Privacy Policy

11.1 Data we collect from Meta

• Ad accounts and campaigns (Marketing API): account ID, name, currency, campaign structure, ad sets, ads, creative content, spend, impressions, clicks, reach, conversions, demographic breakdowns (age, gender, country, city), and Pixel events.
• Facebook Pages: page list you administer, page name, category, public posts, post engagement metrics (likes, reactions, comments count), comment text and author display name, page insights (reach, page views, follower count).
• Instagram Business accounts (linked to a Facebook Page): account profile, media items (caption, type, timestamp, like count, comments count), audience insights (reach, impressions, audience city, audience gender/age — only for accounts with 100+ followers).
• Custom Audiences: audience name, size, subtype, delivery status (no individual user data).
• Business Manager structure: ad account ownership, page ownership, partner relationships.

11.2 How we use Meta data

1. AI Persona Generation: We aggregate engagement patterns, demographic distributions, and audience signals to construct AI buyer personas that represent the brand's actual audience. This is the core function of RIFC.AI.
2. Voice of Audience reports: Comments from Facebook Pages are aggregated and analyzed for sentiment, themes, and stakeholder voices to produce monthly PDF reports.
3. Marketing Department analytics: Campaign performance data feeds into the Marketing Department dashboard, where AI agents recommend optimizations.
4. Cross-channel calibration: Meta data is correlated with data from other connected sources (Google Analytics, CRM) to detect inconsistencies and improve persona accuracy.

11.3 How we store Meta data

• Tokens: All OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM with a per-environment key stored in secure environment variables. Tokens are NEVER stored in plaintext.
• Aggregated data: Insights, demographics, and metrics are stored in our PostgreSQL database (Supabase, EU/Frankfurt region) with row-level security policies that strictly isolate each brand's data per user.
• Comments: Individual comment text is stored only when the user explicitly enables sentiment analysis for a brand's Pages, and only for the period required to compute aggregate reports.
• Retention: Aggregated data is retained while the integration is active. When you disconnect Meta or delete a brand, all Meta-derived data is purged within 30 days.

11.4 Your rights — how to revoke and delete

You can revoke RIFC.AI's access to your Meta data at any time via:

1. In-app: navigate to Centru de Comanda → Brand → Integrari, then click "Disconnect" on the Meta card. This deletes all stored Meta tokens within seconds.
2. Meta settings: go to facebook.com/settings → "Apps and Websites" → find "RIFC.AI" → click "Remove". This triggers our Deauthorize Callback (https://app.rifc.ai/api/integrations/meta/deauthorize), which deletes your tokens automatically.
3. Data deletion request: submit via Meta's deletion flow. Our Data Deletion Request URL (https://app.rifc.ai/api/integrations/meta/data-deletion) returns a confirmation code you can use to track deletion.

We comply with GDPR Article 17 (Right to Erasure) and Meta Platform Terms. Audit logs of deletion events are retained for 7 years for legal compliance, but the underlying Meta data is permanently removed.

11.5 Third-party sharing

We do NOT sell or share your Meta data with third parties for advertising or marketing. Aggregated, fully anonymized statistics may be used for industry benchmarks in the RIFC Market Index module — but only with your explicit opt-in via the "Federated Marketing Intelligence" toggle in brand settings, and only after anonymization to k-anonymity ≥ 5.

11.6 Sub-processors

• Supabase Inc. — database hosting, EU region
• Vercel Inc. — application hosting, EU edge
• Anthropic PBC — LLM analysis on aggregated insights (text-only, no PII; data is not used for model training per Anthropic Enterprise Agreement)

11.7 Meta-specific contact

For Meta-specific data questions, contact us at contact@rifc.ai with "Meta" in the subject line for faster routing.

