Privacy Policy
Effective Date: February 2, 2026 Last Updated: February 2, 2026
Table of Contents
- Introduction
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Social Media Platform Data
- Cookies and Similar Technologies
- Data Retention
- Data Security
- Your Rights and Choices
- California Residents (CCPA)
- International Users
- Children's Privacy
- Changes to This Policy
- Contact Us
1. Introduction
Welcome to Spotli.ai ("Spotli," "we," "us," or "our"). This Privacy Policy explains how Arara LLC, a company incorporated in the United States, collects, uses, discloses, and protects your personal information when you use our AI-powered marketing platform and related services (collectively, the "Service").
By using Spotli.ai, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Name
- Profile photo (optional)
- Authentication method (email/password or Google OAuth)
This information is processed through our authentication provider, Clerk.
2.2 Business Information
To personalize our Service, we collect:
- Business name
- Industry or category
- Business size
- Country and region
2.3 Social Media Account Data
When you connect your social media accounts through OAuth authorization, we may collect:
Instagram:
- Account ID and username
- Profile photo
- Post metrics and engagement data
- Content insights and analytics
Facebook:
- Connected Pages information
- Page engagement metrics
- Audience insights
TikTok:
- Account ID and username
- Video metrics and analytics
- Engagement data
OAuth Tokens:
- We store encrypted OAuth access tokens to maintain your authorized connections
- These tokens allow us to publish content and retrieve analytics on your behalf
2.4 Payment Information
We use Stripe to process payments. We do not store your credit card numbers or full payment details. We collect:
- Stripe customer ID
- Subscription status
- Payment history metadata (dates, amounts, subscription type)
- Billing email address
2.5 Usage Data
We collect information about how you use our Service:
- AI-generated content: Prompts you provide and responses generated
- Content created: Posts, stories, and videos you create
- Conversation history: Interactions with our AI agents
- Activity logs: Actions taken within the platform
2.6 Technical Data
We automatically collect:
- IP address
- Browser type and version
- Device type and operating system
- Session cookies and identifiers
- Pages visited and features used
3. How We Use Your Information
We use your information to:
3.1 Provide and Improve Our Service
- Create and manage your account
- Process your subscription and payments
- Connect and manage your social media accounts
- Generate AI-powered marketing content
- Publish content to your connected social media platforms
- Display analytics and performance metrics
- Provide customer support
3.2 Personalize Your Experience
- Customize AI recommendations based on your industry and preferences
- Tailor content suggestions to your business type
- Remember your settings and preferences
3.3 Communicate With You
- Send transactional emails (receipts, confirmations, account updates)
- Notify you about Service changes or issues
- Respond to your inquiries and support requests
3.4 Ensure Security and Compliance
- Detect and prevent fraud or abuse
- Monitor for Terms of Service violations
- Comply with legal obligations
3.5 Improve Our Service
- Analyze usage patterns to improve features
- Debug technical issues
- Develop new features and functionality
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 Service Providers
We work with third-party service providers who process data on our behalf:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, auth method |
| Stripe | Payments and subscriptions | Email, billing information |
| Meta (Facebook/Instagram) | Content publishing and analytics | OAuth tokens, published content |
| TikTok | Content publishing and analytics | OAuth tokens, published content |
| OpenAI/Anthropic/Google AI | AI content generation | User prompts (without personally identifiable information) |
| Cloudflare R2 | Media storage | Uploaded images and videos |
| Sentry | Error monitoring | Technical logs (without personally identifiable information) |
| Resend | Transactional emails | Email address |
4.2 Legal Requirements
We may disclose your information if required by law, such as:
- To comply with legal process or government requests
- To protect our rights, privacy, safety, or property
- To enforce our Terms of Service
- In connection with a merger, acquisition, or sale of assets
4.3 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
5. Social Media Platform Data
5.1 Instagram and Facebook (Meta)
When you connect your Instagram or Facebook account, we access:
- Basic account information: Account ID, username, profile picture
- Page information: For Facebook Pages you manage
- Content insights: Engagement metrics, reach, impressions
- Publishing permissions: Ability to create posts on your behalf
How we use this data:
- To display your account information within our platform
- To publish content you create to your connected accounts
- To show you analytics and performance metrics
- To optimize content recommendations
Data deletion: You can disconnect your Meta accounts at any time through our platform settings. Upon disconnection or account deletion, we delete your Meta OAuth tokens and stop accessing your Meta data. To request deletion of all data we've collected from Meta, contact us at privacy@spotli.ai.
