Privacy Policy

1. What Data We Collect

When you use Optimeta, we collect the following categories of data:

• Account information: Your full name and email address, provided at registration.
• Business information: Business name, industry, product details, budget, target audience, and other inputs you provide when generating a campaign blueprint.
• Campaign data: Generated blueprints and associated business inputs, stored so you can access your campaign history.
• Device fingerprint: Browser details (user agent, screen resolution, timezone, language) and a canvas fingerprint hash used to prevent free trial abuse. We store a one-way hash — the raw fingerprint is never stored.
• IP address: Used to detect and prevent free trial abuse (multiple registrations from the same network).
• Payment data: Razorpay handles all payment processing. We do not store card numbers, CVV, or bank details. We store your subscription status and plan tier.

2. How We Use Your Data

• To generate personalised AI campaign blueprints based on your business inputs.
• To manage your account, subscription, and billing.
• To display your campaign history within the dashboard.
• To detect and prevent fraud, including duplicate free trial registrations.
• To send transactional emails (subscription confirmation, renewal notices) — no marketing emails without consent.

3. Who We Share Data With

We share minimal data only with trusted service providers required to operate the platform:

• Razorpay: Payment processing. Razorpay receives your name, email, and subscription details to process payments and send receipts.
• Supabase: Database and authentication provider. Your account data, campaign data, and fingerprints are stored in Supabase's secure cloud infrastructure.
• Anthropic (Claude AI): Your business inputs are sent to Anthropic's API to generate campaign blueprints. Anthropic's usage policy applies. We do not send your name or email to Anthropic.
• We do not sell, rent, or share your data with advertisers, data brokers, or any other third parties.

4. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• Cancelled subscriptions: Account and campaign data are retained for 30 days after cancellation, then permanently deleted unless you reactivate.
• Deleted accounts: When you delete your account via Settings, all your personal data and campaign data are permanently removed immediately.
• Fingerprint hashes: Retained indefinitely to prevent free trial re-abuse after account deletion.

5. Your Rights

You have the following rights over your data:

• Access: You can view all your campaign data from the dashboard at any time.
• Delete: You can permanently delete your account and all associated data from Settings → Danger Zone.
• Export: You can export any campaign blueprint as a PDF from the campaign view page.
• Correction: You can update your name from the Settings → Profile section.
• To request a full data export or raise a privacy concern, email us at optimeta@outlook.com.

6. Cookies

• We use authentication cookies to keep you logged in securely. These are httpOnly, secure cookies.
• We use localStorage to store your JWT token and a cached copy of your user profile for fast page loads.
• We do not use third-party tracking cookies or advertising cookies.
• We do not use Google Analytics or any behavioural tracking services.

7. Security

All data is transmitted over HTTPS. Passwords are hashed by Supabase Auth (bcrypt) and never stored in plaintext. JWT tokens expire after 7 days. We perform server-side validation on all inputs and follow OWASP security practices. Device fingerprints are stored as one-way SHA-256 hashes.

8. Contact

For any privacy questions, data requests, or concerns, contact us:

• Email: optimeta@outlook.com
• Website: optimeta.tech