Last updated: 11 June 2026
This Privacy Policy explains how ACCOUNTability! collects, uses, shares, and protects personal data — both the data of our customers and the data of the people they ask us to scan. Beyond serving its clients, ACCOUNTability! exists to advance a wider purpose: to promote accountability for what people say and do in public online, and to help end the impunity with which toxic online behaviour too often goes unchecked.
ACCOUNTability! ("we", "us", or "our") is the operator of the ACCOUNTability! service available at aipoweredsocialscan.com and api.aipoweredsocialscan.com (the "Service"), and is the data controller responsible for the personal data described in this policy.
You can reach us at:
ACCOUNTability!
General Díaz Porlier 51, Madrid, Spain
Email: team@aipoweredsocialscan.com
We are based in Spain, and our processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and applicable Spanish data-protection law. The relevant supervisory authority is the Spanish Data Protection Agency, the Agencia Española de Protección de Datos (AEPD).
This Privacy Policy describes how we handle personal data in connection with the Service: who we collect it about, what we collect, why, on what legal basis, who we share it with, how long we keep it, and the rights you have.
This policy works alongside our Terms & Conditions, which it is incorporated into and forms part of. Where this policy uses defined terms such as "Subject", "Report", "Public Data", and "Platforms", they have the meanings given in the Terms.
It does not cover the privacy practices of the third-party platforms from which Public Data is drawn, or of any third-party site the Service may link to. Their handling of your data is governed by their own policies.
The Service is unusual in that it processes the personal data of two distinct groups of people, and this policy applies to both:
Where a person scans themselves ("self-check"), they are both a Customer and the Subject.
To produce a Report, we collect and analyse a Subject's publicly available information from the Platforms. This may include:
We only collect Public Data that was accessible without circumventing any login wall, access control, or technical restriction. We do not collect private messages or content behind privacy settings.
We do not receive a Subject's data from the Subject. We obtain it from publicly available sources — primarily the public areas of the following third-party Platforms, to the extent the Subject's content there is public at the time we access it:
Collection is performed on our behalf using automated tools and third-party data-collection providers (see Section 8). The AI-derived analysis is then generated from that publicly sourced material.
Under the GDPR we must have a lawful basis for each purpose for which we use personal data. The bases differ for the two groups.
Our processing of a Subject's Public Data — locating it, analysing it, and presenting it in a Report — relies on legitimate interests under Article 6(1)(f) GDPR.
The balancing test, in plain English. We (and the Customer who requests a scan) have a legitimate interest in being able to assess, from already-public information, whether a named person's public conduct raises concerns — for example before dating someone, working with an influencer, or checking one's own public footprint. We weigh that interest against the Subject's interests, rights, and freedoms. In doing so we take account of the fact that the data is already public, that we draw only on what the person themselves made public, that we limit retention (Section 10), that we restrict permitted uses (the Terms prohibit using a Report for employment, credit, insurance, housing, or other regulated decisions), and that we provide a clear and easy way to object. Where a Subject's interests, rights, and freedoms override our interest, we will not process — or will stop processing — their data on this basis.
Right to object. Because this processing relies on legitimate interests, a Subject has the right to object at any time (Article 21 GDPR). If you object, we will stop the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is needed to establish, exercise, or defend legal claims. See Section 12 for how to object.
To show prospective customers what a Report looks like, we publish a small number of sample Reports on well-known public figures on our website. These samples analyse only content those individuals themselves chose to make public on their social-media accounts.
Their choice to be public figures is central. The Subjects of our sample Reports are people who have voluntarily chosen to become public figures — deliberately entering public life and placing themselves, their views, and their public statements before a wide audience, often to gain influence, reach, or commercial benefit. A person who makes that choice has a significantly reduced reasonable expectation of privacy in relation to the public conduct and public statements they put forward, and there is a recognised public interest in being able to examine and comment on what public figures say in public. We treat this — together with the fact that we use only already-public, self-published content — as the decisive factor in our balancing test.
Lawful basis. This publication relies on legitimate interests (Article 6(1)(f) GDPR): our interest in demonstrating the Service; the public interest in commentary on public figures' public conduct; and ACCOUNTability!'s wider purpose of promoting online accountability and countering the impunity with which toxic public online behaviour too often goes unchecked. We weigh these against the Subject's rights and freedoms. Because these Subjects chose to become public figures, because the content analysed is already public and self-published, and because the publication serves this public-interest mission and not merely our own commercial promotion, we consider the balance to favour limited demonstrative use; where it does not, we will not publish, or will remove, the relevant sample.
