Privacy Policy

1. Introduction

Orchestra ADS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing automation platform.

By using Orchestra ADS, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Password (encrypted)
• Profile information
• Billing information (processed securely via Stripe)

2.2 Social Media Account Data

When you connect your social media accounts, we collect:

• Facebook Pages: Page ID, name, profile picture, and access tokens for publishing
• Instagram Business: Account ID, username, profile picture, follower count, and access tokens for publishing

We only request the minimum permissions necessary to provide our services. Access tokens are encrypted at rest using AES-256-GCM encryption.

2.3 Content and Media

We store content you create or upload, including:

• Images and videos you upload
• Marketing copy and captions
• Campaign configurations
• Generated content using AI tools

2.4 Usage Data

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information
• Feature usage analytics

3. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Publish content to your connected social media accounts on your behalf
• Process payments and manage subscriptions
• Send service-related communications
• Improve our platform and develop new features
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Third parties that help us operate our platform (Stripe for payments, Clerk for authentication, cloud hosting providers)
• Social Media Platforms: Facebook and Instagram to publish content on your behalf
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures including:

• Encryption of data in transit (TLS/SSL) and at rest
• AES-256-GCM encryption for social media access tokens
• Regular security audits and updates
• Access controls and authentication

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time (see Section 8).

When you disconnect a social media account, we immediately revoke and delete the associated access tokens.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your data
• Portability: Receive your data in a portable format
• Withdraw Consent: Disconnect social accounts or close your account at any time

8. Data Deletion

To request deletion of your data:

1. Go to Account Settings → Data & Privacy
2. Click "Delete My Data" or "Delete Account"
3. Confirm your request

Alternatively, email us at support@orchestra-ads.ai with your deletion request.

We will process deletion requests within 30 days. Some data may be retained for legal or legitimate business purposes.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We may also use analytics cookies to improve our service. You can manage cookie preferences in your browser settings.

10. Third-Party Services

Our platform integrates with:

• Meta (Facebook/Instagram): For social media publishing. See Meta Privacy Policy
• Stripe: For payment processing. See Stripe Privacy Policy
• Clerk: For authentication. See Clerk Privacy Policy

11. Children's Privacy

Orchestra ADS is not intended for users under 18 years of age. We do not knowingly collect information from children.

12. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform. Your continued use after changes constitutes acceptance.