Privacy Policy for Brands Using Ripples Reward

1. Privacy Policy Availability and Updates

• Public Access: Our Privacy Policy is publicly accessible without logging in at https://brand.goripples.com/privacy. This URL is easily accessible by crawlers and is not geoblocked.
• App Dashboard Disclosure: This privacy policy URL is disclosed in the privacy policy field in the settings of our App Dashboard.
• Login Dialog Notice: During Meta/Facebook authentication, the login dialog includes a visible link to this Privacy Policy.
• Updates: We may update this policy; any material changes will be communicated by email and posted here with a revised "Last Updated" date.

2. Information We Collect and Process

a. Information You Provide Directly

• Account Information: Name, business email, brand name, and encrypted password.
• Contact Details: Support emails and business contact persons.

b. Platform Data from Facebook & Instagram

When you connect via Meta's OAuth, we request only the permissions for which you have given explicit consent. We only Process Platform Data as clearly described in this privacy policy and in accordance with all applicable law and regulations, Meta's Terms, and all other applicable terms and policies:

• instagram_basic
• instagram_manage_comments
• instagram_manage_insights
• pages_manage_metadata
• pages_show_list
• pages_read_engagement
• business_management

Specific Data We Process:

• Public Posts: Posts where your brand is tagged or mentioned
• Public Comments: Comments on public media (read-only access)
• Media Insights: Reach, impressions, engagement metrics for public media
• Page Information: Basic page metadata and engagement data

Scope and Limitations: We do not collect private profile data, do not post on your behalf, and do not use any data beyond the scopes listed above. We do not access private user information or content that is not publicly available.

3. How We Process Your Data and Purposes

We Process Platform Data only for the following clearly defined purposes:

• Authentication: To log you in via Facebook/Instagram OAuth flow
• Content Discovery: To fetch and display tagged media and associated metrics for your brand
• Engagement Analysis: To surface comments and insights for UGC reward decisions and campaign management
• Real-time Updates: To enable real-time updates via Meta Webhooks when your brand is tagged
• Platform Improvement: We may use anonymized, aggregated data internally to improve our platform functionality

4. Data Storage, Retention & Security

• Secure Storage: OAuth tokens and all data are encrypted at rest and in transit using industry-standard encryption protocols.
• Data Retention: We retain data only as long as your account is active or as needed to provide the service. Upon disconnecting, associated data is deleted within 30 days.
• Regulatory Compliance: We comply with GDPR, CCPA, and other applicable regulations, as well as Meta's Platform Terms and Data Protection Addendum.

5. Data Sharing and Disclosure

• No Sale or Rent: We do not sell or rent your data to third parties.
• Third-Party Processors: We may share data with service providers under strict data protection agreements that comply with applicable regulations.
• Legal Requirements: We may disclose data to comply with legal obligations, court orders, or government requests.

6. User Rights and Data Deletion

You have the following rights regarding your data:

• Access & Portability: You can request a copy of your data by emailing founders@goripples.com.
• Correction: You may update or correct your account information through your Brand Portal settings.
• Deletion: You may request deletion of your data and account. To disconnect Facebook/Instagram or delete your account, visit your Brand Portal settings or contact us.

7. Facebook Data Deletion Instructions

To remove your data from our system, you can:

• Self-Service: Disconnect your Facebook/Instagram account in Brand Portal settings, which will automatically trigger data deletion within 30 days.
• Email Request: Email founders@goripples.com with "Data Deletion Request" in the subject line.
• Complete Account Deletion:Request complete account deletion which will remove all associated data, including OAuth tokens and stored information.

Upon receiving a deletion request, we will confirm receipt and process the deletion within 30 days, providing confirmation once completed.

8. Compliance with Meta Platform Terms

This privacy policy does not supersede, modify, or conflict with Meta's Platform Terms or any other applicable terms and policies. We process Platform Data strictly in accordance with Meta's requirements and our obligations under applicable data protection laws.

9. Contact Us