Privacy Policy

This Privacy Policy describes how Fabrica Collective ("Company," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use Amplify (the "Platform"), available at amplify.fabricacollective.com.

Amplify is an AI-powered marketing platform that helps users create strategies, campaigns, creative briefs, and content using artificial intelligence. By using Amplify, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use Amplify, you may provide us with:

• Account information: email address and password
• Brand and project details: brand name, website URL, industry, target audience descriptions, value proposition, and other brand context you enter
• Campaign data: business problems, success metrics, budgets, timelines, constraints, strategies, message strategies, creative ideas, and campaign configurations
• AI prompts and outputs: the prompts you submit, any customizations or refinements, and the AI-generated content you choose to save
• Buyer personas: audience demographic data, psychographic profiles, behavioral information, and persona descriptions you create
• Optional API keys: if you choose to use your own OpenAI or Anthropic API keys, those keys are stored in your account

1.2 Information Collected Automatically

When you use Amplify, we automatically collect:

• Usage metrics: number of prompts used per month, feature interactions, and subscription tier
• Timestamps: account creation dates, last login times, and content creation dates
• Analytics data: page views, events, navigation patterns, session duration, and performance metrics (collected via Google Analytics and Vercel Analytics)
• CAPTCHA verification data: tokens generated by Cloudflare Turnstile during the signup process

1.3 Information from Third Parties

If you subscribe to a premium plan, Stripe provides us with confirmation of your payment status and subscription details. We do not receive or store your full credit card number.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Platform: to operate Amplify, generate AI-powered marketing content, and deliver the features you use
• AI content generation: to send your prompts and brand context to AI providers (Google Gemini, and optionally OpenAI or Anthropic) so they can generate marketing content on your behalf
• Account management: to authenticate your identity, manage your subscription, and enforce usage limits
• Process payments: to process premium subscription payments ($29/month) through Stripe
• Improve the Platform: to analyze usage patterns, diagnose technical issues, and improve features and performance
• Security: to prevent fraud, abuse, and unauthorized access, including CAPTCHA verification during signup
• Communications: to send you service-related emails such as account verification, password resets, and critical product updates
• Legal compliance: to comply with applicable laws, regulations, and legal processes

3. Third-Party Services and Data Sharing

We share your information with the following third-party service providers who assist us in operating the Platform. We do not sell your personal information to any third party.

4. Cookies and Tracking Technologies

Amplify uses cookies and similar tracking technologies. Cookie consent is required before analytics scripts are loaded.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Platform, particularly authentication cookies which are essential for logging in.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption at rest: All data stored in our Supabase PostgreSQL databases is encrypted at rest
• Encryption in transit: All data transmitted between your browser and our servers is protected via TLS (HTTPS)
• Authentication: Passwords are hashed and managed by Supabase Auth; we never store plaintext passwords
• Access controls: Row-level security policies are implemented at the database level to ensure users can only access their own data

While we take reasonable steps to protect your data, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform's services:

• Account and content data: Retained until you request account deletion
• Payment records: Stripe retains billing and transaction records as required by applicable financial regulations and legal requirements
• Analytics data: Retained according to Google Analytics and Vercel Analytics default retention periods
• AI-generated content: Saved outputs are retained in your account until you delete them or request account deletion

7. Your Privacy Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

7.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: email address, account credentials, IP address
• Commercial information: subscription tier, payment history, usage records
• Internet or electronic network activity: browsing history on the Platform, page views, interactions with features, device and browser information
• Professional or employment-related information: brand details, business information, and marketing data you voluntarily provide
• Inferences: usage patterns and feature preferences derived from your activity

7.2 Sources of Personal Information

• Directly from you when you create an account and use the Platform
• Automatically through cookies, analytics tools, and server logs
• From third-party payment processors (Stripe) regarding subscription status

7.3 Business and Commercial Purposes for Collection

• Providing, operating, and improving the Platform
• Processing AI content generation requests
• Processing payments and managing subscriptions
• Analyzing usage to improve features and user experience
• Security, fraud prevention, and abuse mitigation
• Legal compliance

7.4 Third Parties With Whom We Share Data

We share personal information with the service providers listed in Section 3 above (Google Gemini API, Stripe, Google Analytics, Vercel Analytics, Cloudflare Turnstile, and Supabase). These entities receive data solely for the purposes of providing services to us and operating the Platform on our behalf.

7.5 Your CCPA Rights

As a California resident, you have the right to:

• Right to Know (Access and Export): You may request that we disclose what personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we have shared it. You may also request a copy of the specific personal information we hold about you in a portable format.
• Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law (such as records required for legal compliance or completing a transaction).
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. See Section 7.6 below for our disclosure on this topic.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercise these rights.

To exercise any of these rights, please contact us at Admin@FabricaCollective.com. We will verify your identity before processing your request and respond within 45 days as required by law.

Note: In-app data export and account deletion features are currently under development. In the meantime, please email us to exercise these rights and we will process your request manually.

7.6 Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not exchange your personal information for monetary consideration with any third party.

We share personal information with service providers as described in Section 3 strictly for the operational purposes described in this policy. These service providers are contractually limited in how they may use your data and may not use it for their own independent marketing purposes.

To the extent that the use of analytics cookies (Google Analytics) could be considered "sharing" under the CCPA, you may opt out by declining analytics cookies when prompted or by adjusting your browser settings to block third-party cookies.

8. Children's Privacy

Amplify is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe a child under 13 has provided us with personal information, please contact us at Admin@FabricaCollective.com.

9. International Data Transfers

Amplify is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. By using Amplify, you consent to the transfer of your information to the United States and other jurisdictions that may not provide the same level of data protection as your home country.

10. Third-Party Links

The Platform may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of Amplify after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: