BoutiquePad logo iconBoutiquePad

Privacy Policy

Last updated: May 7, 2026

This Privacy Policy explains how Tractionify ("we", "us", "our") collects, uses, and protects information when you use BoutiquePad (the "Service").

1. What we collect

  • Account information. Your name, email address, and password (stored hashed by Supabase Auth).
  • Payment information. Billing handled by Stripe. We receive a Stripe customer ID and subscription status; we do not see or store your full card details.
  • Service usage data. Saved lists, workbook entries, notes, tags, and any preferences you set.
  • Server logs. Standard request metadata (IP, user agent, timestamp) for security and abuse-prevention purposes.

2. How we use your data

  • To operate the Service and personalize your experience.
  • To process payments and manage your subscription.
  • To send transactional email (account confirmation, password reset, billing receipts).
  • To prevent abuse and secure the Service.
  • To comply with legal obligations and respond to lawful requests.

We do not sell your personal data. We do not use your workbook entries or saved data to train machine learning models or share them with other users.

3. Third-party processors

We rely on a small set of vetted vendors to operate the Service:

  • Supabase — database, authentication, file storage.
  • Stripe — subscription billing and payment processing.
  • Vercel (or our hosting provider) — application hosting.

Each vendor processes data only as needed to provide their service to us.

4. Connected social accounts (Meta — Facebook & Instagram)

BoutiquePad offers an optional Spot Trends feature that lets you connect your Facebook and Instagram Business accounts to analyze publicly available data about competitor boutique accounts you choose to track. This section describes exactly what data we receive, how we use it, how long we keep it, and how to remove it.

4.1 What we receive from Meta when you connect

  • Your Facebook user ID and basic profile info (name, email) returned by Facebook Login.
  • The Facebook Pages you administer and the Instagram Business or Creator account linked to the page you select during connection.
  • An access token Meta issues so we can call the Instagram Graph API on your behalf. We store this token encrypted at rest and refresh it automatically before it expires.
  • Public data about competitor accounts you add to your watchlist: profile name, follower count, recent posts (image, caption, timestamp), and post engagement counts (likes, comments). We retrieve this via Meta's official Business Discovery endpoint, which only returns information that is already publicly visible on Instagram.

4.2 How we use it

  • To display competitor analytics inside your BoutiquePad dashboard (top-performing posts, engagement trends, posting cadence).
  • To refresh that data on a schedule so the dashboard stays current.
  • To inform our internal product validation signals (whether a product is trending) when the connected user is part of our admin team.

We do not use Meta-derived data to advertise to you, sell to third parties, train machine learning models, post on your behalf, or message your followers. We do not share competitor data between BoutiquePad members.

4.3 Retention

  • Access tokens are kept while your connection is active and deleted within 30 days of disconnection.
  • Competitor snapshots (profile + post engagement data) are kept for up to 90 days from the date of last refresh, then aged out.

4.4 How to disconnect or delete

You can revoke BoutiquePad's access at any time from the Spot Trends page in your dashboard, or from Meta's Business Integrations settings. Disconnecting immediately stops new data fetches; we delete the stored token and competitor snapshots within 30 days. For an expedited deletion or a complete account-data request, see our data deletion instructions.

4.5 Compliance

BoutiquePad's use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies. BoutiquePad is independent and is not endorsed by, sponsored by, or affiliated with Meta Platforms, Inc.

5. Cookies

We use first-party cookies for essential session management (keeping you logged in) and to remember UI preferences (e.g., sidebar state). We don't use third-party advertising or tracking cookies.

6. Data retention

We keep your account data for as long as your account is active. If you cancel, we retain billing records as required by law and delete other personal data within 30 days unless retention is necessary for legitimate operational reasons (fraud prevention, dispute resolution).

7. Your rights

Depending on where you live (e.g., EU/UK under GDPR, California under CCPA), you may have rights to access, correct, export, or delete your personal data. To exercise these rights, email support@tractionify.com from the address on your account. We respond within 30 days.

8. Children

The Service is not directed to children under 18, and we do not knowingly collect data from minors.

9. International transfers

Our processors operate globally, including in the United States. By using the Service you consent to your data being processed in those locations subject to standard contractual safeguards.

10. Changes to this Policy

We'll update the "Last updated" date above when we change this Policy. Material changes will be communicated via email or in-app notice.

11. Contact

Questions, requests, or complaints? support@tractionify.com.