Privacy Policy
Effective Date: April 12, 2026
1. Introduction
Welcome to CIAfeeds ("we," "us," or "our"). CIAfeeds is an AI-powered platform that helps businesses generate Meta-compatible catalog feeds for the automotive, real estate, and services verticals. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services. By accessing or using CIAfeeds, you agree to the practices described in this policy. If you have any questions or concerns, please contact us at privacy@ciafeed.com.
2. Information We Collect
We collect information that you provide directly to us, as well as information generated through your use of our services:
- Account Information: When you create an account, we collect your name, email address, and a securely hashed version of your password. We never store plaintext passwords.
- Business Information: To configure your catalog feeds, we collect your dealer or business name, physical address, website URL, and business vertical selection.
- Vehicle & Listing Data: You may provide details about vehicles, properties, or service listings, including titles, descriptions, prices, images, and other attributes relevant to your catalog feed.
- Voice Transcripts:If you use our voice-to-listing feature, audio recordings are sent to OpenAI for transcription via the Whisper API. The raw audio is not permanently stored on our servers. Retention of audio data by OpenAI is governed by OpenAI's own data usage and retention policies, which we encourage you to review at openai.com/policies/privacy-policy.
- Meta Integration Tokens: When you connect your Meta Business Manager account, we store encrypted access tokens to publish catalog feeds on your behalf. These tokens are encrypted at rest and are deleted immediately when you disconnect your Meta account.
- Payment Information: Subscription payments are processed by Stripe. We do not store your credit card number or full payment details on our servers. Stripe handles all payment data in accordance with PCI-DSS standards.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Catalog Feed Generation: To create and maintain Meta-compatible catalog feed CSV files for your business listings.
- AI-Assisted Listing Creation: To process voice recordings and extract structured listing data using artificial intelligence, providing you with pre-filled listing fields for review and editing.
- Subscription Billing: To manage your subscription plan, process payments, and send billing-related communications.
- Email Notifications: To send transactional emails such as account verification, password resets, subscription confirmations, and important service updates.
- Service Improvement: To analyze usage patterns (in aggregate and anonymized form) to improve the reliability, performance, and features of our platform.
4. Third-Party Services
We rely on trusted third-party providers to deliver our services. Each provider processes only the data necessary for its specific function:
| Provider | Purpose |
|---|---|
| Supabase | Database hosting & file storage |
| Vercel | Application hosting & deployment |
| OpenAI | Voice transcription (Whisper API) |
| Gemini AI & Geocoding APIs | |
| Meta / Facebook | Catalog feed integration & publishing |
| Stripe | Payment processing |
| Resend | Transactional email delivery |
We encourage you to review the privacy policies of these third-party services, as their handling of your data is governed by their own terms.
5. Data Retention
We retain your account and business data for as long as your account is active. If you choose to delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements). Voice transcripts are processed in real time and are not permanently stored. Meta access tokens are deleted immediately upon disconnection of your Meta Business Manager account.
6. Cookies & Tracking
CIAfeeds uses session cookies managed by NextAuth.js to maintain your authenticated session. These cookies are strictly necessary for the operation of the service and expire when your session ends or after a set period of inactivity. We do not use third-party advertising cookies, tracking pixels, or analytics services that track individual users across websites. We do not sell, rent, or share your data with advertisers.
7. Your Rights Under the GDPR (European Users)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You may request that we delete your personal data, subject to legal retention obligations.
- Right to Data Portability: You may request a machine-readable copy of your data to transfer to another service.
- Right to Object: You may object to the processing of your personal data for certain purposes.
To exercise any of these rights, please contact us at privacy@ciafeed.com. We will respond to your request within 30 days.
8. Your Rights Under the CCPA (California Users)
If you are a California resident, the California Consumer Privacy Act grants you the following rights:
- Right to Know: You may request information about the categories and specific pieces of personal data we have collected about you, as well as the purposes for which it is used.
- Right to Delete: You may request the deletion of personal data we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Sale:CIAfeeds does not sell your personal information to third parties. As such, there is no need to opt out. If our practices change in the future, we will provide a "Do Not Sell My Personal Information" mechanism.
To exercise these rights, contact us at privacy@ciafeed.com.
9. Data Security
We take the security of your data seriously and implement industry-standard measures to protect it. All data in transit is encrypted via HTTPS/TLS. Data at rest in our Supabase database is encrypted using AES-256 encryption. Meta access tokens are stored using additional application-level encryption. Access to production systems is restricted to authorized personnel and protected by multi-factor authentication. While no method of transmission or storage is 100% secure, we continuously monitor and improve our security practices.
10. Children's Privacy
CIAfeeds is a business-to-business service and is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@ciafeed.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email (using the address associated with your account) or by posting a prominent notice on our website prior to the change becoming effective. We encourage you to review this policy periodically for the latest information on our privacy practices. Your continued use of the service after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
CIAfeeds
Email: privacy@ciafeed.com