Privacy Policy

We collect only what we need to run the Service:

• Account information — the email address and password you use to sign up. Authentication is handled by our provider (Supabase); passwords are stored only as salted hashes and are never visible to us.
• Instagram data (when you connect)— when you connect an Instagram professional account, we access data through Meta’s official Graph API, only under the permissions you grant: your profile and media, the comments and direct messages on your account, and your account insights. We store an encrypted access token and the data needed to provide the features you use. We never ask for or receive your Instagram password, and we do not scrape Instagram.
• Content you create or upload — posts, captions, schedules, replies, brand-profile inputs (your website address, notes, and uploaded files), and the AI-generated images and text you produce. Media you choose to publish is stored so we can deliver it to Instagram.
• Google Analytics data (optional) — if you connect Google Analytics, we read aggregated metrics for the property you choose (see the dedicated section below). We do not read or store individual visitor or customer records.
• Usage and diagnostic data — basic logs and technical data needed to operate, secure, and troubleshoot the Service. When you use a tracked call-to-action link, we record the click but hash the IP address with a rotating salt — we do not store raw IP addresses for click tracking, and we set no advertising cookies.
• Payment data— if and when paid plans are offered, payments are processed by Stripe. Card details are entered on Stripe’s hosted checkout; we never see or store full card numbers.

We use the information above to:

• provide the Service — publish and schedule posts, surface analytics, and (where you enable it) draft and send replies to comments and messages;
• build your brand profile and generate brand-aware captions, hashtags, and images;
• operate, secure, debug, and improve the Service; and
• communicate with you about your account and respond to your requests.

We do not sell your personal information, and we do not use your content or your connected-account data to build advertising profiles.

Legal bases (EEA/UK). Where the GDPR or UK GDPR applies, we process personal data to perform our contract with you (providing the Service), for our legitimate interests in operating and securing the Service, with your consent where we ask for it (for example, connecting an optional integration), and to comply with legal obligations.

Brand-profile generation, caption and hashtag suggestions, image generation, and message classification and drafting are powered by Google’s Gemini models. To produce these results, the relevant content is sent to Google for processing on our behalf; it is not used to train generalized AI models. AI-generated images carry an invisible SynthID watermark that identifies them as AI-generated. AI output can be wrong or inappropriate — you remain responsible for reviewing all content before it is published or sent.

We share data only with the service providers (“sub-processors”) that help us run Moose, acting on our instructions and under their own data-protection commitments — for example our cloud database and hosting, the Meta Graph API, Google (Gemini and, if you connect it, Analytics), and our email provider. The current list is at /legal/sub-processors. We may also disclose information if required by law or to protect the rights, safety, or security of our users or the Service, or in connection with a business transfer. We never sell your data.

If you connect Google Analytics, Moose reads aggregated GA4 metrics for the property you choose — sessions, key events (such as leads), revenue totals, and channel and landing-page breakdowns — to show what your posts did for your business. We do not read or store individual visitor or customer records. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: we do not sell this data, do not use it for advertising, and do not use it to train AI models, and we delete it when you disconnect or revoke access. Aggregated snapshots are retained for up to 13 months. For merchants in the EEA, some Google figures may include Google’s modeled (estimated) data; we surface a notice on those figures. See our Data Processing Addendum.

We keep personal data only as long as needed for the purposes above, then delete or de-identify it. In general:

• Account and content — kept while your account is active; removed when you delete your account.
• Instagram access token — kept encrypted while your connection is active; cleared when you disconnect or delete your account, or when Meta tells us you removed the app.
• Aggregated Google Analytics snapshots — up to 13 months, then automatically purged; deleted immediately when you disconnect Analytics.
• AI-generated image drafts — unused drafts are pruned after about 30 days.
• Link-click records — retained about 365 days (IPs are hashed, not stored raw).
• Deletion audit records — a minimal, PII-free record that a deletion occurred is retained so we can demonstrate compliance.

Depending on where you live, you may have rights over your personal data. We honor these rights regardless of your location:

• Access & portability — ask what data we hold and request a copy.
• Correction — ask us to fix inaccurate data (you can edit most of it yourself in the app).
• Deletion — delete your account at any time from your settings, or ask us to delete the data we obtained from Instagram (see the next section).
• Objection & restriction — object to or ask us to limit certain processing.
• Withdraw consent — disconnect an integration at any time.

If the GDPR/UK GDPR applies to you, you may also lodge a complaint with your local data-protection authority. If you are a California resident, you have the rights to know, delete, and correct your personal information and to opt out of its sale or sharing — and we confirm that we do notsell or “share” personal information and do not offer financial incentives for it. To exercise any right, email us at alip@trymoose.ai. We will not discriminate against you for exercising your rights.

You are in control of your data. You can disconnect Instagram or delete your accountat any time from your settings; deleting your account removes your stored data and uploaded media. If you remove Moose from your Instagram settings, Meta notifies us and we mark the connection deauthorized. You may also request deletion of the data we obtained from Instagram through Meta’s data-deletion flow or by emailing us — you can check the status of a request on our data-deletion status page.

Moose is operated from, and our providers process data in, the United States and the European Union. Where data is transferred across borders — including from the EEA or UK to the United States — we rely on appropriate safeguards, such as the Standard Contractual Clauses, through our providers and our Data Processing Addendum.

We use industry-standard safeguards, including encryption in transit (HTTPS), encryption at rest for stored access tokens, and row-level access controls so each account can reach only its own data. We grant our team least-privilege access. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you of a breach where the law requires.

Moose is intended for business use by people aged 18 or older. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above; significant changes may be communicated in the app or by email.

Questions about this policy, or want to exercise a data right? Email us at alip@trymoose.ai.