Privacy Policy

Effective date: April 29, 2026

Last updated: May 19, 2026

1. Introduction

Protomate (protomate.app) is an AI social media automation SaaS for e-commerce stores. This policy explains what we collect, why we collect it, how we protect it, and your rights.

2. Information We Collect

  • Account data: name and email via Supabase Auth.
  • Store data: store URL, product catalog, brand voice settings, and post history.
  • Social platform data: Facebook Page IDs and encrypted tokens, Instagram Business IDs, Pinterest account and board IDs with encrypted tokens, WordPress site URLs and credentials, published content, and engagement metrics.
  • Payment data: subscription plan and billing cycle; card numbers are processed by Stripe and never stored by Protomate.
  • Usage data: dashboard interactions, feature usage, and session data.
  • Cookies: auth session cookies only; no third-party ad cookies.

3. How We Use Your Information

  • Generate AI-powered social content and images.
  • Schedule and publish posts automatically to connected channels (Facebook, Instagram, Pinterest, WordPress).
  • Display Facebook, Instagram, and Pinterest analytics.
  • Process subscriptions and billing emails.
  • Improve reliability using aggregated, anonymized insights.
  • We do not use data for advertising.
  • We do not sell data to third parties.
  • We do not use your content to train AI models without explicit consent.

4. Data From Meta Platforms (Facebook & Instagram)

We access Facebook and Instagram data only after explicit Meta OAuth permission.

Permissions and purpose:

  • pages_manage_posts: publish posts to Facebook Page.
  • pages_read_engagement: show Facebook analytics.
  • instagram_content_publish: publish captions and images to Instagram.
  • instagram_manage_insights: show Instagram analytics.
  • Tokens are encrypted at rest.
  • Data is accessed only to provide Protomate features.
  • No sharing except services listed in section 7.
  • Revoke from Protomate: Settings -> Channels -> Disconnect.
  • Or revoke from Facebook: facebook.com/settings -> Apps and Websites.
  • We comply with Meta Platform Terms and Developer Policies. Meta policy: facebook.com/policy.

5. Data From Pinterest

We access Pinterest data only after explicit Pinterest OAuth permission. Connecting a Pinterest account is optional and only used to publish Pins and read board / Pin metrics on your behalf.

Scopes and purpose:

  • user_accounts:read:identify which Pinterest account you have connected and display it in Settings -> Channels.
  • boards:read: let you choose which board AI-generated Pins are published to.
  • boards:write:create a new board from inside Protomate when your account has no boards yet (used only when you click "Create a board").
  • pins:write: publish AI-generated Pins (image + title + description + destination link) to the boards you select.

What we store:

  • Your Pinterest account ID, username, and display name.
  • The list of boards you choose to publish to (board ID, name, privacy).
  • Encrypted Pinterest OAuth access & refresh tokens.
  • Pins Protomate has published on your behalf and their public metrics.

What we do not do:

  • We do not download, mirror, or sell your Pinterest content.
  • We do not use Pinterest data for advertising or to train AI models.
  • We do not share Pinterest data outside the third-party services listed in section 7.

How to revoke:

  • In Protomate: Settings -> Channels -> Pinterest -> Disconnect (deletes the stored tokens within 24 hours).
  • On Pinterest: Settings -> Apps and websites -> remove Protomate.

Protomate complies with the Pinterest Developer Guidelines and Pinterest Advertising / Community Guidelines: Pinterest Privacy Policy.

6. Google API Data - Limited Use Disclosure

  • Protomate uses Google Gemini API for caption and image generation.
  • Use of Google API data complies with Google API Services User Data Policy, including Limited Use requirements.
  • Google API data is used only to provide and improve Protomate AI features.
  • We do not use Google API data for advertising.
  • We do not sell, transfer, or disclose Google API data except to provide service or as legally required.

7. Third-Party Services

  • Supabase: authentication, account/store/post database.
  • Stripe: subscription payment processing.
  • Google Gemini API: content generation using product names and brand settings.
  • Upstash Redis: queueing with post IDs and timing.
  • Vercel: hosting and CDN with standard web traffic data.
  • Meta Graph API: publishing content and retrieving engagement metrics.
  • Pinterest API v5: publishing Pins to selected boards and retrieving public Pin metrics.
  • WordPress REST API: publishing blog posts to self-hosted WordPress and WordPress.com sites you connect.

8. Data Retention

  • Account and store data: while active + 90 days after deletion.
  • Post content and AI memories: during active subscription.
  • Facebook / Instagram / Pinterest / WordPress tokens: deleted immediately when the channel disconnects or the account is deleted.
  • Payment records: retained 7 years for legal/accounting compliance (Stripe).

9. Your Rights (GDPR & Equivalent Laws)

You may request Access, Rectification, Erasure, Restriction, Portability, and Object rights.

Email contact@protomate.app with subject "Data Rights Request".

We respond within 30 days. You may also lodge a complaint with your local data protection authority.

10. Data Deletion

  • Dashboard: Settings -> Account -> Delete Account.
  • Email: contact@protomate.app with subject "Data Deletion Request".

We permanently delete personal data, post history, store data, and access tokens within 30 days.

Backup copies may remain for up to 90 days before final deletion.

Payment records are retained for 7 years for legal compliance.

11. Cookies

  • Session cookies from Supabase keep you logged in.
  • No advertising cookies or third-party tracking cookies.
  • Disabling cookies may prevent login and core functionality.

12. Children's Privacy

  • Protomate is not directed to children under 16.
  • We do not knowingly collect personal data from children under 16.
  • If this occurred, contact contact@protomate.app for removal.

13. Changes to This Policy

  • We notify users by email at least 30 days before material changes.
  • Continued use after effective date means acceptance.
  • Previous versions are available on request.

14. Contact Us

  • Email: contact@protomate.app
  • Website: protomate.app
  • For deletion: subject "Data Deletion Request".
  • For Meta questions: subject "Meta Data Request".
  • For Pinterest questions: subject "Pinterest Data Request".