Privacy Policy for Instarep.ly

Introduction

Instarep.ly ("we", "our", or "us") is an AI-powered keyboard application designed to help social media creators generate intelligent replies to comments. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

By using Instarep.ly, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

When you create an account with Instarep.ly, we collect:

• Email Address: Used for account authentication and communication
• User ID: A unique identifier assigned to your account
• Authentication Data: Password (encrypted) or third-party authentication tokens

1.2 Keyboard Usage Data

Our keyboard extension collects the following data:

• Comment Text: Only the text you paste into the keyboard for generating AI replies. This text is temporarily processed to generate responses and is not stored permanently on our servers.
• Style Preferences: Your selected reply style settings (e.g., tone, length preferences)
• Usage Statistics: Number of replies generated per month (used for rate limiting and usage tracking)

Important: We do NOT collect:

• Keystrokes typed outside of our keyboard
• Text from other applications
• Passwords or sensitive information entered in other apps
• Screen content or screenshots
• Background keyboard activity

1.3 Technical Information

We automatically collect certain technical information:

• Device Information: Device type, operating system version
• API Request Data: IP address, user agent, timestamps (stored in API logs)
• Authentication Tokens: Secure tokens for maintaining your login session

1.4 Information We Do NOT Collect

We do NOT collect:

• Your name (unless provided in email address)
• Phone number
• Location data
• Contact lists
• Camera or photo access
• Microphone or audio data
• Calendar or reminder data

2. How Keyboard Data Is Used

2.1 Primary Purpose

Keyboard data (comment text and style preferences) is used exclusively for:

1. Generating AI Replies: Your pasted comment text is sent to OpenAI's API (via our secure backend) to generate contextually appropriate replies
2. Applying Your Preferences: Style settings are used to customize the tone and format of generated replies
3. Rate Limiting: Usage statistics ensure fair usage under your plan's limits

2.2 Data Flow

When you generate a reply:

1. Comment text is stored temporarily in your device's local App Group container
2. Text and style preferences are sent to our backend server via HTTPS
3. Our backend forwards the request to OpenAI's API
4. The generated reply is returned to your device
5. Comment text is NOT permanently stored on our servers

2.3 Local Storage

Comment text and style preferences are stored locally on your device in a secure App Group shared container. This allows the keyboard extension and main app to share data without exposing it to other applications.

3. Third-Party Services

3.1 OpenAI

Purpose: AI-powered reply generation using GPT-4o-mini model

Data Shared:

• Comment text you paste for reply generation
• Your style preference settings
• No personally identifiable information

OpenAI's Data Practices:

• OpenAI processes your comment text to generate replies
• According to OpenAI's API Data Usage Policy, data sent via API is not used to train their models
• OpenAI does not store comment text beyond the processing period
• Review OpenAI's privacy policy at: https://openai.com/privacy

Our Safeguards: All requests are proxied through our backend server, so OpenAI never receives your email, user ID, or authentication tokens.

3.2 Google OAuth

Purpose: Secure authentication via "Sign in with Google"

Data Shared:

• User ID (Google account identifier)
• Email address
• OAuth access token (server-side validation only)

Google's Data Practices:

• Google authenticates your identity and provides a secure token
• We use OAuth 2.0 protocol for authentication
• No additional Google services or APIs are accessed
• Review Google's privacy policy at: https://policies.google.com/privacy

Your Control: You can revoke Instarep.ly's access to your Google account at any time through your Google Account settings.

3.3 Sign in with Apple

Purpose: Secure authentication via Apple ID

Data Shared:

• User ID (Apple account identifier)
• Email address (optional, can be hidden)

Apple's Data Practices:

• Apple authenticates your identity using industry-standard OAuth 2.0
• You can choose to hide your email address using Apple's private relay
• Review Apple's privacy policy at: https://www.apple.com/legal/privacy

3.4 Supabase (Database & Authentication)

Purpose: User account management, authentication, and data storage

Data Stored:

• User accounts (email, encrypted password, user ID)
• Authentication sessions
• Usage statistics (monthly request counts)

Security: Supabase uses PostgreSQL with industry-standard encryption and security practices.

3.5 Vercel (Backend Infrastructure)

Purpose: API hosting and request routing

Data Logged:

• API request logs (IP address, user agent, timestamps)
• Error logs for debugging and monitoring

Retention: API logs are retained indefinitely for performance monitoring and security purposes.

4. Data Retention Policies

4.1 Active Accounts

• Account Information: Retained as long as your account is active
• Usage Statistics: Retained indefinitely for billing and analytics purposes
• API Logs: Retained indefinitely on Vercel servers
• Comment Text: NOT permanently stored; only processed temporarily during reply generation

4.2 Account Deletion

When you delete your account:

1. Your email and authentication credentials are permanently removed from our database
2. Usage statistics associated with your account are anonymized
3. API logs containing your IP address may remain for technical and security purposes
4. Deletion is typically completed within 30 days

Note: Currently, account deletion must be requested by contacting support. We are working on implementing a self-service account deletion feature.

4.3 Inactive Accounts

Accounts inactive for more than 2 years may be automatically deleted after email notification.

4.4 Third-Party Data Retention

• OpenAI: Does not permanently store comment text sent via API
• Google/Apple: Retains OAuth authentication records according to their policies
• Supabase: Retains data according to our retention policies above
• Vercel: Retains API logs indefinitely

5. User Rights

5.1 Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data for direct marketing
• Right to Withdraw Consent: Withdraw consent for data processing at any time

5.2 Your Rights Under CCPA (California Users)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of personal information collected, used, or disclosed
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do NOT sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

5.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: cody@isolated.tech
• In-App: Submit a request through the app's settings

We will respond to your request within 30 days.

5.4 Account Controls

You can manage your account settings directly in the app:

• Change Email: Update your email address in account settings
• Change Password: Reset your password through the app
• Manage OAuth Connections: Disconnect Google or Apple authentication
• View Usage Statistics: See your monthly usage statistics
• Delete Account: Contact support to request account deletion

5.5 Keyboard Permissions

You have full control over keyboard permissions:

• Full Access Permission: Required for network requests to generate AI replies. You can revoke this permission at any time in iOS Settings > General > Keyboard > Keyboards
• No Background Monitoring: Our keyboard only processes text when you actively use it; it does not monitor your typing in the background

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers uses HTTPS/TLS encryption
• Authentication: Secure JWT (JSON Web Token) authentication for API requests
• Password Security: Passwords are encrypted using bcrypt hashing
• API Security: API keys and secrets are stored securely and never exposed in client code
• Rate Limiting: Dual-layer rate limiting (10 requests/minute, 30-50 requests/month) to prevent abuse
• Access Controls: Strict access controls on our database and backend infrastructure

7. Children's Privacy

Instarep.ly is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using Instarep.ly, you consent to the transfer of your information to our servers and third-party service providers.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a notification in the app

Your continued use of Instarep.ly after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: cody@isolated.tech
• Website: https://isolated.tech
• Address: 76-6182 Lehua Rd, Kailua-Kona, HI 96740

11. Compliance & Legal

11.1 App Store Requirements

This app complies with Apple App Store privacy requirements, including:

• Transparent disclosure of data collection practices
• User consent for keyboard "Full Access" permission
• No collection of data beyond what is disclosed
• Privacy Nutrition Label information is accurate and up-to-date

11.2 Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our services
• Consent: You consent to data processing when creating an account
• Legitimate Interests: Fraud prevention, security, and service improvement

11.3 Your Consent

By using Instarep.ly, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.