12.1 Scopes requested and data collected

• user.info.basic — Basic profile information: display name, avatar image URL, unique open user ID (open_id). Used to identify the connected account and display it in the integrations dashboard.
• user.info.stats — Account statistics: follower count, following count, total likes received on all videos, total public video count. Used to calibrate the RIFC scoring model for TikTok-specific content and to generate Social Media Persona profiles with accurate audience scale.
• video.list — Your public video list: video IDs, titles, descriptions, creation timestamps, duration, cover image URLs, view counts, like counts, comment counts, share counts, and embed links. Used to analyze content performance patterns — which formats, posting times, and topics drive the most engagement — to construct AI audience segments.

12.2 How we use TikTok data

1. Social Media Persona Generation (core feature): We aggregate follower statistics, video engagement metrics (views, likes, shares, comments), and posting patterns to construct AI buyer personas representing your TikTok audience segments. Each persona profile includes inferred demographics, content preferences, optimal posting times, and psychographic traits — derived entirely from aggregated behavioral signals, not from individual viewer data.
2. Content performance analysis: Video metrics are analyzed to identify which content formats (Reel-style, tutorial, testimonial, trending audio, etc.) and topic clusters generate the highest engagement rates within your specific audience.
3. RIFC score calibration for TikTok: Follower count and engagement rates are used to adjust the RIFC scoring model's platform-specific multipliers, ensuring content scores reflect TikTok algorithmic preferences.
4. Audience intelligence enrichment: When TikTok data is combined with other connected sources (Meta, Google Analytics), it improves the accuracy of cross-platform audience models and reduces AI estimation uncertainty.

12.3 How we store TikTok data

• Tokens: All TikTok OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM with a per-environment encryption key stored in secure environment variables. Tokens are NEVER stored in plaintext.
• Aggregated metrics: Follower counts, engagement rates, and video performance summaries are stored in our PostgreSQL database (Supabase, EU/Frankfurt region) with row-level security that isolates each brand's data per user account.
• No individual viewer data: We only access and store creator-side metrics for the connected brand account. We do NOT collect any data about your individual followers or video viewers.
• Video metadata: Video titles, descriptions, and performance metrics are stored only while the integration is active, for the sole purpose of persona generation and content analysis.
• Retention: All TikTok-derived data is retained while the integration is active. When you disconnect TikTok or delete the brand, all associated data is purged within 30 days.

12.4 Your rights — how to revoke and delete

You can revoke RIFC.AI's access to your TikTok data at any time via:

1. In-app: navigate to Centru de Comanda → Brand → Integrari, then click "Disconnect" on the TikTok card. This immediately revokes the stored access token and removes all TikTok data from your brand profile.
2. TikTok settings: go to tiktok.com/setting → "Security and login" → "Manage app permissions" → find RIFC.AI → click "Revoke access". This revokes the OAuth authorization; our server detects the revoked token and deletes all associated data.
3. Data deletion request: email contact@rifc.ai with the subject "TikTok Data Deletion — [your account display name]". We will confirm deletion within 72 hours and provide a confirmation ID.

We comply with TikTok Platform Terms and GDPR Article 17 (Right to Erasure). Audit logs of deletion events are retained for 7 years for legal compliance, but all TikTok-derived data is permanently removed.

12.5 Third-party sharing

We do NOT sell, rent, or share your TikTok data with third parties for advertising, marketing, or any other commercial purpose. Aggregated, fully anonymized statistics may be used to compute industry benchmarks in the RIFC Market Index module — but only with your explicit opt-in via the "Federated Marketing Intelligence" toggle in brand settings, and only after data is anonymized to k-anonymity ≥ 5 (no individual account can be identified).

12.6 Sub-processors

TikTok data flows only through these sub-processors:

• Supabase Inc. — database hosting, EU region (Frankfurt)
• Vercel Inc. — application hosting, EU edge network
• Anthropic PBC — LLM analysis on aggregated insights (text and metrics only, no PII; data is not used for model training per Anthropic Enterprise Agreement)

12.7 TikTok-specific contact

For TikTok-specific data questions, contact us at contact@rifc.ai with "TikTok" in the subject line for faster routing.

