Privacy Policy

Introduction

At Instathink ("we", "our", or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our workflow automation platform and related services.

1. Information We Collect

Facebook Information

When you sign in with Facebook, we collect:

• Your public profile name and photo
• Email address
• Facebook User ID (for authentication)
• Basic profile information you've authorized

Direct Registration Information

If you create an account directly, we collect:

• Full name
• Email address
• Password (securely hashed)
• Phone number (optional)
• Company information (if applicable)

Usage Information

We automatically collect:

• IP address and approximate location
• Browser type and operating system
• Usage patterns and platform interactions
• Workflow configurations
• Performance metrics and error logs
• Data from connected service integrations

2. How We Use Your Information

We use the collected information to:

• Provide and maintain our services
• Authenticate your identity and manage your account
• Personalize your Instathink experience
• Process transactions and payments
• Communicate service updates
• Respond to support requests and customer service
• Improve our services and develop new features
• Detect, prevent, and address technical issues
• Comply with legal obligations and enforce our terms
• Analyze usage trends to optimize the platform

3. Facebook Integration

When you connect using Facebook Login:

• We only access permissions you explicitly authorize
• You can revoke these permissions anytime from your Facebook settings
• We don't post on your behalf without explicit consent
• We don't share your Facebook information with third parties
• We comply with Meta Platform Policies
• We respect your Facebook privacy settings

4. Data Storage and Security

Your information is securely stored using:

• Enterprise-grade encryption via Supabase infrastructure
• SSL/TLS encryption for all data transmissions
• Password encryption using bcrypt algorithms
• Two-factor authentication (2FA) available
• Restricted access to personal information (authorized personnel only)
• Regular security monitoring and audits
• Automated backups and disaster recovery
• ISO 27001 security standard compliance

5. Information Sharing

We DO NOT sell, trade, or transfer your personal information to third parties.

We only share information when:

• You have given explicit consent
• Required by law or legal process
• Necessary to protect our rights or safety
• With essential service providers (under confidentiality agreements):
  • Supabase (database and authentication)
  • Stripe (payment processing)
  • SendGrid (email notifications)

6. Your Rights

You have the following rights regarding your personal information:

• Access your personal information
• Correct inaccurate or outdated data
• Request deletion of your account and data
• Revoke Facebook permissions anytime
• Export your data in portable format (JSON/CSV)
• Opt-out of marketing communications
• Restrict processing of your information
• Object to certain data uses

To exercise these rights, contact us at privacy@instathink.io

7. Cookies and Tracking Technologies

We use cookies to:

• Keep you signed in
• Remember your preferences and settings
• Improve site functionality and performance
• Analyze platform usage (Google Analytics)
• Prevent fraud and improve security

Types of cookies we use:

• Essential: Required for basic functionality
• Functional: Enhance your user experience
• Analytics: Help us understand platform usage
• Marketing: Only with your explicit consent

8. Data Retention

We retain your personal information:

• While your account is active
• As necessary to comply with legal obligations
• To resolve disputes and enforce agreements
• Billing data is retained per tax requirements (5-7 years)

If you request account deletion, we process your request within 30 days and delete or anonymize your personal information, except where legally required to retain it.

9. Changes to This Policy

We may update this privacy policy occasionally to reflect:

• Changes in our information practices
• New features or services
• Legal or regulatory requirements
• User feedback

We'll notify you of significant changes via:

• A prominent notice on our platform
• Email notification
• Updated “Last updated” date

10. Meta/Facebook Compliance

This app complies with:

• Meta Platform Policies
• Facebook Terms of Service
• Facebook Login requirements
• Meta app review guidelines

We respect Facebook users' privacy settings and only access data for which we have received explicit permission.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards:

• EU-approved Standard Contractual Clauses
• Privacy Shield certifications (where applicable)
• Data protection impact assessments
• Additional technical and organizational measures

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you are a parent/guardian and believe your child has provided us with personal information, please contact us immediately to delete such data.

13. Legal Basis for Processing (GDPR)

We process your personal information under the following legal bases:

• Consent: For marketing and non-essential cookies
• Contract: To provide our services
• Legitimate Interest: To improve services and prevent fraud
• Legal Obligation: To comply with applicable laws

14. Regional Rights

European Union Residents (GDPR)

• Right to access, rectification, and erasure
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with supervisory authority

California Residents (CCPA/CPRA)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of information sale
• Right to non-discrimination for exercising rights

Brazil Residents (LGPD)

• Confirmation of processing existence
• Access to data
• Correction of incomplete or inaccurate data
• Anonymization, blocking, or deletion of data

15. Data Breach Notification

In the unlikely event of a security breach affecting your personal information:

• We will notify you within 72 hours of discovery
• We will provide details about affected data
• We will inform you of remediation measures taken
• We will offer recommendations to protect your information
• We will notify regulatory authorities as required by law

16. Contact

If you have questions, concerns, or requests about this Privacy Policy, contact us:

17. Legal Compliance

This Privacy Policy is designed to comply with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA/CPRA) - United States
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Federal Law on Protection of Personal Data - Mexico
• Meta/Facebook Platform Policies

We are committed to maintaining the highest privacy protection standards for all our users worldwide.