Privacy Policy

Sesames ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our platform.

1. Information We Collect

We collect the following types of information:

• Account information: Name, email address, and password when you register.
• Business information: Business name, category, description, and catalog/menu data you provide.
• Social media data: When you connect your Instagram or Facebook account, we access your pages, conversations, and messages through the Meta API to provide inbox management and auto-reply features.
• Content data: Posts, images, captions, and media you create or upload.
• Usage data: How you interact with our platform, including pages visited, features used, and timestamps.

2. How We Use Your Information

• Provide and improve our services (inbox management, content creation, AI replies).
• Send and receive messages on your behalf through connected Instagram and Messenger accounts.
• Generate AI-powered content, branding, and reply suggestions.
• Display your catalog or menu through public-facing pages.
• Analyze usage patterns to improve the platform.

3. Meta Platform Data

When you connect your Meta (Facebook/Instagram) account, we access and process data in accordance with the Meta Platform Terms. Specifically:

• We read and send messages on Instagram and Messenger on your behalf.
• We access your Facebook Pages and Instagram Business accounts to publish content.
• We do not sell, rent, or share your Meta data with third parties.
• Meta data is stored securely and only used to provide the features you've enabled.
• Access tokens are encrypted at rest.

4. Data Storage & Security

Your data is stored on secure, encrypted servers powered by Supabase. We use industry-standard security measures including encryption in transit (TLS) and at rest, row-level security policies, and secure token storage.

5. Data Sharing

We do not sell your personal data. We may share data only with:

• Service providers: Cloud hosting (Supabase), AI processing (OpenAI) — solely to provide our services.
• Legal requirements: When required by law, regulation, or legal process.

6. Data Retention

We retain your data for as long as your account is active. You can request deletion of your data at any time by visiting our Data Deletion page or contacting us.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Withdraw consent for data processing at any time.
• Export your data in a portable format.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at: info@sesames.io