Privacy Policy

The Content Farm ("we", "our", or "us") operates the The Content Farm iOS application. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using the app you agree to the practices described in this policy.

1. Information We Collect

Account Information

• Name and email address (via Apple Sign-In or Google Sign-In)
• Profile photo (optional, uploaded by you)
• Display name and contact email for your public media kit (optional)

Connected Social Accounts

When you connect your Instagram or TikTok accounts we collect and store:

• OAuth access tokens and refresh tokens
• Username, follower count, and profile information
• Post performance data: views, likes, comments, shares, saves, reach, and engagement rates
• Post captions, thumbnails, and permalinks
• Audience demographics (age, gender, location) — Instagram only, requires separate permission approval

Gmail Integration

If you connect your Gmail account we access your inbox with read-only scope to identify brand partnership emails. We store:

• Email thread IDs, message snippets, sender names, and timestamps
• Full message body only when you explicitly open a message in the app

We never store your Gmail password and never send emails without your explicit action.

Content You Save

• Posts you save for analysis: thumbnails, captions, transcripts, and AI-generated insights
• Collections you create and the posts they contain

Business Data

• Brand deal information you enter: brand name, deal value, status, deliverables, notes
• Deliverable attachments you upload for client review
• Client email addresses you enter for review workflows
• Media kit content: headline, about section, rate packages, past collaboration details

Usage and Technical Data

• App preferences and settings (manager choice, meeting schedule, timezone)
• Goal targets (follower and revenue goals)

2. How We Use Your Information

• To provide AI-powered content analysis and manager insights
• To display your social media performance statistics on the Home screen
• To generate your public media kit page
• To power the brand deal pipeline and client review workflow
• To generate weekly content check-ins (Pulse) comparing your top and bottom performing posts
• To prepare personalised meeting briefings based on your content and business data
• To send review and feedback emails on your behalf via the Send for Review feature

We do not sell your personal data. We do not use your data to train AI models beyond generating insights displayed to you within the app.

3. Third-Party Services

We use the following third-party services to operate the app:

• Supabase — database, authentication, and file storage (servers in AWS us-east-1)
• OpenAI — AI analysis of your posts and generation of manager insights and meeting briefings. Post content (captions, thumbnails, transcripts) is sent to OpenAI's API for this purpose.
• ElevenLabs — text-to-speech for manager voice notes in Pulse check-ins and meetings
• Resend — transactional email delivery for the Send for Review feature
• Apify — video frame extraction from your connected social account posts for Pulse analysis
• Cloudflare — hosting for your public media kit page and the client review portal
• Meta (Instagram Graph API) — social account connection and data sync
• TikTok API — social account connection and data sync
• Google (Gmail API) — email thread access for brand partnership management

Each of these services operates under their own privacy policies and data processing agreements.

4. Data Retention

We retain your data for as long as your account is active. Social post data and AI-generated insights are refreshed on each sync but historical data is retained to support trend analysis within the app.

OAuth tokens are stored securely and refreshed automatically. Revoking app access from your Instagram, TikTok, or Google account settings will prevent future syncing but will not automatically delete stored data from our systems — to request full deletion, see Section 6.

5. Data Security

All data is stored in Supabase with row-level security policies enforced at the database level — your data is only accessible to your own authenticated session. OAuth tokens are stored encrypted. All communications between the app and our servers use HTTPS.

6. Your Rights & Data Deletion

You have the right to access, correct, export, or delete your personal data at any time.

To request deletion of your account and all associated data, visit our Data Deletion page or email us at privacy@thecontentfarm.co.

We will process deletion requests within 30 days.

You can also disconnect your Instagram, TikTok, or Gmail accounts from within the app at any time in Settings.

7. Children's Privacy

The Content Farm is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact

For any privacy-related questions or requests, contact us at:

privacy@thecontentfarm.co