5.2 TikTok
When you connect your TikTok account, we access:
- Basic account information: Account ID, username, profile picture
- Video metrics: Views, likes, comments, shares
- Publishing permissions: Ability to create videos on your behalf
How we use this data:
- To display your account information within our platform
- To publish content you create to your TikTok account
- To show you video performance analytics
Data retention: We retain TikTok data only while your account is connected. Upon disconnection or account deletion, we delete your TikTok OAuth tokens within 30 days.
5.3 OAuth Security
All OAuth tokens are encrypted at rest using industry-standard encryption. We request only the minimum permissions necessary to provide our Service. You can revoke access at any time through your social media platform settings or through our platform.
6. Cookies and Similar Technologies
6.1 What We Use
We use cookies and similar technologies to:
- Essential cookies: Required for the Service to function (authentication, security)
- Preference cookies: Remember your settings and choices
- Analytics cookies: Understand how you use our Service
6.2 Your Choices
Most browsers allow you to control cookies through settings. However, disabling essential cookies may prevent you from using certain features of our Service.
7. Data Retention
We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Business information | Until account deletion + 30 days |
| Social media tokens | Until disconnection or account deletion |
| AI conversation history | 12 months, then automatically deleted |
| Published content records | Until account deletion |
| Payment records | 7 years (for tax and legal compliance) |
| Technical logs | 90 days |
After you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access controls: Limited employee access on a need-to-know basis
- Infrastructure: Hosted on secure cloud infrastructure in the United States
- OAuth tokens: Encrypted using industry-standard encryption
- Payment data: PCI-DSS compliant processing through Stripe
While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. Your Rights and Choices
You have the following rights regarding your personal information:
9.1 Access and Portability
You can access your personal information through your account settings. You can request a copy of your data by contacting us at privacy@spotli.ai.
9.2 Correction
You can update your account and business information through your account settings.
9.3 Deletion
You can delete your account at any time through your account settings. This will:
- Delete your account and business information
- Delete your AI conversation history
- Revoke and delete all social media OAuth tokens
- Remove your published content records from our platform
Note: Content already published to social media platforms will remain on those platforms until you delete it directly.
9.4 Disconnect Social Accounts
You can disconnect any social media account at any time through your account settings or directly through the social media platform.
9.5 Data Deletion Requests
To request deletion of your data, you can:
- Delete your account through the platform settings
- Email us at privacy@spotli.ai
- Use our data deletion endpoint (for Meta compliance):
https://spotli.ai/api/data-deletion
We will process deletion requests within 30 days.
10. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
10.1 Right to Know
You have the right to request information about:
- Categories of personal information we collect
- Sources of personal information
- Business purposes for collecting personal information
- Categories of third parties with whom we share personal information
- Specific pieces of personal information we have collected about you
10.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
10.3 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
10.4 Categories of Information Collected
In the past 12 months, we have collected the following categories of personal information:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address, account IDs | Yes |
| Commercial information | Subscription records, payment history | Yes |
| Internet activity | Browsing history, interactions with Service | Yes |
| Professional information | Business name, industry | Yes |
| Inferences | Content preferences, usage patterns | Yes |
10.5 Sale of Personal Information
We do not sell personal information as defined under the CCPA.
10.6 How to Exercise Your Rights
To exercise your CCPA rights, contact us at privacy@spotli.ai or contact@spotli.ai. We will verify your identity before processing your request.
11. International Users
11.1 Data Location
Our Service is hosted in the United States. If you are accessing our Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.
11.2 Latin America Users
We serve users in Latin American countries and comply with applicable local data protection laws. By using our Service, you consent to the transfer of your information to the United States.
11.3 Data Transfer Safeguards
We implement appropriate safeguards for international data transfers, including:
- Using service providers that maintain appropriate data protection standards
- Encrypting data in transit and at rest
- Limiting data access to authorized personnel
12. Children's Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you by email or through a notice on our Service
- Continued use of the Service after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Arara LLC
Email: privacy@spotli.ai General Inquiries: contact@spotli.ai Address: 1010 S. Federal Hwy, Suite 1424, Hallandale Beach, FL 33009
For data deletion requests or privacy inquiries, please email privacy@spotli.ai with the subject line "Privacy Request."
This Privacy Policy is provided as a starting point and should be reviewed by a qualified attorney to ensure compliance with all applicable laws and regulations.