The Content Farm ("we", "our", or "us") operates the The Content Farm iOS application. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using the app you agree to the practices described in this policy.
1. Information We Collect
Account Information
- Name and email address (via Apple Sign-In or Google Sign-In)
- Profile photo (optional, uploaded by you)
- Display name and contact email for your public media kit (optional)
Connected Social Accounts
When you connect your Instagram or TikTok accounts we collect and store:
- OAuth access tokens and refresh tokens
- Username, follower count, and profile information
- Post performance data: views, likes, comments, shares, saves, reach, and engagement rates
- Post captions, thumbnails, and permalinks
- Audience demographics (age, gender, location) — Instagram only, requires separate permission approval
Gmail Integration
If you connect your Gmail account we access your inbox with read-only scope to identify brand partnership emails. We store:
- Email thread IDs, message snippets, sender names, and timestamps
- Full message body only when you explicitly open a message in the app
We never store your Gmail password and never send emails without your explicit action.
Content You Save
- Posts you save for analysis: thumbnails, captions, transcripts, and AI-generated insights
- Collections you create and the posts they contain
Business Data
- Brand deal information you enter: brand name, deal value, status, deliverables, notes
- Deliverable attachments you upload for client review
- Client email addresses you enter for review workflows
- Media kit content: headline, about section, rate packages, past collaboration details
Usage and Technical Data
- App preferences and settings (manager choice, meeting schedule, timezone)
- Goal targets (follower and revenue goals)
2. How We Use Your Information
- To provide AI-powered content analysis and manager insights
- To display your social media performance statistics on the Home screen
- To generate your public media kit page
- To power the brand deal pipeline and client review workflow
- To generate weekly content check-ins (Pulse) comparing your top and bottom performing posts
- To prepare personalised meeting briefings based on your content and business data
- To send review and feedback emails on your behalf via the Send for Review feature
We do not sell your personal data. We do not use your data to train AI models beyond generating insights displayed to you within the app.
3. Third-Party Services
We use the following third-party services to operate the app:
- Supabase — database, authentication, and file storage (servers in AWS us-east-1)
- OpenAI — AI analysis of your posts and generation of manager insights and meeting briefings. Post content (captions, thumbnails, transcripts) is sent to OpenAI's API for this purpose.
- ElevenLabs — text-to-speech for manager voice notes in Pulse check-ins and meetings
- Resend — transactional email delivery for the Send for Review feature
- Apify — video frame extraction from your connected social account posts for Pulse analysis
- Cloudflare — hosting for your public media kit page and the client review portal
- Meta (Instagram Graph API) — social account connection and data sync
- TikTok API — social account connection and data sync
- Google (Gmail API) — email thread access for brand partnership management
Each of these services operates under their own privacy policies and data processing agreements.
4. Platform-Specific Data Usage
The following describes exactly what data we access from each connected platform, why we access it, and how it is handled.
Instagram (Meta)
Permissions requested: instagram_business_basic, instagram_business_manage_insights
Data accessed:
- Username, profile photo, follower count, and account biography
- Media objects: captions, cover thumbnails, permalink, and publish timestamp
- Media insights: views, likes, comments, shares, saves, reach, impressions, and engagement rate
- Audience demographics (age ranges, gender split, top locations) — requires
instagram_business_manage_insights
Purpose: display your Instagram performance statistics on the Home screen, generate weekly Pulse briefings comparing your top and bottom performing posts, populate your public media kit, and enable AI analysis of post content and trends.
Storage: synced to our Supabase database. OAuth access and refresh tokens are stored encrypted. Historical post data is retained to support trend analysis within the app.
We do not post to Instagram, modify your account, manage your ads, or access your direct messages. Your Instagram data is never sold or used to train AI models. It is shared only with Supabase (storage) and OpenAI (post analysis, at your request).
TikTok
Permissions requested: user.info.basic, video.list, video.insights
Data accessed:
- Username, profile photo, and follower count
- Video list: captions, cover thumbnails, share URLs, and publish timestamps
- Video performance metrics: views, likes, comments, shares
Purpose: display TikTok performance on the Home screen, generate Pulse briefings, populate your media kit, and enable AI analysis of content trends.
Storage: synced to Supabase. OAuth tokens stored encrypted. Historical video data retained for trend analysis.
We do not post to TikTok, modify your account, or access your direct messages. Your TikTok data is never sold or used to train AI models.
Google (Gmail)
Permissions requested: https://mail.google.com/ (Mail.ReadWrite — required to read brand emails, create reply drafts, send replies, and delete draft messages after sending)
Data accessed:
- Email thread IDs, sender names, subject lines, message snippets, and timestamps — used to surface brand partnership emails in the Deals tab
- Full message body — fetched only when you explicitly open a message in the app; not stored persistently
- Your Gmail address — used to identify your account
Purpose: identify and surface brand partnership and sponsorship emails in your Deals pipeline; enable you to read those emails and draft and send replies from within the app.
Storage: message IDs and snippets are stored to display your inbox in the app. Full message bodies are fetched on demand and not stored. Reply drafts are created in your Gmail Drafts folder (POST), sent only when you explicitly tap Send, and then deleted from your Drafts folder (DELETE). Mail.ReadWrite access is required for these draft creation and deletion operations — Mail.Read alone is insufficient.
We never send any email without your explicit action. We do not read personal emails beyond what you choose to open. Google user data is not sold, not shared with any third party except Supabase (message metadata storage) and OpenAI (generating suggested reply text, only when you request it), and is never used to train AI models.
You can disconnect Gmail at any time in Settings → Connected Accounts, which immediately revokes our access token.
Microsoft (Outlook)
Permissions requested: User.Read, Mail.ReadWrite, Mail.Send, offline_access
Data accessed:
- Your Microsoft account display name and email address
- Email threads from your Outlook inbox: sender name, subject, message snippet, and timestamp — used to surface brand partnership emails
- Full message body — fetched only when you explicitly open a message; not stored persistently
Purpose: identical to Gmail integration above — surface brand partnership emails in your Deals pipeline and enable you to draft and send replies from within the app.
Storage: message IDs and snippets stored in Supabase. Full bodies fetched on demand, not stored. Reply drafts created in your Outlook Drafts folder and deleted after sending. Mail.ReadWrite is required because the app creates a draft (POST to /messages), may attach files (POST to /attachments), sends it (POST to /sendMail), and deletes the draft on cancel (DELETE to /messages/{id}). Mail.Read alone does not permit these write operations.
We never send email without your explicit action. Microsoft user data is not sold and is shared only with Supabase (storage) and OpenAI (draft generation, at your request). It is never used to train AI models.
You can disconnect Outlook at any time in Settings → Connected Accounts.
5. Data Retention
We retain your data for as long as your account is active. Social post data and AI-generated insights are refreshed on each sync but historical data is retained to support trend analysis within the app.
OAuth tokens are stored securely and refreshed automatically. Revoking app access from your Instagram, TikTok, or Google account settings will prevent future syncing but will not automatically delete stored data from our systems — to request full deletion, see Section 6.
6. Data Security
All data is stored in Supabase with row-level security policies enforced at the database level — your data is only accessible to your own authenticated session. OAuth tokens are stored encrypted. All communications between the app and our servers use HTTPS.
7. Your Rights & Data Deletion
You have the right to access, correct, export, or delete your personal data at any time.
To request deletion of your account and all associated data, visit our Data Deletion page or email us at privacy@thecontentfarm.co.
We will process deletion requests within 30 days.
You can also disconnect your Instagram, TikTok, or Gmail accounts from within the app at any time in Settings.
8. Children's Privacy
The Content Farm is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests, contact us at: