Legal

Privacy Policy

Effective date: April 23, 2025

1. Introduction

Neurapub ("we", "our", or "us") operates the Neurapub platform, an AI-powered Instagram content generation service accessible at neurapub.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using Neurapub, you agree to the terms of this Privacy Policy.

2. Definitions

  • Service: The Neurapub web application and API.
  • Personal Data: Any information that identifies or can identify you as an individual.
  • Usage Data: Data collected automatically from your interaction with the Service (IP address, browser type, pages visited, timestamps).
  • Data Controller: Neurapub — the entity that determines the purposes and means of processing Personal Data.
  • Third-Party Services: External providers we use to deliver the Service (listed in Section 7).

3. Information We Collect

Account Information

When you create an account we collect your email address and, optionally, your name. This data is managed through Supabase Auth.

Instagram Connection Data

When you connect your Instagram account via OAuth, we store your Instagram username, profile picture URL, and an encrypted access token. The token is encrypted with AES-256-GCM before being written to our database and is never stored in plaintext.

Generated Content

We store the AI-generated captions, hashtags, image prompts, and images produced on your behalf so you can review, approve, or reject them from your dashboard.

Usage Data

We automatically collect standard server logs including your IP address, browser and device information, pages visited, and feature usage. This data is used to monitor service health and improve the product.

Payment Data

Payment processing is handled entirely by Stripe. We never see or store your card number. We receive a subscription status and customer ID from Stripe to manage your plan.

4. How We Use Your Information

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and manage your session.
  • Connect to Instagram on your behalf using your OAuth token to read account data and publish content you approve.
  • Generate AI content (captions, hashtags, images) using your account context.
  • Process payments and enforce plan limits.
  • Send transactional emails (account confirmation, billing receipts). We do not send marketing emails without explicit consent.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

5. AI & Your Data

Your content is used solely to generate posts on your behalf during an active session. We do not use your captions, images, or Instagram data to train any AI model — ours or any third party's. Requests to the Anthropic API (Claude) and fal.ai (image generation) are subject to those providers' data policies, but we do not share your personally identifiable information with them beyond what is technically required to fulfill a generation request.

6. Data Retention

We retain your account data for as long as your account is active. Generated posts are retained until you delete them or close your account. Instagram access tokens are refreshed automatically (they expire after 60 days) and deleted immediately upon disconnecting your account. You may request full deletion of your data at any time by contacting us.

7. Third-Party Services

We use the following third-party providers to operate the Service. Each provider has its own privacy policy governing their use of data.

  • Supabase: Database, authentication, and file storage (post images). supabase.com/privacy
  • Stripe: Payment processing and subscription management. stripe.com/privacy
  • Anthropic: AI text generation (Claude API). anthropic.com/privacy
  • fal.ai: AI image generation. fal.ai/privacy
  • Meta / Instagram: OAuth authentication and content publishing via the Instagram Graph API. facebook.com/policy
  • Vercel: Hosting for the Next.js web application. vercel.com/legal/privacy-policy
  • Railway: Hosting for the background worker service. railway.app/legal/privacy
  • Upstash: Redis job queue between the web app and worker. upstash.com/trust/privacy.pdf

8. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256-GCM encryption for Instagram access tokens at rest, row-level security on all database tables, and service-role key isolation (privileged database access is never exposed to the browser). Despite these measures, no transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Disclosure of Data

Legal Requirements

We may disclose your data if required to do so by law or in response to valid legal process (subpoena, court order, or government request).

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

Protection of Rights

We may disclose data when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of our users.

10. Your Rights

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your account and all associated data.
  • Portability — request an export of your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.

11. Cookies

We use session cookies to keep you logged in (managed by Supabase Auth). We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but doing so will prevent you from logging in to the Service.

12. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Neurapub

codebymelendez@gmail.com