Privacy Policy

Last updated: April 8, 2026

1. What We Collect

Audientor collects the following data:

• Account data: Name, email address, and hashed password when you register.
• API keys: Third-party API keys you provide (AI providers, email platforms, ad platforms). These are encrypted at rest using AES-256-GCM.
• Usage data: Audiences created, exports performed, pixel events tracked.
• Visitor data: When you install our SuperPixel, we collect anonymous visitor signals (page URLs, IP addresses, browser fingerprints) from your website visitors and attempt to resolve them to contact information via our data provider (People Data Labs).

2. How We Use Your Data

• To provide the Audientor platform services
• To authenticate you and protect your account
• To process exports to your connected channels using your API credentials
• To enforce plan limits and billing
• To improve the platform based on aggregate usage patterns

3. Third-Party Data Sharing

We share data with third parties only when you explicitly initiate an action:

• Channel exports: When you export an audience, contact data is sent to the platform you selected (e.g., Mailchimp, Facebook) using your own API credentials.
• AI providers: When you use the AI Builder, your prompt is sent to the AI provider you selected (e.g., Anthropic, OpenAI) using your own API key.
• People Data Labs: Visitor signals are sent to PDL for identity resolution.
• Stripe: Payment processing is handled by Stripe. We never store your credit card information.

We never sell your data or your customers' data to third parties.

4. Data Retention

• Account data is retained while your account is active.
• Visitor data is retained for 12 months from the last seen date.
• Export records are retained for 90 days.
• API keys are deleted immediately when you remove them.

5. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of all data we hold about you.
• Deletion: Request deletion of your account and all associated data. Use Settings → General → Delete Account, or contact us.
• Portability: Export your data in CSV format at any time.
• Correction: Update your account information in Settings.
• Object: Opt out of data processing by deleting your account.

For data subject access requests (DSARs), contact: ceo@theappmakerpro.com

6. SuperPixel and Visitor Identification

The Audientor SuperPixel collects anonymous behavioral signals from your website visitors. Identity resolution is performed by People Data Labs using publicly available data sources. Website owners who install the SuperPixel are responsible for:

• Disclosing the use of tracking technology in their own privacy policy
• Complying with applicable privacy laws in their jurisdiction (GDPR, CCPA, etc.)
• Providing opt-out mechanisms to their visitors where required by law

7. Security

• All API keys and credentials are encrypted at rest using AES-256-GCM
• Passwords are hashed using bcrypt with a cost factor of 12
• All connections use HTTPS/TLS
• Database hosted on Neon (SOC 2 compliant)
• OAuth state parameters are signed with HMAC-SHA256

8. Contact

For privacy questions or data requests: ceo@theappmakerpro.com