Privacy Policy

1. Who we are

Reachly ("we", "us", "our") operates the Reachly platform at amplifyr.dev. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our service.

2. Information we collect

Account information: email address, display name, and the role you select (creator or brand).

Social media data (with your consent): When you connect Instagram, Facebook, or YouTube via OAuth, we collect:

• Public profile information (handle, display name, profile picture, follower count)
• Your published posts, reels, and videos (captions, media URLs, timestamps)
• Aggregate insights and metrics (views, likes, comments, reach, engagement)
• OAuth access and refresh tokens, which we store encrypted

Usage data: Log data, device information, and cookies necessary for authentication and security.

3. How we use your information

• Provide the core service: detect brand collaborations from your posts and present analytics to you and to brands you choose to share with
• Authenticate you and keep your account secure
• Maintain and improve the platform
• Communicate with you about your account and service updates
• Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising.

4. Meta Platform data

Our use of information received from Meta (Facebook and Instagram) APIs adheres to the Meta Platform Terms and Developer Policies, including the Limited Use requirements. We only request the minimum scopes needed to deliver the features you use, and we do not transfer Meta data to data brokers, ad networks, or other third parties for advertising or marketing.

5. Data sharing

We share data only in these limited cases:

• With brands you opt to be discoverable to: public profile fields and aggregate post performance only — never your tokens or private contact data.
• Service providers: our hosting and database provider (Lovable Cloud / Supabase) processes data on our behalf under strict confidentiality.
• Legal compliance: when required by law or to protect rights and safety.

6. Data retention

We retain your data for as long as your account is active. When you disconnect a social account, we delete the OAuth tokens immediately and remove synced posts within 30 days. When you delete your account, we permanently delete all associated personal data within 30 days, except where retention is required by law.

7. Security

We protect your data with industry-standard measures: encryption in transit (TLS), encryption at rest for sensitive fields (OAuth tokens), row-level security on the database, and access controls on all admin functions. No system is perfectly secure, but we work hard to keep yours safe.

8. Your rights

You may at any time: access the data we hold about you, correct it, export it, disconnect any social account, or delete your account entirely. See our Data Deletion page for instructions.

9. Children

Reachly is not intended for users under 13. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notice.

11. Contact us

Questions about privacy? Email privacy@amplifyr.dev.