Privacy Policy

1. What we collect

• Account: email address, password (hashed), full name.
• Creator context: platforms you create on, follower counts, niche, experience level — only what you enter in your profile.
• Deal content: brand-deal text, emails, and files you submit for analysis. We store this so you can revisit your history.
• Billing: handled by Stripe. We store your Stripe customer ID + subscription state (plan, status, renewal date) but never your card number.
• Usage metadata: number of analyses per month, timestamps, error logs — used for enforcing plan limits and debugging.

2. What we do with it

• Run the AI analysis pipeline on your deal content.
• Show you your own history, analytics, and recommendations.
• Charge your subscription (via Stripe).
• Email you service notifications (receipts, trial-ending reminders, password resets).
• Debug issues and improve reliability.

3. Who we share with

We share data only with infrastructure providers that we depend on to run Napplo:

• Supabase — database and authentication.
• Stripe — payment processing.
• OpenAI — LLM inference on your deal content. OpenAI’s API terms state they do not train on API inputs.
• Vercel — application hosting and basic traffic analytics.
• Resend or equivalent — transactional email.

We do not sell your data. We do not share your data with advertisers.

4. Analytics and cookies

We use Vercel Analytics to understand aggregate page-level traffic. It does not track individual users across sites and does not use third-party cookies. Essential cookies (your login session, CSRF tokens) are required for the app to function.

5. How long we keep it

• Account data: as long as your account is active.
• Deal content: as long as your account is active — your deal history lives with you.
• After account deletion: 30 days in backup, then permanently erased.
• Billing records: 7 years (legal requirement for financial records).

6. Your rights

You can:

• Access your data — visible in your dashboard and billing portal.
• Export your data — request via privacy@napplo.com.
• Correct your data — edit directly in your profile.
• Delete your account — from billing portal or by email.
• Object to processing — stop using Napplo, delete your account.

If you’re in the EU/UK, you have additional rights under GDPR. Contact us and we’ll honor them within 30 days.

7. Security

We use TLS in transit, column-level database permissions to segregate billing data from user-writable data, and row-level security to ensure one user cannot read another’s data. No system is perfectly secure; we will notify affected users within 72 hours of any confirmed breach that may affect their data.

8. Children

Napplo is not directed at children under 13. We do not knowingly collect data from children. If we learn we have, we’ll delete it.

9. Changes

Material changes to this policy will be emailed to the address on file before they take effect. Other changes will be noted with the “Last updated” date above.

10. Contact

Privacy questions? Email privacy@napplo.com.