Legal

Privacy Policy

Last updated: April 18, 2026

Controller: 4Word (Forward) — contact@4word.com.br — Brazil

1. Introduction

This Privacy Policy explains how 4Word ("we", "us", "our") collects, processes, stores, and discloses personal data through our websites at 4word.com.br and our product Motoko at motoko.4word.com.br. It applies to all users of our services, regardless of location.

We are committed to protecting your privacy and complying with the European Union's General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), and the LinkedIn Developer Messaging Agreement (DMA) data portability and compliance requirements.

2. Data Collected from LinkedIn

When you connect your LinkedIn account to Motoko via LinkedIn's OAuth authorization flow, we collect the following personal data through the official LinkedIn API:

  • Profile information: first name, last name, headline, industry, profile photo, public profile URL, and LinkedIn member URN.
  • Posts and content: posts authored by you, including text, images, and media attachments, as needed to analyze your content strategy and generate new AI-driven content on your behalf.
  • Engagement metrics: likes, comments, shares, impressions, and reach for posts you have authored. We do not collect engagement data for posts authored by third parties.
  • Connections count: the aggregate number of your LinkedIn connections. We do not collect your connections list or their personal data.

We only collect data for LinkedIn scopes you explicitly authorize during OAuth consent. You can revoke authorization at any time in your LinkedIn account settings.

3. How Data is Processed

We process the data described above for the following purposes:

  • AI-driven analysis (via Anthropic Claude AI): your LinkedIn content and engagement metrics are sent to Anthropic's Claude API to generate profile audits, content strategies, calendars, posts, and carousels. Anthropic does not train on your data under our enterprise agreement.
  • Visual content generation (via Ideogram): prompts derived from your brand and industry are sent to Ideogram's image-generation API to produce LinkedIn banners and post visuals. No personal data beyond the generated prompt text is transmitted.
  • Analytics and recommendations: aggregated performance metrics are used to recommend optimal posting times, content formats, and topics.
  • Service delivery and support: data is used to operate, maintain, and support the Motoko service.

Legal basis (GDPR Art. 6): processing is based on your explicit consent (Art. 6(1)(a)) given during LinkedIn OAuth and during account creation, and on the necessity of processing for the performance of our contract with you (Art. 6(1)(b)).

4. Data Retention

We retain your LinkedIn-derived personal data for a rolling period of six (6) months from the date of collection. After six months, data is automatically deleted from our production systems.

  • Generated content (posts, banners, carousels) you have saved is retained until you delete it or terminate your account.
  • Account metadata (email, subscription status, authentication tokens) is retained for the duration of your active account and deleted within 30 days of account termination.
  • Encrypted backups may retain data for up to 35 additional days before being permanently purged.

5. Your Rights

Under GDPR (Articles 15–22), LGPD (Articles 18–22), and the LinkedIn DMA, you have the following rights at no cost:

  • Right to access (Art. 15): request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
  • Right to erasure / "right to be forgotten" (Art. 17): request deletion of your personal data.
  • Right to restriction (Art. 18): request that we restrict processing of your data.
  • Right to data portability (Art. 20 — DMA): receive your personal data in a structured, commonly used, machine-readable format (JSON), and transmit it to another controller. This right specifically satisfies the LinkedIn DMA data portability requirement.
  • Right to object (Art. 21): object to processing based on legitimate interests.
  • Right to withdraw consent: withdraw your consent at any time without affecting prior lawful processing.
  • Right to lodge a complaint: lodge a complaint with your local supervisory authority (ANPD in Brazil, or your EU Member State authority).

To exercise any of these rights, email contact@4word.com.br with the subject line "Data Request". We will respond within 30 days.

6. Third-Party Services

We use the following third-party services to deliver Motoko:

  • LinkedIn API (LinkedIn Ireland Unlimited Company): source of profile, post, and engagement data. Governed by LinkedIn's Privacy Policy and DMA.
  • Anthropic Claude API (Anthropic PBC): AI inference for content generation. Data processed under Anthropic's commercial Data Processing Agreement; not used for model training.
  • Ideogram (Ideogram AI, Inc.): AI image generation. Only derived prompt text is transmitted; no LinkedIn personal data is sent.
  • Hetzner Online GmbH (Germany): EU-based cloud infrastructure hosting our servers and databases.
  • Stripe, Inc.: payment processing for Pro subscriptions. Payment card data is handled directly by Stripe under PCI-DSS Level 1; we do not store card numbers.

We do not sell, rent, or trade your personal data to any third party. We do not use advertising networks or tracking pixels.

7. Contact for Data Requests

For any question, data request, or complaint regarding this Privacy Policy or our processing of your personal data:

  • Email: contact@4word.com.br
  • Subject line: "Data Request" for access, deletion, portability, or rectification requests
  • Response time: within 30 calendar days (as required by GDPR Art. 12)

8. GDPR / DMA / LGPD Specific Language

Legal Basis for Processing (GDPR Art. 6)

We rely on the following lawful bases: (a) your explicit consent given during LinkedIn OAuth and account creation, (b) the necessity of processing for the performance of the service contract between you and 4Word, and (c) our legitimate interest in operating and improving the Motoko service where such interest is not overridden by your fundamental rights.

LinkedIn DMA Data Portability Compliance

In accordance with the LinkedIn Developer Messaging Agreement and Article 20 of GDPR, we commit to:

  • Providing your LinkedIn-derived data to you on request, in a structured, commonly used, machine-readable format (JSON).
  • Supporting data portability from Motoko to any other service of your choice.
  • Honoring any LinkedIn-initiated data deletion or member opt-out within 30 days.
  • Not retaining LinkedIn member data beyond the purpose and timeframe disclosed in this policy.

Governing Law and Jurisdiction

This policy is governed by the laws of the Federative Republic of Brazil, with alignment to the EU GDPR where applicable. Disputes shall be resolved in the courts of São Paulo, Brazil, without prejudice to your right as a data subject to lodge a complaint with a supervisory authority in your jurisdiction.

International Data Transfers

Our infrastructure is hosted in the European Union (Hetzner, Germany). When data is transferred to third-party processors located outside the EU/EEA (e.g., Anthropic in the United States), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

Security Measures

We implement industry-standard security measures, including TLS 1.3 encryption in transit, encryption at rest for databases and backups, OAuth 2.0 for LinkedIn authentication, role-based access control, and regular security reviews.

Changes to this Policy

We may update this Privacy Policy periodically. Material changes will be notified via email at least 14 days before taking effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.