Privacy Policy

This Privacy Policy describes how Simbel AI LLC (“Simbel AI,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal data when you use our AI marketing automation platform (the “Service”) available at app.simbel.ai.

Simbel AI is committed to protecting the privacy and personal data of our users in accordance with applicable data protection laws in the jurisdictions where we operate, including the Kingdom of Saudi Arabia.

By creating an account or using our Service, you acknowledge that you have read and understood this Privacy Policy.

Table of Contents

Information We Collect
How We Use Your Information
Legal Basis for Processing
Platform-Specific Data Handling
How We Share Your Information
Cross-Border Data Transfers
Data Retention
Data Security
Your Rights
Cookies and Tracking Technologies
Children's Privacy
Third-Party Links
Changes to This Policy
Contact Us

1. Information We Collect

1.1 Information You Provide Directly

Account Information: name, email address, password (encrypted), company or business name, and timezone preferences.
Brand and Content Information: brand voice settings, uploaded documents and assets (logos, images, PDFs), website URLs, content preferences and tone settings, campaign briefs, and target audience descriptions.
Payment Information (when available): billing name and address. Payment method details are processed securely by Stripe — we do not store full card numbers.
Communications: support requests, feedback, and survey responses.

1.2 Information from Connected Social Media Accounts

When you connect social media accounts, we access and store only the minimum data necessary to provide the Service:

Platform	Data Accessed	Purpose
Instagram	Business account info, publishing permissions	Publish posts and stories
Facebook	Page info, publishing permissions	Publish posts to your Pages
X (Twitter)	Profile info, posting permissions	Publish tweets
LinkedIn	Profile info, page admin status, OAuth tokens	Publish posts to profiles and company pages
TikTok	Profile info, posting permissions	Publish videos
Email (Resend)	Subscriber email addresses you provide	Send email campaigns on your behalf

What We Do NOT Access:

Your private messages or DMs on any platform
Your friend lists or followers' personal details
Your personal browsing activity on social platforms
Content from other users' accounts
Data beyond what is necessary for publishing and analytics

1.3 Information Collected Automatically

Usage Information: features used, actions taken, campaigns created and published, login times, and session duration.
Device and Technical Information: IP address, browser type and version, device type and operating system, and referring URLs.
Cookies and Similar Technologies: session cookies (authentication), preference cookies (settings), and analytics cookies (service improvement via Google Analytics).

1.4 AI-Generated Content

Content generated by our AI agents based on your brand context and campaign briefs.
Performance analytics and optimization recommendations.
This content is generated for your exclusive use and is not shared with other users.

2. How We Use Your Information

2.1 Providing the Service

We use your information to: create and manage your account; connect and manage social media integrations; generate AI content based on your preferences; schedule and publish content; process payments; and provide campaign analytics and reporting.

2.2 Improving the Service

We analyze usage patterns to develop new features, fix bugs, and improve AI model performance. Any such analysis uses aggregated, anonymized data only — never your individually identifiable content or data.

2.3 Communications

We use your contact information to send: transactional emails (account verification, password reset, billing receipts); customer support responses; product updates and announcements (with opt-out option); and notices of important service changes.

2.4 Safety and Compliance

We use your information to detect and prevent fraud or abuse, enforce our Terms of Service, comply with legal obligations, and respond to lawful requests from authorities.

3. Legal Basis for Processing

Under applicable data protection laws, we process your personal data based on the following legal grounds:

Consent: when you create an account, connect social platforms, or opt into marketing communications. You may withdraw consent at any time by contacting us or adjusting your account settings.
Contractual Necessity: processing required to provide the Service you have subscribed to, including account management, content publishing, and billing.
Legitimate Interest: improving service quality, ensuring security, and preventing fraud — where such interests do not override your fundamental rights and freedoms.
Legal Obligation: where processing is required by applicable law, regulation, or governmental authority.

For marketing communications, we obtain explicit opt-in consent before sending any promotional messages. You may withdraw this consent at any time through your account settings or by contacting us at simbel@simbel.ai.

4. Platform-Specific Data Handling

We comply with each connected platform's developer terms and API usage policies. In all cases, we access only the minimum data required to fulfill the publishing and analytics functions you authorize.

Instagram and Facebook (Meta)

We access your business account information and publishing permissions solely to post content you approve through the Service. We do not access your personal profile content, private messages, or the data of users who interact with your posts beyond aggregate engagement metrics.

X (Twitter)

We access your profile information and posting permissions to publish tweets on your behalf. We do not access your direct messages, follower lists, or any content beyond what is necessary for publishing.

We access your profile information and company page admin status to publish posts to your profile or company pages. We do not access connection data or private messages.

TikTok

We access your profile information and content posting permissions to publish videos you create through the Service. We do not access your follower data or private messages.

Email

For email campaigns, we process subscriber email addresses that you provide or import. You are responsible for ensuring you have appropriate consent to send marketing communications to your email list.

5. How We Share Your Information

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

Service Providers: trusted third parties who assist in operating our Service — including infrastructure providers, payment processors, and email delivery services — are contractually required to protect your data and may only use it to provide services to us.
Social Media Platforms: only the content you authorize us to publish, transmitted through each platform's official API.
AI Service Providers: your content may be processed by AI service providers for generation and analysis purposes. We do not share personally identifiable information beyond what is strictly necessary, and we do not permit providers to use your content for their own model training.
Legal Requirements: when required by applicable law, regulation, valid court order, or governmental request. We will notify you where permitted by law.
Business Transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any change in data controller and provide you with appropriate choices.

We do NOT:

Sell your personal data to third parties
Share your data for third-party advertising purposes
Use your content to train AI models that are sold or licensed to other parties
Share your social media credentials with any third party

6. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside the Kingdom of Saudi Arabia, including the United States and the European Union, where our infrastructure providers are located. Such transfers occur because the cloud infrastructure necessary to provide the Service operates globally.

We ensure these transfers comply with applicable data protection requirements by:

Using service providers who maintain appropriate security standards and data protection commitments
Implementing contractual safeguards to protect your personal data during transfer and processing
Ensuring that transferred data remains subject to the protections described in this Privacy Policy

Our infrastructure and service providers include:

Cloudflare — CDN and frontend hosting
Railway — backend application hosting
Supabase — authentication and file storage
OpenAI — AI content generation and analysis
Anthropic — AI content generation for specific tasks
Stripe — payment processing (when available)
Resend — transactional and campaign email delivery

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law.

Data Type	Retention Period
Account information	Duration of account + 30 days after deletion request
Campaign content and analytics	Duration of account + 90 days
Social media OAuth tokens	Until you disconnect the platform or delete your account
Payment records	7 years (legal and tax compliance requirements)
Server logs	90 days
Support communications	2 years
Session cookies	Expire on browser close
Analytics cookies	Up to 12 months

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of all data in transit using TLS/SSL protocols
Encryption of data at rest, including social media OAuth tokens
Role-based access controls limiting employee access to personal data on a need-to-know basis
Secure authentication requirements including support for multi-factor authentication
Regular security assessments and infrastructure monitoring
Documented incident response procedures

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We encourage you to use a strong, unique password and protect your account credentials.

In the event of a personal data breach that may affect your rights and freedoms, we will notify the relevant supervisory authorities and affected individuals in accordance with applicable law, within the timeframes required by those laws.

9. Your Rights

Under applicable data protection laws, you have the following rights with respect to your personal data:

Right to be Informed: to know what personal data we collect and how it is used, as provided in this Privacy Policy.
Right of Access: to request a copy of the personal data we hold about you.
Right to Rectification: to request correction of any inaccurate or incomplete personal data.
Right to Deletion: to request deletion of your personal data, subject to legal retention requirements.
Right to Data Portability: to receive your personal data in a structured, commonly used, machine-readable format, where technically feasible.
Right to Object: to object to processing of your personal data in certain circumstances, including direct marketing.
Right to Restrict Processing: to request limitation of how we process your personal data in certain circumstances.
Right to Withdraw Consent: to withdraw previously given consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at simbel@simbel.ai. We will acknowledge your request promptly and respond within 30 days. We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

Authentication cookies: to keep you securely logged in to your account.
Preference cookies: to remember your settings and personalize your experience.
Analytics cookies: to understand how users interact with our Service and improve it over time (via Google Analytics).

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies — particularly authentication cookies — may impair the functionality of the Service or prevent you from logging in.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete it.

If you believe that a child has provided us with personal data, please contact us immediately at simbel@simbel.ai.

12. Third-Party Links

Our Service may contain links to third-party websites, services, or platforms. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you access through links in our Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the “Last Updated” date at the top of this page.

For material changes, we will provide a more prominent notice — such as an email notification or an in-app alert — before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For privacy-related inquiries, to exercise your data protection rights, or to report a privacy concern:

Simbel AI LLC
Email: simbel@simbel.ai
Address: 30 N Gould St, Ste R, Sheridan, WY 82801, USA

We are committed to working with you to resolve any privacy concerns promptly and fairly.