Privacy Policy

Last updated: March 28, 2026

Introduction

Beartsy ("we") is a marketing intelligence platform for Amazon KDP authors. This policy explains how we collect, use, and protect your data.

Data We Collect

We collect the following types of data:

  • Account information: name, email, and authentication method (Google, Meta, or magic link)
  • KDP data: CSV sales reports, royalties, and KENP page reads that you manually upload
  • Instagram data: post metrics (reach, engagement, impressions) accessed via the Instagram API with your authorization
  • Meta Ads data: campaign performance (spend, impressions, clicks) accessed via the Marketing API with your authorization

How We Use Your Data

Your data is used exclusively to:

  • Display your marketing and sales data on the Beartsy dashboard
  • Generate personalized insights and recommendations using artificial intelligence
  • Automatically sync your Instagram and Meta Ads data on a daily basis

Third-Party Services

We use the Instagram Graph API and Meta Marketing API to access your social media data. We use Supabase for secure data storage and Vercel for hosting. We do not sell, share, or transfer your data to third parties for marketing purposes.

AI Sub-processors

To generate marketing insights and recommendations, we use language models from major AI providers — OpenAI (GPT models) and Anthropic (Claude models) — as sub-processors. Only aggregated metrics and content snippets are sent to these services; no personally identifiable information (name, email, password, access tokens) is shared. These sub-processors do not retain the data sent after the request has been processed.

Meta Permissions

When you connect your Instagram or Meta Ads account, we request the following permissions from the Meta API. Each permission is used only to power a specific product feature:

  • `public_profile` — Basic account information (name, ID). Used during account creation.
  • `email` — Your Meta account email address. Used for account creation and notifications.
  • `instagram_basic` — Instagram Business profile and media metadata. Used to display your Instagram posts in the Painel.
  • `instagram_manage_insights` — Post and account insights (reach, engagement). Used on the Instagram engagement tab of the book performance page.
  • `pages_show_list` — List of Facebook Pages you admin. Used in the connection flow so you can pick which Page represents your author brand.
  • `pages_read_engagement` — Page-level metadata (fan count, feed). Enriches the Painel with cross-platform engagement metrics.
  • `ads_read` — Ad account campaigns, spend, impressions, and clicks. Used on the Meta Ads tab of the book performance page (ROAS data).

Security

Your data is protected with AES-256-GCM encryption for API tokens, per-tenant isolation via Row-Level Security at the database level, and HTTPS connections for all communications. Instagram and Meta access tokens are stored encrypted and never exposed in the browser.

Data Retention

We retain your data while your account is active. After account deletion, we retain the data for an additional 30 days for legal compliance and to allow account recovery. After this period, all data is permanently removed from our systems.

Your Rights

You have the following rights regarding your data. To request complete deletion of your data, email privacy@beartsy.io or go to Settings → Account → Delete Account.

  • Access all data we store about you
  • Request complete deletion of your account and data
  • Export your data in CSV format
  • Revoke Instagram or Meta Ads access at any time

Contact

For privacy-related questions, reach out at: privacy@beartsy.io