Privacy Policy

1. Introduction

VI Engine ("we", "our", "the Service") is a social media campaign management platform that allows users to create, schedule, and publish content across multiple social media platforms. This Privacy Policy explains how we collect, use, store, and protect your information.

By using VI Engine, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

• Email address
• Full name
• Password (hashed with bcrypt — never stored in plaintext)

2.2 Connected Platform Credentials

When you connect a social media account (LinkedIn, Instagram, Facebook, X, Reddit), we store OAuth access tokens and refresh tokens. These are:

• Encrypted at rest using AES-GCM encryption
• Used solely to publish content on your behalf
• Never used to read your followers' data or personal messages
• Never sold or shared with third parties

2.3 Content You Create

• Posts, captions, and media files you create within the Service
• Campaign configurations and scheduling preferences
• AI-generated content drafts (stored temporarily, associated with your account)

2.4 Usage Data

• Log data (timestamps, API request logs for debugging)
• Error reports
• Session tokens (JWT, stored client-side)

3. How We Use Your Information

We use your information to:

• Publish posts on connected platforms on your behalf
• Authenticate your account
• Generate AI-assisted content drafts
• Debug and resolve errors
• Improve the Service
• Comply with legal obligations

We do not use your data for advertising, sell it to data brokers, or share it with third parties except as described in this policy.

4. Data Storage & Security

• All data is stored on secure cloud infrastructure with encryption at rest
• Platform OAuth tokens are encrypted using AES-GCM
• JWT access tokens expire after 15 minutes; refresh tokens expire after 30 days
• We use HTTPS for all data in transit
• Passwords are hashed using bcrypt and never stored in plaintext

5. Third-Party Services

VI Engine uses the following third-party services to operate:

• LinkedIn API - Publishing to LinkedIn
• Meta Graph API - Publishing to Facebook/Instagram
• X API - Publishing to X (Twitter)
• Reddit API - Publishing to Reddit
• Google Gemini API - AI content generation
• OpenAI API - AI content generation
• Cloud Infrastructure - Database hosting and frontend deployment

6. Your Rights

You have the right to:

• Access: Request a copy of all data we hold about you
• Correction: Correct inaccurate data
• Deletion: Delete your account and all associated data
• Portability: Export your data in a machine-readable format
• Disconnect: Revoke access to any connected social media platform at any time from Settings

7. Account & Data Deletion

You can delete your account at any time from Settings → Account → Delete Account. Upon deletion:

• Your account credentials are permanently deleted
• All platform OAuth tokens are revoked and deleted
• All scheduled posts are cancelled
• All content drafts are deleted
• Deletion is permanent and irreversible

We retain anonymized aggregate usage logs for up to 90 days for security audit purposes, after which they are permanently deleted.

8. Cookies

VI Engine uses only functional cookies/local storage for maintaining your login session (JWT tokens) and storing user preferences (theme, timezone). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Children's Privacy

VI Engine is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the Service. Continued use after changes constitutes acceptance.