Overview
Africore Lab ("we", "our", "us") operates Gliiz AI (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read it carefully. By using the Service, you consent to the practices described in this policy.
Information We Collect
Account Information
When you register, we collect your name, email address, password (hashed), and profile data. We also collect billing information processed securely by our payment provider.
Platform Credentials & Tokens
When you connect social platforms (Instagram, Facebook, TikTok, LinkedIn, WhatsApp), we store OAuth access tokens on your behalf. These tokens are encrypted at rest and used solely to publish content, read analytics, and manage interactions you authorize. We never use these tokens outside the scope of your explicit actions.
Content & Usage Data
We store content you create (posts, creatives, captions), scheduling data, automation rules, and analytics data fetched from connected platforms. We also collect usage logs (feature interactions, errors) to improve the Service.
Technical Data
IP address, browser type, device identifiers, and cookies are collected automatically for security, fraud prevention, and service performance purposes.
How We Use Your Information
- To provide and operate the Service on your behalf
- To publish, schedule, and manage content on connected social platforms
- To generate AI-powered content, creatives, and automated replies
- To process payments and manage subscriptions
- To send transactional emails (account security, billing receipts, important product updates)
- To detect and prevent fraud, abuse, or unauthorized access
- To comply with legal obligations
- To improve the platform through aggregated, anonymized analytics
Third-Party Platform Integrations
Gliiz AI integrates with Meta (Facebook & Instagram), TikTok, LinkedIn, YouTube (Google), and WhatsApp Business APIs. When you connect these platforms:
- We request only the permissions strictly necessary for the features you enable
- Access tokens are stored encrypted and scoped to your account only
- We act as a data processor on your behalf; you remain the data controller for your audience data
- Data fetched from these platforms (analytics, DMs, comments) is used exclusively to power your dashboard and automations
- You can disconnect any platform at any time from Settings → Accounts, which immediately revokes our access
- Each platform's own privacy policies govern how they handle the underlying data
YouTube API Services
Gliiz AI uses YouTube API Services to let you upload videos and read basic channel data on your own behalf when you connect your YouTube account.
- By connecting YouTube, you agree to be bound by the YouTube Terms of Service: https://www.youtube.com/t/terms
- Our access, use, and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: https://developers.google.com/terms/api-services-user-data-policy
- We only request the youtube.upload and youtube.readonly scopes needed to publish content and display your channel in Gliiz AI, never anything broader
- You can revoke Gliiz AI's access to your Google/YouTube account at any time from Google's security settings: https://security.google.com/settings/security/permissions
Data Sharing & Disclosure
We share your data only in the following circumstances:
- Service Providers: payment provider, Supabase (database & auth), Vercel (hosting), Resend (transactional email), Google Gemini & Groq (AI generation: only the prompts you submit).
- Legal Requirements: If required by law, court order, or to protect the rights, property, or safety of our users or the public.
- Business Transfers: In the event of a merger or acquisition, your data may be transferred with prior notice.
- With Your Consent: Any other sharing requires your explicit, informed consent.
Data Retention
We retain your data for as long as your account is active or as necessary to provide the Service. Upon account deletion, your account is deactivated immediately and:
- Your personal data (profile details, connected social accounts and their access tokens, and any photo or audio message you personally uploaded or sent) is permanently erased within 30 days
- AI-generated visuals and videos (Studio and automated workflows) are retained as platform deliverables, except any generated visual that incorporates a personal reference photo you uploaded, which is erased along with the rest of your personal data
- The text of your VIBE conversations is retained (with any attached media removed)
- Billing records are retained for 7 years to comply with accounting regulations
- Anonymized aggregated statistics may be retained indefinitely
Data Processing Table
Données de compte
Contrat- Data
- Nom, email, mot de passe (hashé)
- Purpose
- Authentification & gestion du compte
- Retention
- Durée du compte + 30 jours
Tokens OAuth
Consentement- Data
- Tokens d'accès réseaux sociaux
- Purpose
- Publication & gestion de contenu
- Retention
- Jusqu'à révocation
Contenu créé
Contrat- Data
- Posts, flyers, captions, médias
- Purpose
- Fourniture du Service
- Retention
- Durée du compte + 30 jours
Données analytiques
Contrat- Data
- Métriques, engagements, statistiques
- Purpose
- Dashboard & rapports
- Retention
- 12 mois glissants
Données techniques
Intérêt légitime- Data
- IP, navigateur, device ID
- Purpose
- Sécurité & prévention fraude
- Retention
- 90 jours
Facturation
Obligation légale- Data
- Historique paiements
- Purpose
- Gestion abonnements
- Retention
- 7 ans (obligations légales)
Compliant with GDPR (EU) 2016/679 · Updated May 2026
| Catégorie | Données | Finalité | Conservation | Base légale |
|---|---|---|---|---|
| Données de compte | Nom, email, mot de passe (hashé) | Authentification & gestion du compte | Durée du compte + 30 jours | Contrat |
| Tokens OAuth | Tokens d'accès réseaux sociaux | Publication & gestion de contenu | Jusqu'à révocation | Consentement |
| Contenu créé | Posts, flyers, captions, médias | Fourniture du Service | Durée du compte + 30 jours | Contrat |
| Données analytiques | Métriques, engagements, statistiques | Dashboard & rapports | 12 mois glissants | Contrat |
| Données techniques | IP, navigateur, device ID | Sécurité & prévention fraude | 90 jours | Intérêt légitime |
| Facturation | Historique paiements | Gestion abonnements | 7 ans (obligations légales) | Obligation légale |
Compliant with GDPR (EU) 2016/679 · Updated May 2026
Security
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256) for all sensitive data
- OAuth token encryption with rotating keys
- Role-based access controls and least-privilege principles
- Regular security audits and dependency scanning
- Two-factor authentication available for all accounts
Your Rights
Depending on your location, you may have the following rights under GDPR, CCPA, or applicable laws:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ('right to be forgotten')
- Right to Portability: Receive your data in a structured, machine-readable format
- Right to Restriction: Limit how we process your data in certain circumstances
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: At any time, without affecting prior processing
Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, contact us immediately and we will delete it.
Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice in the platform at least 14 days before taking effect. Continued use of the Service after changes constitutes acceptance.
Contact Us
For privacy-related questions, data requests, or to report a concern, contact the Africore Lab privacy team:
- Email: support@gliiz.com
- Response time: within 30 days for standard requests, 72 hours for urgent security matters
Questions about your privacy?
Our team is here to help with any data or privacy-related questions.
Contact Privacy Team