Privacy Policy
Your privacy is fundamental to us. Here we explain how we collect and use your data.
Last updated: April 1, 2025
1. Data Collected
We collect information you provide directly (name, email, brand data), platform usage data (logs, interactions, generated content), and Meta/Instagram data when you connect your Business account. Meta data collected includes: Instagram user ID, access token, username (@handle), profile picture, and metrics of posts published through the platform. This data constitutes 'Platform Data' as defined by Meta's Platform Terms.
2. How We Use Your Data
We use your data to: (a) provide and improve the service; (b) personalize AI content recommendations based on your brand identity; (c) publish content to Instagram exclusively on your behalf and under your instruction; (d) display performance metrics of your publications directly to you on the platform; (e) send service communications; (f) comply with legal obligations. Platform Data received from Meta is used solely for the purposes described in this policy and never for advertising, behavioral profiling, or third-party benefit.
3. Data Sharing
We do not sell your personal data. Meta Platform Data (access tokens, IDs, handles, metrics) is never shared with third parties under any circumstances. The only sub-processors with access to infrastructure data are: Supabase (hosted database, operating solely as infrastructure), Vercel (application hosting, no access to user data), and Google (OAuth authentication). None of these providers have identifiable access to Meta Platform Data. We may share data when required by law or with your explicit consent.
4. Data Security
We implement the following security measures: mandatory HTTPS/TLS encryption for all connections; AES-256 encryption at rest in the Supabase database; Instagram access tokens stored encrypted and never exposed in system logs; data access restricted by user authentication — each user can only access their own data; no employee or system can access another user's Instagram access tokens.
5. Data Retention and Deletion
We retain your data for as long as necessary to provide the service. Meta Platform Data (access tokens, Instagram account ID) is deleted immediately when you disconnect your Instagram account or request account deletion. After account closure, all personal data is deleted within 30 days, unless retention is required by law. To request data deletion at any time, contact: privacy@izytake.com.
6. Your Rights
You have the right to: access your data, correct inaccurate information, request deletion, data portability, information about sharing, and revoke consents at any time. To exercise these rights, visit platform Settings or contact us at: privacy@izytake.com.
7. Cookies
We use essential cookies for platform operation (authentication, session preferences) and analytics cookies to understand how the service is used. We do not use third-party tracking cookies. You can manage cookies in your browser settings.
8. International Data Transfers
Your data may be processed on servers located in the United States, through the Supabase and Vercel sub-processors. We ensure such transfers occur with adequate protections in compliance with applicable data protection laws and Standard Contractual Clauses where applicable.
9. Minors
Izytake is intended exclusively for users 18 years of age or older with professional Instagram accounts. We do not intentionally collect data from minors. If we identify data from minors, we will immediately delete it and close the account.
10. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our service or applicable law. We will notify active users of significant changes by email at least 15 days in advance. The most recent version is always available on this page with the date of the last update.
11. Meta Platform Data — Specific Provisions
In compliance with Meta's Platform Terms and Instagram App Review requirements, we expressly declare: (a) Purpose: Platform Data (access tokens, account IDs, handles, metrics) is used solely to authenticate users and publish content to Instagram on their behalf; (b) No sharing: no Platform Data is transferred to third parties, advertisers, or used for behavioral profiling; (c) Immediate deletion: upon disconnecting Instagram or deleting the account, all Platform Data is immediately removed from our systems; (d) Security: tokens are not logged and access is restricted by authentication; (e) No cross-use: Platform Data from one user is never used to benefit another user or third party. For specific questions about Meta data use, contact: privacy@izytake.com