (hosting, database) who are bound by strict confidentiality obligations
  • Data may be disclosed when required by law or regulation

Disconnection and Data Deletion

You can disconnect your Meta Business account at any time from the platform settings. Upon disconnection, all access tokens are immediately deleted. Your published post history is retained for reference but no further data is fetched from Meta.

If you remove Best Zen Buddy from your Facebook/Instagram authorized apps, a deauthorization callback automatically clears all stored tokens.

You can also revoke Best Zen Buddy's access to your Meta data at any time through your Facebook settings (Settings > Apps and Websites).

12. Google User Data Disclosure

Best Zen Buddy accesses certain data from your Google account as part of the features described below. In compliance with Google's requirements, this section comprehensively discloses how our application accesses, uses, stores, and shares Google user data.

Google Sign-In

When you choose to sign in or create an account using Google, we access the following information:

  • Email address (verified by Google)
  • Full name
  • Profile picture (URL)
  • Unique Google identifier

This data is used exclusively to create and manage your account, authenticate you, and personalize your user experience. It is stored securely in our database hosted within the European Union.

Google Calendar Integration

If you voluntarily connect your Google Calendar account, we access the following data :

  • Your list of calendars (name and identifier)
  • Creation and deletion of events in selected calendars
  • Availability information (busy time slots)

This data is used solely for synchronizing your appointments and managing your availability on the platform. Google Calendar access and refresh tokens are stored in an encrypted format in our database. You can disconnect Google Calendar at any time from the platform settings, which immediately deletes the associated tokens.

Google reCAPTCHA v3

Best Zen Buddy uses Google reCAPTCHA v3 to protect the platform against automated abuse (spam, bots). This service analyzes user interaction signals to distinguish humans from bots. Data collected by reCAPTCHA is subject to Google's privacy policy.

Storage and Sharing of Google Data

Your Google data is stored exclusively on our servers hosted within the European Union. Best Zen Buddy does not share, sell, or transfer your Google data to third parties for advertising, commercial profiling, or data resale purposes.

  • Data is only shared with our technical service providers (hosting, database) who are bound by strict confidentiality obligations
  • Data may be disclosed when required by law or regulation

You can revoke Best Zen Buddy's access to your Google data at any time through your Google account security settings (https://myaccount.google.com/permissions).

13. Apple User Data Disclosure

Best Zen Buddy accesses certain data from your Apple account as part of the features described below. This section comprehensively discloses how our application accesses, uses, stores, and shares Apple user data.

Apple Sign-In

When you choose to sign in or create an account using Sign in with Apple, we access the following information:

  • Email address (either your real email or Apple's private relay address, depending on your choice)
  • Full name (provided only on first sign-in)
  • Unique Apple identifier

This data is used exclusively to create and manage your account, authenticate you, and personalize your user experience. It is stored securely in our database hosted within the European Union. If you choose to use Apple's private relay email, your real email address is never shared with Best Zen Buddy.

Apple Calendar Integration

If you voluntarily connect your Apple Calendar account, we access the following data:

  • Your list of calendars (name and identifier)
  • Creation and deletion of events in selected calendars
  • Availability information (busy time slots)

This data is used solely for synchronizing your appointments and managing your availability on the platform. Apple Calendar access credentials are stored in an encrypted format in our database. You can disconnect Apple Calendar at any time from the platform settings, which immediately deletes the associated credentials.

Storage and Sharing of Apple Data

Your Apple data is stored exclusively on our servers hosted within the European Union. Best Zen Buddy does not share, sell, or transfer your Apple data to third parties for advertising, commercial profiling, or data resale purposes.

  • Data is only shared with our technical service providers (hosting, database) who are bound by strict confidentiality obligations
  • Data may be disclosed when required by law or regulation

You can revoke Best Zen Buddy's access to your Apple data at any time through your Apple ID settings (Settings > Apple ID > Sign-In & Security > Sign in with Apple).

14. YouTube User Data Disclosure

Best Zen Buddy uses YouTube API Services to provide YouTube-related features. This section describes how our application accesses, uses, stores, and shares YouTube user data, in compliance with YouTube's API Services Terms of Service.

YouTube Integration

Best Zen Buddy integrates with YouTube API Services to allow users to upload videos, manage their YouTube channel, track engagement, and manage comments directly from the platform. When you connect your YouTube account, we access the following data:

  • Channel information (channel name, identifier, subscriber count)
  • Video metadata (title, description, tags, privacy status)
  • Video statistics (views, likes, comments count)
  • Comment threads (content, author, replies)

Purpose of Data Access

YouTube data is accessed for the following purposes:

  • Content management: uploading and managing videos on your YouTube channel
  • Engagement tracking: monitoring video performance and statistics
  • Comment moderation: reading and managing comments on your videos

Storage and Sharing of YouTube Data

YouTube data retrieved through the API is stored on our servers hosted within the European Union. Video content itself is stored on YouTube's servers. Best Zen Buddy does not share, sell, or transfer your YouTube data to third parties for advertising, commercial profiling, or data resale purposes.

  • Data is only shared with our technical service providers (hosting, database) who are bound by strict confidentiality obligations
  • Data may be disclosed when required by law or regulation

Revocation of Access

You can revoke Best Zen Buddy's access to your YouTube data at any time through your Google account security settings (https://myaccount.google.com/permissions).

YouTube Terms and Google Privacy Policy

By using YouTube-related features, you also agree to the YouTube Terms of Service (https://www.youtube.com/t/terms). Google's Privacy Policy (http://www.google.com/policies/privacy) applies to data collected and used by YouTube API Services.

15. Privacy Policy Updates

Best Zen Buddy reserves the right to modify this privacy policy at any time. In case of substantial changes, users will be notified by email or by notification on the platform. The date of the last update will be indicated at the top of this page.

16. Applicable Law

This privacy policy is governed by French law and the General Data Protection Regulation (GDPR – EU 2016/679). In case of dispute, French courts shall have sole jurisdiction.