Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

Account Registration

When you create an Optimate account, we collect:

• Name
• Email address
• Authentication credentials (managed securely via Supabase)
• Account type (e.g. individual, business, agency)
• Optional profile details

Billing Information

If you subscribe to a paid plan:

• Payments are processed by Stripe
• We do not store or access card numbers
• Stripe may process billing name, address and payment history

Content and Inputs

We collect content you choose to create or store in Optimate, including:

• AI prompts
• Generated content (captions, hooks, hashtags, ideas)
• Saved posts, drafts and plans
• Uploaded media
• In-app messages or notes

1.2 Social Media Account Data (OAuth Integrations)

Optimate allows you to connect third-party social media accounts using official OAuth authorisation flows. Access is limited to the permissions you explicitly grant. We primarily use read-only permissions for analytics and insights.

You may disconnect integrations at any time via:

• The relevant social platform’s app settings, or
• Optimate’s account settings

TikTok

Via TikTok OAuth, Optimate may access:

• Public profile information
• Video list and metadata
• Analytics and performance metrics

We do not access private messages and do not publish content.

Instagram & Facebook (Meta)

Via Facebook Login and Instagram Graph API, Optimate may access:

• Profile or Page information
• Insights and analytics (reach, impressions, engagement)
• Media and post performance data

We do not post, comment or send messages unless explicitly authorised in a future feature.

LinkedIn

Via LinkedIn OAuth, Optimate may access:

• Basic profile or company page information
• Post analytics and engagement metrics

We do not publish posts without explicit user permission.

X (Twitter)

Via X OAuth, Optimate may access:

• Public profile data
• Tweet analytics and engagement metrics

We do not send tweets or direct messages.

OAuth Tokens

When you connect an account, we securely store:

• Access tokens
• Refresh tokens (if provided)
• Token expiry information

Tokens are stored securely and used only to provide Optimate features.

1.3 Automatically Collected Information

We may automatically collect:

• IP address
• Device and browser type
• Usage data (pages visited, interactions, session duration)
• Log files and error diagnostics

This data helps us operate, secure and improve the Service.

2. How We Use Your Information

We use personal data to:

• Provide and operate the Optimate Service
• Authenticate users and manage accounts
• Deliver analytics, insights and AI-powered features
• Process subscriptions and billing
• Communicate service updates and support requests
• Improve performance, security and reliability
• Comply with legal and regulatory obligations

3. AI-Generated Content

Optimate uses third-party AI service providers (such as OpenAI or similar providers) to generate content, insights and recommendations.

• Inputs are processed securely
• Data is not used to train public AI models
• AI output may be inaccurate or incomplete

You are responsible for reviewing AI-generated content before using or publishing it.

4. Legal Bases for Processing (GDPR)

We process personal data under the following lawful bases:

• Contractual necessity – to provide the Service
• Legitimate interests – improving and securing the platform
• Consent – where required (e.g. marketing, optional integrations)
• Legal obligations – where required by law

5. Data Sharing & Sub-Processors

We share data only with trusted third parties necessary to operate the Service, including:

• Supabase – authentication, database and storage
• Stripe – billing and payments
• AI providers – AI inference and analysis
• Hosting providers (e.g. Vercel)
• Analytics, monitoring and communication tools

We ensure appropriate contractual and security safeguards are in place.

6. International Data Transfers

Personal data may be processed outside the UK or EEA. Where this occurs, we use appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.

7. Data Retention

We retain personal data only for as long as necessary to provide the Service, meet legal and accounting requirements, resolve disputes and enforce agreements. Data may be deleted or anonymised when no longer required.

8. Data Deletion & User Rights

You have the right to:

• Access your personal data
• Request correction or deletion
• Object to or restrict processing
• Request data portability
• Withdraw consent where applicable

Account & Data Deletion

You may request deletion of your account and associated data by using in-app account deletion tools (where available), or contacting info@optimatesocial.com. Upon verified request, we will delete or anonymise personal data in accordance with applicable legal obligations.

9. Security

We implement technical and organisational measures designed to protect personal data, including secure hosting and encryption where appropriate, access controls and monitoring, and least-privilege access principles. No system is completely secure, but we take reasonable steps to protect your data.

10. Children’s Privacy

Optimate is not intended for individuals under the age of 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the website or within the Service. Continued use of Optimate constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data rights, please contact: