CTRL+AI

Sign In

Privacy Policy

Effective Date: May 11, 2026 | Last Updated: May 11, 2026

CTRL+AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by CTRL+AI when you use our social media management and auto-reply services.

1. Information We Collect from Meta

When you connect your Facebook or Instagram pages to CTRL+AI, we collect the following data from Meta:

• Page Access Tokens & Page IDs: Required to authenticate our system to publish posts and send replies on your behalf.
• Instagram Business Account IDs: Required to link your Instagram interactions to your Facebook Page.
• Inbound Message Content: The text of direct messages sent to your connected pages.
• Inbound Comment Content: The text of public comments left on your connected pages' posts.
• Sender IDs: The Meta-provided identifiers for users who interact with your pages.

2. Why We Collect This Information

We strictly limit data collection to what is necessary for our core functionality:

• To generate context-aware AI auto-replies to incoming messages and comments.
• To maintain conversation context so the AI can provide continuous support.
• To train the brand voice parameters of your specific AI Assistant.
• To provide you with audit logs of what the AI has responded to on your behalf.

3. Data Storage and Security

Your data is stored securely in our Supabase (PostgreSQL) database infrastructure. All data, including access tokens and message logs, is encrypted at rest. We employ strict Role-Level Security (RLS) policies to ensure that only authorized CTRL+AI systems and the authenticated page owner can access this data.

4. Third-Party Processors and Sharing

We do not sell your personal data or your page's content to third parties for advertising. We only share data with the following infrastructure processors:

• Google Gemini: Inbound message content and your configured Knowledge Base are sent to Google Gemini exclusively for the purpose of generating the AI auto-reply. Google is restricted from using this data to train their public models.
• Netlify: Our serverless functions and web hosting are provided by Netlify, which routes the webhook traffic securely.

5. Data Retention Period

We retain message and comment logs for a standard period of 90 days to provide you with audit trails and conversation context. After 90 days, historical message content is purged. Page Access Tokens are retained continuously until you disconnect the page from our platform.

6. Your Data Rights

You have the right to request access to, correction of, or deletion of your data at any time. If you wish to purge your data immediately, you may disconnect your page via the CTRL+AI Dashboard, which instantly invalidates our access, or you may submit a full account deletion request (see our Data Deletion policy).

7. Contact Us

For any privacy-related inquiries or data requests, please contact our Data Protection Officer at:

support@ctrlplusai.services