Privacy Policy

1. Introduction

Caroussel.ai (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered carousel generation service, including when you connect third-party social media accounts such as Instagram and TikTok.

By using Caroussel.ai, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, name, and password when you register
• Profile Information: Profile picture and display name
• Content: Carousel prompts, generated text, uploaded images, and created content
• Payment Information: Billing details processed securely by our payment provider (Stripe)
• Communications: Messages when you contact our support team

2.2 Information from Third-Party Platforms

When you connect your social media accounts, we collect:

• Instagram/Meta: Your Instagram Business Account ID, username, profile picture, and access tokens necessary to publish content on your behalf
• TikTok: Your TikTok user ID, username, display name, avatar, and access tokens necessary to publish content on your behalf

We only request the minimum permissions necessary to provide our publishing features. We do not access your private messages, follower lists, or content posted outside of our service.

2.3 Automatically Collected Information

• Usage Data: Features used, content created, and interaction patterns
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address, access times, and pages viewed
• Cookies: Session cookies for authentication and analytics cookies for service improvement

3. How We Use Your Information

We use collected information to:

• Provide Services: Generate carousels, process your content, and enable publishing to connected platforms
• Publish Content: Post carousels to Instagram and TikTok on your behalf when you authorize publication
• Process Payments: Handle subscriptions and billing through our payment processor
• Communicate: Send service updates, security alerts, and respond to support requests
• Improve Services: Analyze usage patterns to enhance features and user experience
• Ensure Security: Detect fraud, prevent abuse, and protect our users
• Legal Compliance: Meet our legal obligations and enforce our terms

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

4.1 Third-Party Platforms (with your consent)

• Meta/Instagram: When you publish content to Instagram, we share your carousel images and captions with Meta's API
• TikTok: When you publish content to TikTok, we share your carousel images and captions with TikTok's API

Content is only shared when you explicitly initiate a publish action. You control what gets published and when.

4.2 Service Providers

• Cloud Hosting: Supabase and Vercel for data storage and hosting
• AI Services: OpenAI, Google, and Hugging Face for content generation
• Payment Processing: Stripe for secure payment handling
• Analytics: Privacy-focused analytics to improve our service

4.3 Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of Caroussel.ai, our users, or others.

5. Data Security

We implement industry-standard security measures:

• All data is encrypted in transit (TLS/SSL) and at rest
• Access tokens for social platforms are encrypted and stored securely
• We use secure authentication with password hashing
• Regular security audits and monitoring
• Limited employee access to personal data on a need-to-know basis

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

• Account Data: Retained while your account is active
• Content: Your carousels and images are retained until you delete them or your account
• Social Tokens: Access tokens are retained while the connection is active and deleted when you disconnect
• Logs: Server logs are retained for up to 90 days for security purposes

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your Rights and Choices

7.1 Account Controls

• Access: View your data in your account settings
• Update: Correct your profile information at any time
• Delete: Delete your account and all associated data
• Export: Request a copy of your data in a portable format
• Disconnect: Revoke access to connected social accounts at any time

7.2 GDPR Rights (European Users)

If you are in the European Economic Area, you have additional rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

7.3 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed and to whom
• Say no to the sale of personal information (we do not sell your data)
• Access your personal information
• Request deletion of your personal information
• Not be discriminated against for exercising your rights

8. Third-Party Platform Policies

When you connect third-party accounts, your use is also subject to their privacy policies:

• Instagram/Meta Privacy Policy
• TikTok Privacy Policy

We encourage you to review these policies before connecting your accounts.

9. Children's Privacy

Caroussel.ai is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, where required.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page, updating the “Last updated” date, and sending an email notification for significant changes.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about our data practices, please contact us:

• Email: privacy@caroussel.ai
• Data Protection Officer: dpo@caroussel.ai

For EU residents, you also have the right to lodge a complaint with your local data protection authority.