Privacy Policy
Effective Date: June 11, 2026 | Document Version: 2.0.0
1. Information Collection and Scopes
We collect user profiles credentials (emails, passwords, names), organization attributes (agency industry, size), positioned brand coordinates, and client CRM data. We log outgoing webhook payloads and security events for delivery audits.
2. Data Isolation and Storage
All customer database profiles, brand strategy settings, calendars, and channels chat dialogues are stored within segregated tables protected by PostgreSQL Row Level Security. We do not inspect, sell, or train external LLM foundation models on your tenant's strategy files, client positioning assets, or custom brand memory matrices.
Note: Offline data generated while Supabase environment configurations are missing resides locally inside your browser/system directory (`mockDb.json`) and is never uploaded.
3. AI Providers and Processing
Strategic prompts, captions briefs, and storyboard concepts are sent securely to primary (Google Gemini) and secondary (OpenAI) developer endpoints. These requests are governed under strict API privacy regulations—meaning your data is processed dynamically without being retained for training models.
4. Webhook Security
Custom webhooks dispatch operational events (e.g. `campaign.published`, `client.at_risk`) to target listener URLs. Ensure your listener endpoints use secure HTTPS protocols and handle incoming payloads with token validation checks.