Data Handling
Transparency about how we handle your data. Below are common questions about our data practices, organized by topic.
Authentication & OAuth
How do you access my social media accounts?
We use OAuth 2.0, the industry-standard authorization protocol. You sign in directly with each platform (Facebook, Instagram, X, YouTube, TikTok) — we never see or store your social media passwords.
What permissions do you request?
We request the minimum permissions needed to read your analytics data. For Facebook/Instagram, we request page listing and engagement reading permissions. For X, we request read-only tweet and user access. For YouTube, read-only channel and analytics access. For TikTok, basic profile and video insights.
Can I revoke access?
Yes. You can disconnect any social account from your Settings page at any time. You can also revoke access directly from the social media platform's settings. Once disconnected, we immediately stop collecting new data for that account.
Data Collection & Storage
What data do you collect from my social accounts?
We collect analytics data only: follower counts, post engagement metrics (likes, comments, shares, views), audience demographics, and account performance trends. We do not access your private messages, personal feeds, or friend lists.
How often do you sync data?
Connected accounts are synced periodically (approximately every 6 hours) to keep your dashboards up to date. You can also trigger a manual sync at any time from your settings.
Where is my data stored?
All data is stored on Supabase infrastructure with encryption at rest. Our application is hosted on Vercel with servers in Singapore, Hong Kong, and US-East regions.
Do you store my social media posts?
We store post metadata (text content, timestamps, media URLs, and engagement metrics) to power your analytics dashboards. We do not download or host your media files — we reference them from the original platform.
Security
How are my OAuth tokens protected?
Access tokens are encrypted at rest in our database. We use long-lived tokens where available (e.g., 60-day tokens for Meta) and automatically refresh them before expiry to maintain uninterrupted service.
Is my data encrypted?
Yes. All data in transit is encrypted via TLS/HTTPS. Data at rest is encrypted using Supabase's built-in encryption. Sensitive credentials like OAuth tokens receive additional encryption.
How do you control access within my organization?
We use role-based access control (RBAC). Organization owners can assign roles — owner, admin, editor, or viewer — each with different permission levels. Database-level row security ensures users can only access their organization's data.
Third-Party Data Sharing
Do you sell my data?
No. We never sell your personal data or social media analytics to third parties.
Who has access to my data?
Only members of your organization (based on their assigned role) can view your analytics. Our infrastructure providers (Supabase, Vercel) process data as part of hosting, and OpenAI processes anonymized data to generate AI insights.
How is AI used with my data?
We use OpenAI to analyze your aggregated analytics data and generate insights, recommendations, and trend summaries. Data sent to AI models is limited to the analytics context needed — no raw credentials or personal account details are shared.
Data Retention & Sync
How long do you keep my data?
We retain analytics data for as long as your account is active to provide historical trend analysis. Daily metrics are stored indefinitely to power long-term reporting. Disconnecting an account stops new data collection but preserves historical data for your reference.
What happens when I disconnect an account?
We immediately stop syncing new data for that account. Existing historical analytics remain available in your dashboards. OAuth tokens for that account are deleted.
Data Deletion
Can I delete my data?
Yes. You can disconnect individual social accounts, which removes their tokens and stops data collection. You can also request full account deletion, which removes all your personal data, organization data, and analytics within 30 days.
What about competitor data?
Competitor benchmarking uses only publicly available data from social media platform APIs. No private or authenticated data from competitor accounts is ever accessed.
How do I request data export or deletion?
Contact us at privacy@amplifai.com to request a full data export or account deletion. You can also delete your account directly from your account settings.
Still have questions?
Review our Privacy Policy and Terms of Service for full details, or contact us at privacy@amplifai.com.