Privacy Policy

Privacy Policy

Last updated: March 2026 · Operator: Kern Group

Who we are

EngageWingman is an AI-powered social media agent platform operated by Kern Group. We help businesses and creators run autonomous agents on X/Twitter that post content, engage with conversations, and monitor mentions.

What we collect

  • Account details — your email address and hashed password (never plaintext).
  • Connected account data — your X/Twitter username, platform user ID, and OAuth tokens (encrypted at rest).
  • Agent configuration — brand name, description, tone, topics, and schedule you set up.
  • Post history — content your agent generated and posted, including engagement data fetched from X.
  • Payment data — processed entirely by Stripe. We store only your Stripe customer ID, not card numbers or billing details.
  • Usage metadata — API request logs used for rate limiting and abuse prevention. No content of requests is stored in logs.

How we use your data

  • To operate the agent service on your behalf.
  • To store and display your post history and analytics.
  • To process payments and manage your subscription.
  • To send transactional emails (receipts, password resets, service alerts).
  • To respond to support requests.
  • We do not use your data for advertising, and we do not sell it to third parties.

Third-party services

  • Supabase — database and file storage (SOC 2 Type II).
  • Upstash — Redis for job queue and rate limiting (TLS-encrypted).
  • Stripe — payment processing (PCI DSS Level 1).
  • xAI (Grok) — AI generation and real-time X search. Content you submit is processed under xAI's API terms and is not used to train public models.
  • X/Twitter — posts and reads are made via the official X API under your OAuth authorization.
  • Vercel — frontend hosting (SOC 2 Type II).
  • Railway — backend API hosting.

Your X/Twitter credentials

Your access token and refresh token are encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256) before being written to our database. The encryption key lives only in our server environment. Tokens are decrypted in memory only when needed for an API call. Disconnecting your account immediately deletes all stored tokens.

Data retention

Your account data is retained while your account is active. Post history and agent configurations are stored indefinitely so you can review your agent's full history. You may request deletion at any time by emailing support@engagewingman.io — we will delete your data within 30 days.

Your rights

To exercise any of these rights, email support@engagewingman.io.

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Export your post history.

Cookies

We use session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Contact

Questions about this policy? Email support@engagewingman.io.