Back to home

Privacy Policy

Last updated: 2026-03-26

Introduction

SocialBoost ("we", "our" or "Company") is committed to protecting the privacy of your personal data in compliance with the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018). This Privacy Policy describes how we collect, use, store, and protect your information when you use our services.

1. Data Controller

The data controller responsible for processing your personal data is SocialBoost. For questions related to privacy and data protection, please contact:

Email: contato@socialboost.com.br

2. Personal Data Collected

We collect the following personal data:

  • Instagram username (public profile)
  • Email address
  • Public Instagram profile data (bio, follower count, public posts, engagement metrics)
  • Authentication data (email and encrypted password, when you create an account)
  • Payment data processed by Stripe (we do not store credit card data)
  • Browsing data and cookies (language and theme preferences)

3. Purposes of Processing

We use your personal data for the following purposes:

  • Generate analysis reports of your Instagram profile
  • Send the report link via email
  • Manage your account and subscription
  • Process payments
  • Improve our services and user experience
  • Communicate about service updates

4. Legal Basis for Processing (LGPD Art. 7)

The processing of your personal data is based on the following legal grounds provided in Art. 7 of the LGPD:

  • Consent of the data subject (Art. 7, I) — when you submit the analysis form and check the consent box
  • Contract performance (Art. 7, V) — for the provision of contracted services
  • Legitimate interest (Art. 7, IX) — for service improvement and relevant communications

5. Data Sharing

Your personal data may be shared with the following service providers, strictly for the purposes described:

  • Supabase — user authentication and data storage
  • Stripe — payment processing
  • Resend — transactional email delivery
  • HikerAPI — public Instagram data collection
  • Google Gemini — AI-powered analysis generation
  • Vercel — application hosting

We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. Cookies and Tracking Technologies

We use the following cookies:

  • Essential authentication cookies (Supabase) — required for login functionality
  • Report session cookie — for accessing reports without login
  • Theme preference (light/dark) — stored locally
  • Language preference — stored locally

We do not use third-party tracking, analytics, or advertising cookies.

7. Your Rights (LGPD Art. 18)

Under Art. 18 of the LGPD, you have the following rights regarding your personal data:

  • Confirmation of data processing
  • Access to personal data
  • Correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion of unnecessary or excessive data
  • Data portability to another provider
  • Deletion of data processed with consent
  • Information about entities with which we share your data
  • Information about the possibility of not providing consent and its consequences
  • Consent revocation

To exercise any of these rights, send an email to contato@socialboost.com.br. We will respond within 15 business days.

8. Data Retention

Your personal data is retained for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Free analysis data is retained for 30 days. Active account data is maintained as long as the account exists. After account deletion, data is removed within 30 days.

9. International Data Transfers

Some of our service providers may be located outside of Brazil. In such cases, we ensure that international data transfers are carried out in compliance with the LGPD, through adequate contractual clauses or when the destination country provides an adequate level of data protection.

10. Data Security

We adopt technical and organizational measures to protect your personal data against unauthorized access, destruction, loss, alteration, or any form of improper processing. This includes:

  • Data encryption in transit (SSL/TLS)
  • Passwords stored with cryptographic hashing
  • Role-based access control (Row Level Security)
  • Authentication tokens with automatic expiration

11. Children's Data

Our services are not intended for individuals under 18 years of age. We do not intentionally collect personal data from minors. If we become aware that we have collected data from a minor, we will take necessary steps to delete it.

12. Changes to this Policy

We may update this Privacy Policy periodically. Any significant changes will be communicated via email or through a notice on our website. We recommend reviewing this policy regularly.

13. Contact

For questions, complaints, or requests related to the protection of your personal data, please contact:

Email: contato@socialboost.com.br