Last updated: January 1, 2025
Deaku is operated by Deaku Ltd, a company registered in England and Wales. Our registered address is London, UK. If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at hello@deaku.org.
Deaku provides an AI-powered workspace for content creators. This Privacy Policy applies to deaku.org, the Deaku web application, and any related services we operate (collectively, "the Service").
Deaku is the data controller for the personal data you provide when you use our website and services. We are committed to processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU General Data Protection Regulation (EU GDPR).
We collect personal data in the following categories:
When you register for a Deaku account, we collect your name, email address, and a hashed password. We may also collect your professional role (e.g., "content creator", "social media manager") and the platforms you publish on, which you supply voluntarily during onboarding.
If you subscribe to a paid plan, your payment is processed by our payment processor, Stripe. Deaku does not store full credit card or debit card numbers. We retain billing records including your name, billing address, the last four digits of your card, transaction amounts, and invoice history. These records are necessary for financial compliance and HMRC reporting obligations.
Deaku stores the content you create within the platform: your ideas, content briefs, draft articles, video scripts, and scheduled posts. This content is yours. We access it only to provide the Service — for example, to run AI briefing against your existing content to match your tone — and not for any other purpose. We do not sell your content data to third parties.
If you connect external platforms (YouTube, Instagram, LinkedIn, TikTok, X, or Ghost) to Deaku via OAuth, we store the access tokens necessary to publish content on your behalf and to retrieve performance analytics. These tokens are encrypted at rest. You can revoke any platform connection at any time from your Deaku account settings.
We collect technical data about how you use the Service: pages visited, features used, clicks, session durations, and errors encountered. This data is collected in aggregate and pseudonymised form. We use it to improve the product and diagnose technical issues.
Our servers automatically record certain information when you access the Service: your IP address, browser type and version, operating system, referrer URL, and timestamps of requests. This data is used for security monitoring, fraud prevention, and debugging. IP addresses are retained in server logs for 90 days.
If you contact us by email or through our contact form, we retain your name, email address, and the content of your message. We use this to respond to your enquiry and, where relevant, to improve our support process.
We use cookies and similar technologies to operate the Service and understand how it is used. Our use of cookies is described in detail in our Cookie Policy.
We use the personal data we collect for the following purposes, each supported by a lawful basis under UK GDPR:
When you have an account with us, we process your account data, content data, and platform connection data because it is necessary to perform the contract between you and Deaku. Without this processing, we cannot provide the Service you signed up for. This includes authenticating your login, running the AI briefing engine against your content, scheduling posts to connected platforms, and displaying your analytics data.
We process your billing data to charge for paid subscriptions and to maintain accurate financial records. UK accounting law requires us to retain invoice and transaction records for six years.
We analyse pseudonymised usage data to understand which features are most useful, where users encounter friction, and how to prioritise product development. Our legitimate interest is in building a better product for our users. This processing does not override your rights — the data is aggregated and you are not individually profiled for this purpose.
We process log data and IP addresses to detect and prevent unauthorised access, fraud, and abuse of the Service. Our legitimate interest is in protecting the Service and other users from harm.
We process your communications data to respond to support requests. This is both necessary to perform the contract and in our legitimate interest in providing quality customer service.
If you have opted in to receive marketing emails from us, we will send you product updates, feature announcements, and educational content. We will only send marketing emails where you have given explicit consent. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing hello@deaku.org.
We do not sell your personal data. We share it only with the following categories of third-party service providers who process it on our behalf, under data processing agreements:
Deaku's servers run on Amazon Web Services (AWS) infrastructure. All data is stored in EU-based AWS regions (eu-west-1, Ireland). AWS processes data under a data processing agreement and standard contractual clauses where applicable.
Stripe Inc. processes all payment card transactions. Stripe is PCI-DSS Level 1 certified. Stripe may transfer data to the United States under standard contractual clauses approved by the European Commission. Stripe's privacy policy is available at stripe.com/privacy.
We use Postmark (by Wildbit, a subsidiary of Fastmail) to send transactional emails — account verification, password resets, and billing receipts. Postmark processes email addresses and message content solely to deliver these emails.
We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect personal identifying information. Plausible processes aggregated, pseudonymised page view data only. No data is shared with advertising networks.
We use Sentry to capture application errors and performance issues. Sentry processes technical stack trace data and pseudonymised user identifiers (not names or email addresses) to help us diagnose bugs.
We may disclose personal data to law enforcement agencies, regulatory bodies, or courts if we are required to do so by applicable law, court order, or regulation. We will tell you about any such disclosure unless we are legally prohibited from doing so.
Deaku is based in the United Kingdom. Your data is stored primarily on AWS servers in Ireland (EU). Where we engage third-party processors based in the United States (including Stripe), data is transferred under standard contractual clauses approved for UK GDPR purposes. We take reasonable steps to ensure that all international transfers of your personal data are protected by appropriate safeguards.
We retain personal data only for as long as necessary for the purposes described in this Policy:
As a data subject under UK GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will respond to Subject Access Requests within one calendar month of receipt. You can make a request by emailing hello@deaku.org with the subject line "Subject Access Request".
If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You can update most of your account data directly from your Deaku account settings. For other corrections, contact us at hello@deaku.org.
You have the right to request that we delete your personal data. You can delete your Deaku account at any time from the account settings page, which will trigger deletion of your account and content data within 30 days. Note that we may be required to retain certain data (billing records, for example) for legal compliance purposes even after account deletion.
You have the right to ask us to pause the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data or where you have objected to processing on legitimate interest grounds and we are considering your objection.
For data you have provided to us and which we process on the basis of your consent or contractual necessity, you have the right to receive a copy of that data in a structured, machine-readable format. Your content data (ideas, briefs, drafts) can be exported in JSON or CSV format from your account settings.
You have the right to object to processing that we carry out on the basis of legitimate interests. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defence of legal claims.
We do not make solely automated decisions that produce legal or similarly significant effects. The AI briefing engine generates content suggestions, but no automated decision-making that significantly affects you is carried out without human oversight.
To exercise any of the rights listed above, email us at hello@deaku.org. We will acknowledge your request within 72 hours and respond in full within one calendar month. In complex cases, we may extend this period by a further two months and will notify you if this is necessary.
If you believe that we have not handled your personal data in accordance with UK data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can do this at ico.org.uk/make-a-complaint or by calling the ICO helpline on 0303 123 1113. We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO — please email us first.
Deaku is intended for use by adults (aged 18 and over). We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe that a child under your care has provided us with personal data without your consent, please contact us at hello@deaku.org and we will delete the data promptly.
We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Specific measures include:
No method of transmission or storage is 100% secure. If we become aware of a security breach that affects your personal data, we will notify the ICO within 72 hours of becoming aware and will notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms.
The Deaku website and application may contain links to third-party websites, including platform integrations and documentation hosted on external services. This Privacy Policy does not apply to those third-party sites. We recommend that you read the privacy policies of any third-party site you visit through links on our Service.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the email address associated with your account) and by posting a prominent notice on the Deaku website at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy.
If you have any questions about this Privacy Policy, about how Deaku handles your personal data, or to exercise your data subject rights, please contact us:
Deaku Ltd
London, UK
Email: hello@deaku.org
If your question relates specifically to a data subject rights request, please put "Data Rights Request" in the subject line of your email. We will respond within the timescales set out in Section 7.8 above.