13.1 Scopes requested and data collected

• analytics.readonly (Google Analytics / GA4) — Session counts, pageview events, bounce rates, average session duration, traffic sources, top pages, conversion events, geographic distribution, device categories, and audience segments. Used to build Website Personas and map real user behavior to AI audience profiles.
• youtube.readonly (YouTube)— Channel metadata (name, subscriber count, total views), video list (titles, descriptions, publish date, duration), per-video performance metrics (views, likes, comments, shares, average watch time), and audience demographics (age/gender breakdown for channels meeting YouTube's threshold). Used to calibrate Social Media Personas for video content strategy.
• adwords (Google Ads) — Ad account structure, campaign names and objectives, ad set targeting parameters, ad creative metadata, spend, impressions, clicks, CTR, CPC, ROAS, conversions, and demographic breakdowns (age, gender, country, device). Used to enrich AI buyer personas with real paid audience signals. Read-only — we never create, modify, pause, or delete campaigns.
• webmasters.readonly (Google Search Console) — Search queries (keywords), impressions, clicks, average position, CTR per query, and URL performance data for verified properties. Used to construct intent-based persona profiles enriched with organic search behavior.

13.2 How we use Google data

1. AI Persona Generation (core feature): GA4 behavioral data, YouTube engagement metrics, Google Ads demographic signals, and Search Console intent data are aggregated to build multi-dimensional AI buyer personas. These represent the brand's real audience, not synthetic estimates.
2. RIFC score calibration: Google data feeds the R (Relevance) and I (Interest) components of the RIFC formula (R + I × F = C), improving the accuracy of content performance predictions before publishing.
3. Website Persona module: GA4 funnel data, session paths, and conversion events are used to identify drop-off points and high-intent audience segments.
4. Content strategy recommendations: YouTube video performance and Search Console query data inform topic cluster recommendations and content format decisions in the Laborator module.
5. Cross-channel calibration: Google data is correlated with Meta and CRM data to detect audience inconsistencies and improve persona accuracy across channels.

13.3 How we store Google data

• Tokens: All Google OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM with a per-environment encryption key stored in secure environment variables. Tokens are NEVER stored in plaintext. Refresh tokens are rotated automatically per Google's token rotation policy.
• Aggregated metrics: Analytics metrics, ad performance summaries, and YouTube statistics are stored in our PostgreSQL database (Supabase, EU/Frankfurt region) with row-level security that strictly isolates each brand's data.
• No raw event-level data: We access only aggregated reports via Google APIs. We do NOT store individual user sessions, individual search queries, or individual ad click events.
• Retention: All Google-derived data is retained while the integration is active. When you disconnect Google or delete the brand, all associated data is purged within 30 days.

13.4 Your rights — how to revoke and delete

You can revoke RIFC.AI's access to your Google data at any time via:

1. In-app: navigate to Centru de Comandă → Brand → Integrări, then click "Disconnect" on the Google card. This immediately revokes all stored Google tokens and removes associated data from your brand profile.
2. Google Account settings: go to myaccount.google.com/permissions → find "RIFC Persona Engine" → click "Remove access". Our server detects the revoked token and deletes all associated data automatically.
3. Data deletion request: email contact@rifc.ai with subject "Google Data Deletion — [your account email]". We will confirm deletion within 72 hours.

We comply with Google API Services User Data Policy, GDPR Article 17 (Right to Erasure), and Google's Limited Use requirements. Data obtained via Google APIs is used only for the purposes described above and is not used to develop, improve, or train generalized AI/ML models.

13.5 Google Limited Use disclosure

RIFC.AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google data to provide and improve the RIFC platform features described in this policy.
• We do not transfer Google user data to third parties except as necessary to provide our service (sub-processors listed in Section 13.7).
• We do not use Google data for serving advertisements.
• We do not allow humans to read Google user data unless you have given explicit permission, it is necessary for security purposes, or we are required by law.

