How Impret handles customer and visitor data

This Privacy Policy explains how Impret AI collects, uses, stores, and shares information when you visit impret.com, use app.impret.com, create an account, connect external services, upload knowledge sources, generate content, or otherwise use our software.

Impret AI operates the Impret brand, an AI-powered marketing platform that helps teams manage brands, generate content, store brand context, schedule social posts, monitor growth opportunities, and review content performance. This policy is intended to describe our current product behavior based on the software and integrations we operate today.

We collect account and profile information such as your name, email address, authentication details, and basic account metadata when you sign up or log in. We also collect information you provide about your brands, including brand name, marketing strategy, product summary, tone, target audience, competitors, and related business context.

If you upload files, ingest website content, or store brand knowledge in the product, we collect and store that material so the platform can use it to generate content and support brand-specific workflows. We also store generated drafts, published or scheduled content metadata, SEO outputs, monitoring settings, and related usage history inside the product.

If the product is not yet publicly available and you join our waiting list, we collect the email address you provide so we can notify you when access opens.

Impret AI uses Supabase-backed authentication and cookie-based sessions. Our backend uses HTTP-only session cookies to maintain authenticated access and refresh sessions. These cookies are designed to support secure sign-in, session continuity, and logout behavior.

The product also stores limited client-side account details in local storage to support signed-in application behavior. We do not rely on local storage as the primary session security mechanism, and authenticated API access is still controlled by server-side session handling.

We use the information we collect to operate the product, authenticate users, create and manage brands, process knowledge sources, generate content, store drafts and history, run SEO analysis, support scheduling and publishing workflows, and provide analytics and product improvements.

If you connect social accounts, we use the related account identifiers, profile metadata, and provider tokens or connection artifacts only to support the actions you request, such as connecting accounts, scheduling posts, publishing content, retrieving post outcomes, and showing analytics or publishing status in the product.

If you join the waiting list, we use your email address to send product availability and launch updates related to access to the platform.

We use third-party infrastructure and service providers to operate the platform. Based on the current product architecture, these providers include Supabase for authentication, database, and storage; OpenAI and Groq for AI generation and analysis; Tavily for web search and content retrieval workflows; Resend for transactional email; PostHog for analytics; and social publishing providers such as Late.dev and PostForMe for connected social account workflows.

These providers may process data on our behalf to deliver their respective functions. We only intend to share the minimum information needed for the requested workflow, such as content prompts for generation, connection details for social publishing, or event data for product analytics.

We use PostHog on our marketing site and certain product surfaces to understand page views, navigation behavior, and product interactions such as CTA clicks. This helps us improve the website, understand demand, and evaluate which product flows are being used.

Analytics data may include page URLs, browser interactions, and event metadata associated with site usage. We do not describe this as anonymous in all cases, because some telemetry may become associated with an account or session depending on how the product is used.

If you connect social platforms through Impret, we may store platform profile metadata, connected account identifiers, provider-specific profile references, and post status information needed to manage scheduled and published content. We may also retrieve analytics, publishing results, and error details from connected providers to show outcomes in the product.

You are responsible for ensuring that the content you publish through connected social accounts complies with the rules of those platforms and any applicable law. Our role is to provide the software workflow and connected publishing infrastructure you choose to use.

We retain account data, brand data, uploaded knowledge sources, generated content, and related operational records for as long as reasonably necessary to operate the service, maintain account history, troubleshoot issues, enforce our agreements, and meet legal or security obligations.

If you delete content or disconnect social accounts inside the product, we will attempt to reflect that change in our systems and, where applicable, in connected provider workflows. Some information may remain in backups, logs, or provider systems for a limited period after deletion.

We take a security-first approach that includes authenticated access controls, user-scoped data access, encrypted connections, and isolated customer data handling. Our separate Security page provides a higher-level overview of how we approach application security and infrastructure design.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a material security issue affecting your data, we will respond according to our internal processes and legal obligations.

You can typically access, update, or delete some of your information directly through the product, including brand records, knowledge sources, drafts, scheduled content, and connected accounts. You may also contact us if you need help with account access, correction, deletion, or a privacy-related question.

Depending on where you are located, you may have additional rights under applicable privacy law. We will review and respond to reasonable requests in line with the laws that apply to us and the context of your request.

We may update this Privacy Policy from time to time as the product, our providers, or our legal obligations change. When we make material updates, we may revise the effective date on this page and take additional steps if required.

If you have questions about this Privacy Policy or how Impret AI handles data, contact us at support@impret.com.