← Back to Login

Privacy Policy

Last updated: March 27, 2026

infini8Graph ("we", "our", or "us") operates the infini8Graph website and analytics platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

By accessing or using infini8Graph, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information Provided via OAuth Login (Meta & Google)

When you sign in using Instagram (Meta) or Google Ads (Google via OAuth), we collect and store information necessary to provide cross-channel analytics services:

  • Meta Platform: User ID, username, and analytics metadata.
  • Google Ads API: Google User ID, email, and advertising account metadata required for analytics access.

We do not collect or store your Instagram or Google account passwords.

1.2 Access Tokens

To access cross-channel analytics securely, we store:

  • OAuth access tokens and refresh tokens
  • Token expiration timestamps

All access and refresh tokens are encrypted at rest using industry-standard AES encryption and are never exposed to the client browser.

1.3 Analytics Data

We temporarily process and cache analytics data such as:

  • Instagram: Reach, impressions, saves, and audience demographics.
  • Google Ads: Campaign performance (ROAS, spend, CTR), keyword quality scores, and asset performance labels.

Our use of Google data is strictly limited to the practices disclosed here and conforms to the Google API Services User Data Policy, including the Limited Use requirements. This data is used only to generate insights for your account and is not sold, shared, or used for third-party advertising.

1.4 Automatically Collected Information

When you access the website, we may collect limited technical information such as:

  • Browser type and version
  • Device type
  • IP address (used only for security and rate limiting)

This data is not used to identify you personally.

2. How We Use Your Information

We use collected information to:

  • Authenticate your account
  • Retrieve analytics from the Instagram Graph API
  • Generate dashboards, charts, and reports
  • Cache analytics to reduce API usage and improve performance
  • Secure the platform against abuse
  • Comply with legal and platform requirements

We do not use your data for advertising or profiling.

3. How We Store and Protect Data

  • User data is stored in Supabase PostgreSQL
  • Access tokens are AES-encrypted
  • Authentication is handled using JWT stored in secure, HttpOnly cookies
  • All communication uses HTTPS
  • Access to production databases is restricted and logged

We take reasonable technical and organizational measures to protect your data, but no system is 100% secure.

4. Data Retention

  • User account data is retained while your account remains active
  • Cached analytics data is stored temporarily and automatically refreshed or overwritten
  • Access tokens are refreshed or deleted based on expiration and account status

You may request deletion of your data at any time.

5. Data Deletion & Account Removal

You may request complete deletion of your data, including:

  • User record
  • Encrypted access tokens
  • Cached analytics

To request deletion, use the in-app account deletion option or contact us at:

Email: support@infini8graph.com

Data deletion is permanent and cannot be undone.

6. Third-Party Services

infini8Graph integrates with the following third-party services:

  • Meta Platforms / Instagram Graph API – for analytics data
  • Supabase – database and secure data storage
  • Cloudflare – secure tunneling and network protection
  • Vercel – website hosting

These services process data only as required to operate the Service and are governed by their own privacy policies.

7. Cookies

We use cookies only for authentication and security purposes, such as:

  • Maintaining your login session
  • Protecting against unauthorized access

We do not use tracking or advertising cookies.

8. Children's Privacy

infini8Graph is not intended for individuals under the age of 13. We do not knowingly collect personal data from children.

9. International Data Transfers

Your data may be processed in servers located outside your country of residence. By using the Service, you consent to such transfers in accordance with applicable laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Continued use of the Service after changes constitutes acceptance of the updated policy.

Back to Login