13.6 Third-party sharing

We do NOT sell, rent, or share your Google data with third parties for advertising or any commercial purpose. Aggregated, fully anonymized statistics may contribute to industry benchmarks in the RIFC Market Index module — only with your explicit opt-in and only after k-anonymity ≥ 5 anonymization.

13.7 Sub-processors

Google data flows only through these sub-processors:

• Supabase Inc. — database hosting, EU region (Frankfurt)
• Vercel Inc. — application hosting, EU edge network
• Anthropic PBC — LLM analysis on aggregated insights (text and metrics only, no PII; data is not used for model training per Anthropic Enterprise Agreement)

13.8 Google-specific contact

For Google-specific data questions, contact us at contact@rifc.ai with "Google" in the subject line for faster routing.

14.1 Scopes requested and data collected

• openid profile email (Sign In with LinkedIn) — Basic profile information: name, profile picture URL, email address, unique member identifier. Used to identify the connected account and display it in the integrations dashboard.
• w_member_social (Share on LinkedIn) — Permission to publish posts on your personal profile, only when you explicitly trigger a post action from inside RIFC.AI. We never auto-post.
• r_organization_social (Marketing Developer Platform) — Read access to posts and engagement on Company Pages you administer: post text, media references, reactions count, comments count, shares count, impressions, click-through rate, video views.
• rw_organization_admin — Read and write access to Company Pages you administer: page metadata (name, description, industry, size, location, follower count), and the ability to publish posts on the Page (only when you explicitly trigger a post action).
• r_organization_followers — Aggregated follower demographics for Pages you administer: follower count over time, industry distribution, function distribution, seniority distribution, location distribution. No individual follower data.
• r_ads + r_ads_reporting — Read access to LinkedIn Ad accounts you have permission on: campaign structure, ad set targeting parameters, ad creative metadata, daily spend, impressions, clicks, CTR, conversions, demographic breakdowns. Read-only — we never modify, pause, or delete campaigns without your explicit consent.
• rw_ads — Read and write access to Ad accounts, only enabled when you explicitly activate the Marketing Department auto-optimization feature. Disabled by default.
• r_marketing_leadgen_automation — Access to Lead Gen Forms data, only enabled when you explicitly opt-in to Lead Sync per ad account.

14.2 How we use LinkedIn data

1. Brand AI Avatar Generation (core feature): Company Page metadata, audience demographics, and post engagement signals are aggregated to construct AI avatars representing your LinkedIn audience. Each avatar profile includes inferred professional characteristics derived from aggregated behavioral signals, not individual member data.
2. Social Media Persona module: Post performance data, content patterns, and engagement velocity are analyzed to identify which topic clusters and post formats drive the highest engagement within your specific audience.
3. RIFC score calibration for LinkedIn: LinkedIn engagement rates and audience signals are used to calibrate the platform-specific multipliers in the RIFC scoring formula (R + I × F = C), ensuring content predictions reflect LinkedIn algorithmic preferences.
4. Marketing Department analytics: LinkedIn Ads performance data feeds into the Marketing Department dashboard, where AI agents recommend campaign optimizations.
5. Cross-channel calibration: LinkedIn data is correlated with data from other connected sources (Meta, Google Analytics, CRM) to detect audience inconsistencies and improve persona accuracy across channels.

14.3 How we store LinkedIn data

• Tokens: All LinkedIn OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM with a per-environment encryption key stored in secure environment variables. Tokens are NEVER stored in plaintext.
• Aggregated metrics: Page metadata, audience demographics, and ad performance summaries are stored in our PostgreSQL database (Supabase, EU/Frankfurt region) with row-level security that strictly isolates each brand's data per user account.
• Cached data: Organization data is cached for up to 24 hours; ad performance data is cached for up to 6 hours. Cache is automatically expired to respect LinkedIn rate limits.
• No personal follower data: We only access aggregated follower demographics. We do NOT collect or store data about individual followers, their personal profiles, their messages, or their connections.
• No data on non-administered companies: We do NOT scrape competitor pages or any page you do not administer via the authenticated LinkedIn API. Competitive intelligence inside RIFC.AI uses publicly available signals only and explicit user input.
• Retention: All LinkedIn-derived data is retained while the integration is active. When you disconnect LinkedIn or delete the brand, all associated data is purged within 30 days.

