Privacy Policy

Last updated: April 10, 2026

This Privacy Policy describes how GoViraleza ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our Service. By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Your name
  • Email address
  • Password (stored as a bcrypt hash, never in plain text)

1.2 Brand and Business Information

When you configure brands in the Service, we collect:

  • Brand name and slug
  • Instagram handle
  • Website URL (optional)
  • Brand description (optional)
  • Brand colors and logo
  • Brand voice preferences (tone, style, do's and don'ts)

1.3 Third-Party API Keys

When you connect third-party services (Buffer, Pixabay, Gemini, etc.), we store your API keys encrypted using AES-256 encryption. We never store API keys in plain text. These keys are used solely to make API calls on your behalf.

1.4 Instagram Data

We collect publicly available Instagram data including:

  • Public profile information (follower count, following count, post count, bio)
  • Public post data (captions, likes, comments, timestamps)
  • Public hashtag usage

This data is collected from publicly accessible Instagram pages and is used solely for analytics and competitor intelligence features within the Service.

1.5 Generated Content

We store content you create through the Service, including:

  • AI-generated captions, hooks, and hashtags
  • Processed images with overlays
  • Draft and scheduled posts

1.6 Usage Data

We may collect anonymous usage data including pages visited, features used, and error logs for the purpose of improving the Service.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Generate AI-powered content tailored to your brands
  • Perform competitor analysis on your behalf
  • Schedule posts through connected services (e.g., Buffer)
  • Calculate analytics and insights for your accounts
  • Communicate with you about the Service (e.g., security alerts, updates)
  • Improve and develop new features
  • Comply with legal obligations

3. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties.

Your data may be shared with third-party services only as necessary to provide the Service:

  • Cerebras AI: Your brand information and content context are sent to generate captions. We do not send personal information.
  • Buffer: Post content and scheduling information are sent when you schedule posts.
  • Pixabay / Image Providers: Search queries are sent to find images. No personal data is shared.
  • Google Gemini: Image generation prompts are sent when using AI image generation. No personal data is shared.
  • Instagram: We access publicly available data. We do not use your Instagram login credentials.
  • Neon (Database): Your data is stored in a PostgreSQL database hosted by Neon. Data is encrypted in transit.
  • Vercel (Hosting): The Service is hosted on Vercel. Vercel may collect server logs and performance data.

4. Data Security

We implement reasonable security measures to protect your data:

  • Passwords are hashed using bcrypt with salt rounds
  • API keys are encrypted using AES-256 before storage
  • All data transmission uses HTTPS/TLS encryption
  • Database access is restricted and authenticated
  • Sessions use JWT tokens with secure, HTTP-only cookies

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept this inherent risk.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

Scraped Instagram data (public post data and profile stats) may be retained in aggregate, anonymized form for analytics purposes after account deletion.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain processing of your data
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@goviraleza.com.

7. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. We may use anonymous analytics to understand Service usage patterns.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States and Australia. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), the following applies:

  • Our legal basis for processing is your consent (account creation) and legitimate interest (service provision)
  • You have the right to lodge a complaint with your local data protection authority
  • We process data in accordance with GDPR principles of data minimization and purpose limitation

11. CCPA Compliance (California Users)

If you are a California resident:

  • You have the right to know what personal information we collect and how it is used
  • You have the right to request deletion of your personal information
  • We do not sell personal information
  • We will not discriminate against you for exercising your privacy rights

12. Australian Privacy Act Compliance

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We collect personal information only for purposes directly related to providing the Service. You may access and correct your personal information by contacting us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Your continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law. Notification will be sent to the email address associated with your account.

15. Contact

For privacy-related inquiries, contact us at: privacy@goviraleza.com

For general inquiries: support@goviraleza.com