Your rights / removal. Sample Reports are clearly identified as samples. Any individual featured in one may object to its publication or ask us to remove it at any time by emailing team@aipoweredsocialscan.com (see Section 11 and Section 12), and we will remove a published sample promptly on a valid request. Unlike customer Reports — which we delete or anonymise after 90 days (Section 10) — a published sample remains available while in use for demonstration and is removed on objection or once no longer used.
A person's public posts may reveal "special-category" personal data under Article 9 GDPR — for example data revealing political opinions, religious or philosophical beliefs, racial or ethnic origin, trade-union membership, health, sex life, or sexual orientation. Because the Service analyses what a Subject has posted publicly, a Report may incidentally surface or infer such data.
We handle special-category data with particular care and limit our use of it:
We do not sell personal data. We share data only as needed to operate the Service:
You can request further information about the categories of service providers we use by contacting team@aipoweredsocialscan.com.
Some of the service providers described in Section 8 may be located, or may process data, outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we take steps to ensure it remains protected by appropriate safeguards recognised under the GDPR — for example the European Commission's Standard Contractual Clauses (SCCs), an adequacy decision, or another lawful transfer mechanism.
You can ask us for more information about the safeguards in place by contacting team@aipoweredsocialscan.com.
We keep personal data only for as long as necessary for the purposes described in this policy. We retain Reports and their associated scan data for 90 days from delivery, after which they are deleted or anonymised, unless a longer period is required to comply with a legal obligation or to establish, exercise, or defend legal claims (a "legal hold").
Limited Customer records — such as a transaction reference needed for accounting and tax — may be kept for the period required by law, separately from the scan data.
If you are in the EEA (and in many cases regardless of where you are), you have the following rights in relation to your personal data under the GDPR. These apply to both Customers and Subjects:
To exercise any right, email team@aipoweredsocialscan.com. We will respond within one month of receiving your request, as required by the GDPR; this period may be extended by up to two further months for complex or numerous requests, in which case we will tell you. Exercising your rights is free, although we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive. We may need to verify your identity before acting.
If you have been scanned and did not ask to be, or you simply do not want us to process your data, you can object to our processing and/or ask us to erase your data at any time. There is a simple way to do this:
Email team@aipoweredsocialscan.com and tell us who you are (for example the profile or handle that was scanned) and that you object to or want your data erased.
When you object to our legitimate-interests processing, we will stop processing your data for that purpose unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary to establish, exercise, or defend legal claims. We will confirm the outcome to you, normally within one month. You do not need to give a reason to exercise your right to object.
We take reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure — including access controls, encryption in transit, and limiting retention as described in Section 10. No system can be guaranteed to be completely secure, but we work to protect data appropriately to its sensitivity, and we expect the same of our service providers. These measures include encryption of data in transit (HTTPS/TLS), restricted and authenticated access to systems and stored data, use of reputable service providers (such as our payment provider and hosting infrastructure), and limited data retention as described in Section 10. In the event of a personal-data breach that is likely to result in a risk to individuals, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with the GDPR.
Essential cookies. Some cookies are necessary for the Service to work. These include cookies set by our payment provider, Stripe, to process payments securely and help prevent fraud. Your use of Stripe is also subject to Stripe's own privacy policy.
Analytics & advertising (consent-based). With your consent, we use the following non-essential technologies, which load only after you click “Accept” on our cookie banner and which you can refuse by clicking “Decline”:
_clck, _clsk) and similar technologies, and is used for site optimisation, fraud/security, and advertising. For more on how Microsoft collects and uses this data, see the Microsoft Privacy Statement._gcl_au.We do not load these analytics or advertising cookies until you have given consent. Essential (Stripe) cookies are always active because the Service cannot function without them.
The Service is intended for adults aged 18 or over and is not directed at children. We do not knowingly use the Service to create reports for or about children, and we do not knowingly collect Customer data from children. If you believe a child's data has been processed inappropriately, contact us at team@aipoweredsocialscan.com and we will take appropriate action.
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where a change is material, take reasonable steps to bring it to your attention. We encourage you to review this page periodically.
If you have any questions about this policy or about how we handle personal data, or if you wish to exercise your rights, please contact us:
ACCOUNTability!
General Díaz Porlier 51, Madrid, Spain
Email: team@aipoweredsocialscan.com
You also have the right to lodge a complaint with a data-protection supervisory authority. In Spain this is the Agencia Española de Protección de Datos (AEPD) (www.aepd.es). If you are in another EEA country, you may instead complain to your local supervisory authority. We would, however, appreciate the chance to address your concerns first.