14.4 Your rights — how to revoke and delete

You can revoke RIFC.AI's access to your LinkedIn data at any time via:

1. In-app: navigate to Centru de Comandă → Brand → Integrări, then click "Disconnect" on the LinkedIn card. This immediately revokes all stored LinkedIn tokens and removes associated data from your brand profile.
2. LinkedIn account settings: go to linkedin.com/psettings/permitted-services → find "RIFC.AI" or "RIFC Persona Engine" → click "Remove". Our server detects the revoked token and deletes all associated data automatically.
3. Data deletion request: email contact@rifc.ai with the subject "LinkedIn Data Deletion — [your account email]". We will confirm deletion within 72 hours and provide a confirmation ID.

We comply with the LinkedIn API Terms of Use, GDPR Article 17 (Right to Erasure), and CCPA where applicable. Audit logs of deletion events are retained for 7 years for legal compliance, but all LinkedIn-derived data is permanently removed.

14.5 Third-party sharing

We do NOT sell, rent, or share your LinkedIn data with third parties for advertising or any commercial purpose. Aggregated, fully anonymized statistics may contribute to industry benchmarks in the RIFC Market Index module — only with your explicit opt-in via the "Federated Marketing Intelligence" toggle in brand settings, and only after data is anonymized to k-anonymity ≥ 5 (no individual account can be identified).

14.6 Sub-processors

LinkedIn data flows only through these sub-processors:

• Supabase Inc. — database hosting, EU region (Frankfurt)
• Vercel Inc. — application hosting, EU edge network
• Anthropic PBC — LLM analysis on aggregated insights (text and metrics only, no PII; data is not used for model training per Anthropic Enterprise Agreement)

14.7 LinkedIn Marketing API Restrictions Compliance

RIFC.AI strictly complies with LinkedIn's Restricted Uses of LinkedIn Marketing APIs and Data policy. Specifically:

• Aggregated processing only: We process LinkedIn data exclusively at the aggregated audience level. We do NOT create, store, or display profiles of individual LinkedIn members. All insights are computed as statistical distributions, percentages, and segment-level summaries.
• No ad targeting: LinkedIn data is NEVER used for advertising targeting, lookalike audience creation, retargeting, or audience list building. RIFC.AI predicts campaign performance from past aggregated engagement signals — it does not enable targeting of specific LinkedIn members.
• No lead generation: LinkedIn data is NEVER used to identify prospects, generate sales leads, recruit talent, or prepare prospecting lists.
• No data combination at individual level: We do NOT combine LinkedIn member data with data from other sources (Meta, Google, CRM, third party) to create, supplement, verify, or append to individual user profiles, lead records, or reference tables. Cross-channel correlation in RIFC.AI happens ONLY at the aggregate segment level.
• No data export: Raw LinkedIn member data is NEVER exported, distributed, or transferred outside the RIFC.AI application — not to your customers, not to third parties, not even as a backup. Aggregated insights remain inside app.rifc.ai with strict row-level security per brand.
• No CRM enrichment: LinkedIn data is NEVER used to enrich CRM records, customer databases, or marketing automation platforms with identifiable LinkedIn attributes.

If you are a security researcher, LinkedIn employee, or member who suspects a violation of these restrictions in our use of the LinkedIn Marketing API, please report it to contact@rifc.ai with subject "LinkedIn API Compliance Concern". We respond within 48 hours and remediate verified violations within 7 days.

14.8 LinkedIn-specific contact

For LinkedIn-specific data questions, contact us at contact@rifc.ai with "LinkedIn" in the subject line for faster routing.