Privacy needs to cover both members and automation.
The product now includes account, payment and editorial workflow layers. That means privacy language should clearly explain what is stored and why.
Account data
Account data is used to manage sign-in, membership access, profile status and subscription state. The minimum data principle should apply: collect what is needed to operate the product cleanly, not more.
Billing and access state
Payment and access metadata may be used to determine which content bundle a member can open. This is an operational requirement, not a marketing shortcut.
Editorial workflow data
Editorial workflow data can include source links, moderation logs, approval actions and publish decisions for audit purposes. This helps explain how a post reached the live feed and why.
Security handling
Operational secrets such as API keys, workflow tokens and webhook secrets must stay in server-side environment variables only. They should never appear in frontend bundles or public source code.