Privacy Policy

1. How We Collect Personal Data

Personal data collection depends on your interaction with GreetFan:

• Service Usage: When you connect Instagram/Meta accounts via official OAuth protocols.
• Content Import: Comments, messages, and engagement metadata fetched via verified API endpoints for the purpose of automation.
• Communication: When you email our support team or submit inquiry forms on our site.
• Automated Logs: Technical metadata (IP, browser type, usage frequency) collected for security and system optimization.

2. What Types of Personal Data We Process

We process the following categories of information:

• Account Credentials: Name, professional email, and encrypted OAuth tokens. We never store Instagram passwords.
• Financial Information: Billing details and payment history processed securely via Stripe.
• Customer Content: "User Generated Content" including responses, brand personas, and synched interactions.
• Technical Usage Data: Session logs, device identifiers, and interaction performance metrics.

3. Local AI & Data Sovereignty Protocol

Our architecture is built to ensure absolute data isolation.

4. Purpose of Processing

We use your data solely for the following business functions:

• To Operate the Service: Maintaining your engagement autopilot and response workflows.
• Analytics & Growth: Generating ROI reports and sentiment analysis for your accounts.
• Communication: Sending system updates, security alerts, and support responses.
• Compliance: Meeting legal, tax, and regulatory obligations.

5. Sharing & Disclosure

We do not sell your personal data. We disclose data only in these limited cases:

• Service Providers: Secure sub-processors for billing (Stripe) and infrastructure hosting.
• Legal Compliance: When required by valid subpoena or verified government request.
• Business Transfers: In the event of a merger, where the successor must uphold these privacy standards.

6. Your Global Data Rights

Regardless of your location, GreetFan provides all users with:

• The Right to Access: View all data we have collected regarding your automated interactions.
• The Right to Erasure: Permanent, unrecoverable deletion of your account and all AI data.
• The Right to Portability: Export of your interaction history and brand personality profiles.

7. Data Retention

We retain your personal data only as long as your account remains active. System logs are purged every 90 days. Upon account deletion, all Customer Content enters a 30-day "grace period" before permanent cryptographic deletion, unless a longer period is required by law.

8. International Data Transfers

GreetFan primary hosts data in secured US and EU regions. For international transfers, we utilize Standard Contractual Clauses (SCCs) to ensure data receives a level of protection consistent with your home jurisdiction.

9. Children's Information

GreetFan is not intended for use by anyone under the age of 18. We do not knowingly collect or solicit personal data from anyone under 18. If we confirm such data has been collected without parental consent, we will delete it promptly.

10. Legal Basis (GDPR / UK / Brazil Only)

If you are located in the EEA, UK, or Brazil, we process data based on:

• Contract Performance: Processing required to provide the GreetFan Service.
• Legitimate Interest: Processing required for security, support, and service optimization.
• Consent: Where you have explicitly opted in for marketing communications.

11. For California Residents (CCPA/CPRA)

California residents have specific rights to know, delete, and opt-out of "sales" of personal data. GreetFan does not "sell" data as defined under California law. You may exercise your rights twice in a 12-month period by contacting us.

12. Security Architecture

Our commitment to security includes:

13. How to Contact Us

For privacy inquiries or to exercise your rights: