Privacy Policy

Last updated: January 20, 2026

1. Introduction

This Privacy Policy explains how pollin8 ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our Instagram engagement platform (the "Service").

We are committed to protecting your privacy and being transparent about our data practices. By using the Service, you agree to the collection and use of information in accordance with this policy.

Contact: For privacy-related inquiries, contact us at privacy@pollin8.me

2. Information We Collect

Account Information

  • Name and email address
  • Organization name (for team accounts)
  • Password (stored securely hashed)
  • Profile information from authentication providers

Payment Information

  • Billing name and address
  • Payment method details (processed by Stripe; we do not store full card numbers)
  • Transaction history

Connected Social Accounts

  • Instagram account username and ID
  • OAuth access tokens (encrypted at rest)
  • Basic account information from Instagram API

Service Data

  • Hashtag configurations and pools
  • AI settings (target descriptions, comment style preferences)
  • Scan reports and analyzed posts
  • Notification preferences

Usage Information

  • Features used and actions taken
  • Scans performed
  • Login timestamps and IP addresses
  • Browser type and device information

3. How We Use Information

We use your information to:

  • Provide the Service: Process scans, generate AI suggestions, deliver notifications
  • Process Payments: Bill for subscriptions, manage invoices, handle refunds
  • Communicate: Send service updates, respond to support requests, deliver notifications you've configured
  • Improve the Service: Analyze usage patterns, identify bugs, develop new features
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with Law: Meet legal obligations, respond to lawful requests

4. Third-Party Services

We use the following third-party services that may receive your information:

Instagram/Meta

We access Instagram's Graph API to retrieve public post data and manage connected accounts. This access is governed by Meta's Platform Terms and Data Policy.

Stripe

We use Stripe for payment processing. Stripe collects and processes payment information according to their Privacy Policy. We do not store full credit card numbers.

Clerk

We use Clerk for user authentication. Clerk handles login credentials and session management according to their Privacy Policy.

AI Services

We use third-party AI services to analyze posts and generate comment suggestions. Post content is sent to our AI providers for analysis but is not used to train their models.

Resend

We use Resend for email delivery. Email addresses and notification content are processed according to their Privacy Policy.

Slack

If you configure Slack notifications, we send notification data to Slack via webhooks you configure.

5. Data Sharing

We may share your information with:

  • Service Providers: Third-party vendors who help us operate the Service (as described above)
  • Team Members: Other members of your organization who have been granted access to shared accounts
  • Legal Requirements: When required by law, court order, or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We never sell your personal information to third parties.

6. Data Security

We implement security measures to protect your information:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • OAuth tokens stored with application-level encryption
  • Passwords hashed using industry-standard algorithms
  • Role-based access controls for team members
  • Regular security reviews and updates
  • Secure infrastructure hosted on reputable cloud providers

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Retention

  • Account Data: Retained while your account is active
  • Scan Reports: Retained based on your plan (7 days to 90+ days)
  • Usage Logs: Retained for up to 12 months for analytics and security
  • Payment Records: Retained as required for tax and legal compliance

When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at privacy@pollin8.me. We will respond within 30 days.

Marketing Opt-Out: You can unsubscribe from marketing emails using the link in any email, or by updating your notification preferences in your account settings.

9. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings (like dark mode)
  • Analytics: Understand how the Service is used (optional)

Most browsers allow you to control cookies through settings. Blocking essential cookies may prevent you from using the Service.

10. International Transfers

pollin8 is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

We take appropriate safeguards to ensure your information remains protected, including using standard contractual clauses where required.

11. Children's Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@pollin8.me.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR:

  • Right to access, rectify, or erase your personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Our legal bases for processing include: performance of our contract with you, legitimate business interests, compliance with legal obligations, and your consent where applicable.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect.

The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For questions or concerns about this Privacy Policy or our data practices:

Email: privacy@pollin8.me

We will respond to privacy inquiries within 30 days.