Privacy Policy

1. Introduction

Circlify AI ("we", "our", or "us") operates the Circlify social media engagement platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including data obtained through Facebook and Instagram APIs provided by Meta Platforms, Inc.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account registration details (name, email address, password)
• Brand and business information you configure
• Custom reply templates and brand voice preferences

2.2 Meta Platform Data

When you connect your Facebook and Instagram accounts, we access and store the following data through Meta's APIs:

• Public Profile: Your Facebook user ID and name for authentication
• Facebook Pages: Page names, IDs, categories, follower counts, and access tokens for Pages you manage
• Instagram Business Accounts: Username, profile picture, follower count, media count for connected Instagram professional accounts
• Posts and Media: Your Instagram and Facebook posts including captions, media URLs, engagement metrics (likes, comments, shares, saves, reach, impressions)
• Comments: Comments on your posts including commenter usernames, comment text, timestamps, and like counts
• Direct Messages: Instagram Direct and Facebook Messenger conversations for customer service management (only when you explicitly grant this permission)
• Page Insights: Aggregated analytics data including post performance, audience demographics, and engagement metrics

2.3 Automatically Collected Information

• Browser type and version
• IP address and approximate location
• Usage patterns and feature interactions
• Device information

3. How We Use Your Information

We use the collected information to:

• Provide and maintain the Service, including comment management and AI-assisted reply generation
• Display your social media engagement data in a unified dashboard
• Generate AI-powered reply suggestions based on your brand voice and previous responses
• Post approved replies to Instagram and Facebook on your behalf
• Provide analytics and insights about your social media engagement performance
• Identify customer support requests and actionable comments requiring attention
• Track sentiment analysis of comments for business intelligence
• Manage direct message conversations for customer service
• Send you service notifications and updates
• Improve and optimize the Service

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following service providers, strictly for the purpose of delivering the Service:

• Supabase: Database hosting, authentication, and serverless functions (data storage and processing)
• OpenRouter / OpenAI: AI language models used to generate reply suggestions and perform sentiment analysis. Only comment text and post captions are sent to AI models - no personal identifiers are included.
• Meta Platforms (Facebook/Instagram): To post approved replies and fetch engagement data via Graph API
• Cloudflare: CDN and SSL/TLS for secure content delivery

We do not share Meta Platform Data with any advertising networks, data brokers, or other third parties not listed above.

5. Data Storage and Security

Your data is stored on Supabase's infrastructure with encryption at rest and in transit. Access tokens for Meta APIs are stored securely and are never exposed to the frontend application. All database tables are protected by Row Level Security (RLS) policies ensuring users can only access their own data. All connections use HTTPS/TLS encryption.

6. Data Retention

We retain your data for as long as your account is active. Meta API access tokens are stored for up to 60 days (the maximum lifetime of a long-lived token) and are refreshed as needed. Engagement data (comments, analytics) is retained for the duration of your account to provide historical analytics. You may request deletion of your data at any time (see Section 8).

7. Your Rights

You have the right to:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your data (see Section 8)
• Portability: Request your data in a machine-readable format
• Withdraw Consent: Revoke Meta API permissions at any time through your Facebook settings
• Object: Object to processing of your data for specific purposes

8. Data Deletion

You can request deletion of all your data associated with our Service in the following ways:

• Through our app: Visit our Data Deletion page and submit a deletion request
• Through Facebook: Remove our app from your Facebook settings at Settings > Apps and Websites > Circlify > Remove. This will trigger automatic data deletion on our end.
• By email: Contact us at the email address listed in Section 12

Upon receiving a deletion request, we will delete all your personal data and Meta Platform Data within 30 days. Some anonymized, aggregated data may be retained for service improvement purposes.

9. Meta Platform Data Use

Our use of information received from Meta APIs adheres to the Meta Platform Terms and the Meta Developer Policies. Specifically:

• We only request permissions necessary for the features we provide
• Meta Platform Data is not sold to third parties
• Meta Platform Data is not used for advertising or ad targeting
• Meta Platform Data is not transferred to any data broker
• Users can revoke access at any time through their Facebook or Instagram account settings

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without verification of parental consent, we will take steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: