Privacy Policy

1. Introduction

Fanbeam, a product of Arya Labs, Inc. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media scheduling platform. By using Fanbeam, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

Account Information: When you create a Fanbeam account, we collect:

• Name and email address
• Password (hashed with scrypt and never stored in plain text)
• Profile picture (when using OAuth providers)
• Workspace and organization details
• Team member information and roles

2.2 Social Media Account Data

When you connect social media accounts to Fanbeam, we collect:

• OAuth access tokens and refresh tokens (encrypted using industry-standard authenticated encryption before storage)
• Account identifiers, usernames, and profile information
• Platform-specific metadata required for publishing
• Publishing permissions and scope information

Currently Supported Platforms: Instagram, Facebook, Twitter/X, LinkedIn, TikTok, YouTube, Bluesky, Threads, and Pinterest. We may add or remove platform integrations based on availability and demand.

2.3 Content You Create

We store the content you create on Fanbeam:

• Post text, captions, tags, and metadata
• Images and videos you upload (stored in Cloudflare R2)
• Platform-specific content variants and adaptations
• Scheduled publish times and platform selections
• Publishing history, status, and attempt records

2.4 Payment Information

Payment information is processed securely through Stripe. We store:

• Stripe customer and subscription identifiers
• Billing email and subscription tier
• Transaction history and invoice records

We do not store credit card details directly. All payment card information is handled by Stripe in compliance with PCI DSS standards.

2.5 Usage Data

We automatically collect certain information when you use Fanbeam:

• IP address and geographic location
• Browser type, version, and operating system
• Device type and identifiers
• Pages visited, features used, and click data
• Session duration and frequency of use
• Error logs and performance metrics
• Publishing success rates and platform interactions

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Fanbeam service
• Publish your content to connected social media platforms at scheduled times
• Process your subscription, billing, and payment transactions
• Send service notifications, updates, and technical alerts
• Provide customer support and respond to your requests
• Monitor and analyze usage patterns to improve our platform
• Develop new features and optimize existing functionality
• Detect, prevent, and address fraud, security issues, or abuse
• Enforce our Terms of Service and protect our legal rights
• Comply with legal obligations and regulatory requirements

4. Data Storage and Security

Your data is stored securely using industry-standard practices and infrastructure:

4.1 Encryption

• All data is encrypted in transit using TLS 1.2 or higher
• Passwords are hashed using industry-standard key derivation functions (currently scrypt)
• OAuth tokens are encrypted at rest using authenticated encryption algorithms
• All storage systems use server-side encryption with 256-bit keys or stronger

4.2 Infrastructure

• Database: Neon PostgreSQL with automatic encrypted backups
• Cache layer: AWS DynamoDB with encryption at rest
• Media storage: Cloudflare R2 with server-side encryption
• Computing: AWS Lambda serverless functions with secure network configuration
• Infrastructure is hosted in AWS and Cloudflare data centers

4.3 Access Controls

• Access to production data is restricted to authorized personnel only
• All access is logged and monitored via CloudWatch
• Multi-factor authentication required for all administrative access
• Role-based access control with principle of least privilege

While we implement reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to enhance our security practices.

5. Third-Party Services

Fanbeam integrates with the following third-party services to provide our platform:

5.1 Infrastructure & Hosting

• Amazon Web Services (AWS): Primary cloud infrastructure, computing, caching, and email services (SES)
• Cloudflare: Media storage (R2), edge content delivery, and DNS services
• Neon: PostgreSQL database hosting

We may use additional or alternative infrastructure providers to improve performance, reliability, or cost-efficiency. All providers are selected based on security certifications and data protection standards.

5.2 Authentication & Payments

• Google OAuth: Optional login authentication
• GitHub OAuth: Optional login authentication
• Stripe: Payment processing and subscription management

5.3 Social Media Platforms

• Meta Platforms: Instagram, Facebook, and Threads publishing APIs
• X (Twitter): Tweet and thread publishing
• LinkedIn: Professional content publishing
• TikTok: Video content publishing
• YouTube: Video upload and publishing
• Bluesky: Decentralized social media publishing
• Pinterest: Pin creation and board management

5.4 Email Delivery & Storage

• AWS SES: Transactional and marketing email delivery

5.5 Media Storage & CDN

• Cloudflare R2: Media file storage with zero egress fees
• Cloudflare Workers: Edge-optimized media delivery with token-based authentication

5.6 Analytics & Communication

• PostHog: Product analytics and event tracking

We may integrate additional analytics and communication services in the future. When implemented, these will be documented here and you will be notified of any changes.

Each third-party service has its own privacy policy governing the use of your data. We encourage you to review their policies. We only share the minimum data necessary for each service to function.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following limited circumstances:

• Social Media Platforms: When you explicitly authorize us to publish content on your behalf to connected accounts
• Service Providers: With vendors who perform services on our behalf (AWS for infrastructure, Stripe for payments, etc.)
• Team Members: With other users in your organization who have appropriate permissions
• Legal Requirements: When required by law, subpoena, or court order, or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)

7. Data Retention

We retain your information as follows:

• Account Data: Retained while your account is active and for 30 days after deletion
• Posts and Content: Retained indefinitely until you delete them
• Media Files: Retained until all posts referencing them are deleted
• OAuth Tokens: Immediately revoked and deleted upon account deletion or channel disconnection
• Publishing Attempts: Retained for 180 days for troubleshooting and analytics
• Post Analytics Data: Retained for 180 days for platform engagement metrics
• Product Analytics Events: Retained according to service provider retention policies
• Session Data: Automatically expires after 30 days of inactivity
• Logs and Metrics: Retained for 30 days in CloudWatch
• Transaction Records: Retained for 7 years for tax and legal compliance
• Backups: Purged within 90 days of data deletion

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable, machine-readable format
• Revoke Access: Disconnect social media accounts at any time
• Opt-out: Unsubscribe from marketing communications (service emails will continue)
• Object: Object to certain processing of your data

To exercise these rights, contact us at privacy@fanbeam.app or use the account settings in the dashboard. We will respond within 30 days.

9. Cookies and Tracking

We use essential cookies and similar technologies to:

• Maintain your login session (HTTP-only secure cookies)
• Remember your preferences and settings
• Ensure security and prevent fraud
• Improve platform performance and reliability

We do not use third-party advertising cookies or sell your browsing data. You can control cookies through your browser settings, but disabling essential cookies may impact functionality.

9A. Automated Decision-Making and AI

Fanbeam currently does not use artificial intelligence or automated decision-making systems that significantly affect your use of the service. We do not:

• Use AI to make automated decisions about account access or service eligibility
• Employ algorithmic profiling for user classification or targeting
• Use machine learning models to modify or filter your content without your knowledge

If we introduce AI-powered features in the future (such as content suggestions, automated scheduling optimization, or analytics insights), we will update this policy and notify you. Any such features will be clearly labeled and optional.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about personal information we collect, use, and disclose
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: We do not sell personal information, so opt-out is not applicable
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Authorized Agent: You may designate an authorized agent to make requests on your behalf

To exercise your CCPA rights, contact us at privacy@fanbeam.app. We will verify your identity before processing requests.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, account IDs)
• Commercial information (subscription and billing data)
• Internet activity (usage data, device information)
• Professional information (social media account credentials for publishing)
• Inferences (analytics about your usage patterns)

11. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain confirmation of whether we process your data and receive a copy
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing

We process your personal data based on the following legal bases:

• Contract Performance: To provide the Fanbeam service you've signed up for
• Consent: For optional features like connecting social media accounts
• Legitimate Interests: To improve our service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

12. Children's Privacy

Fanbeam is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@fanbeam.app and we will delete such information.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our servers are located. These countries may have data protection laws that differ from your jurisdiction.

We ensure appropriate safeguards are in place to protect your information:

• Standard Contractual Clauses approved by the European Commission for EEA transfers
• Encryption in transit and at rest
• Regular security audits and compliance reviews

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Sending an email to the address associated with your account
• Displaying a prominent notice in the Fanbeam dashboard
• Updating the "Last updated" date at the top of this policy

Your continued use of Fanbeam after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

15. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or our data practices, please contact us: