Privacy Policy

a. Account & Profile Information

When you register for ConfideLeap, we collect your name, email address, company name, job title, and any other information you provide during sign-up or while using the platform.

b. Investor Relations Data

As an IRM platform, we collect and store investor contacts, notes, meeting logs, deal pipeline data, documents, and other IR-related content you upload or create within the platform.

c. Social Media Account Data (Social Flow)

When you connect a social media account through our Social Flow feature, we collect OAuth access tokens, account identifiers, page/profile IDs, and metadata necessary to publish and schedule content on your behalf. We also collect performance analytics (reach, impressions, engagement) returned by platform APIs.

d. Usage Data

We automatically collect information about how you interact with our platform — pages visited, features used, timestamps, IP address, browser type, device identifiers, and referring URLs.

e. Communications

If you contact our support team or respond to surveys, we retain the content of those communications.

We use the information we collect to:

• Provide, operate, and improve the ConfideLeap platform and Social Flow features.
• Authenticate your identity and manage your account.
• Schedule and publish social media content on your connected accounts.
• Display analytics and reporting dashboards.
• Send transactional emails (account confirmations, password resets, scheduling notifications).
• Provide customer support and respond to inquiries.
• Detect, investigate, and prevent security incidents or policy violations.
• Comply with legal obligations.

We do not sell your personal information or your connected social media account data to third parties.

Our Social Flow feature allows you to connect and manage multiple social media accounts from a single dashboard. When you authorize a social media platform (e.g., Instagram, Facebook, LinkedIn, Twitter/X, TikTok, Pinterest), you grant ConfideLeap permission to act on your behalf as defined by the scopes you approve during the OAuth flow.

We only request the minimum permissions necessary to provide the scheduling, publishing, and analytics features. You can revoke access at any time by disconnecting an account from your ConfideLeapdashboard or directly through the respective platform's security settings.

Data received from social media APIs is used solely to operate Social Flow on your behalf and is not used for advertising or profiling.

ConfideLeapintegrates with the Instagram Graph API and Facebook Graph API ("Meta Platform") to enable you to schedule posts, stories, reels, and view insights for your Instagram Business or Creator accounts.

Data We Access via Meta Platform

• Instagram account ID, username, and profile details.
• Media objects (photos, videos, captions) that you upload through our platform for scheduling.
• Instagram Insights: reach, impressions, follower demographics, post-level engagement metrics.
• Connected Facebook Page information required by the Instagram Graph API.

How We Use Meta Platform Data

• To publish content to your Instagram account on a schedule you define.
• To display analytics and performance reports inside ConfideLeap.
• To manage and respond to comments if you enable that feature.

Compliance with Meta Platform Policies

We comply with the Meta Platform Terms and Meta Developer Policies. We do not use Meta Platform data for targeted advertising, we do not sell it, and we limit retention to what is necessary to operate our service. Data obtained through Meta APIs is not transferred to third parties except as described in this policy.

Token Storage

OAuth access tokens for Meta/Instagram are stored encrypted at rest. Long-lived tokens are refreshed automatically. You can revoke access at any time from your ConfideLeap settings or directly from your Facebook Security Settings at facebook.com/settings.

Our Social Flow feature is powered in part by Postiz, an open-source social media scheduling infrastructure. Postiz processes your social media account credentials and post content solely to execute scheduled publishing jobs on your behalf.

When using Social Flow:

• Your social media OAuth tokens are passed to Postiz workers in an encrypted format to facilitate publishing.
• Post content (text, images, videos) is temporarily held in a queue and deleted from the queue after successful publication.
• Postiz does not retain your social media credentials beyond the operational scope of executing the scheduled task.

You remain the owner of all content you schedule. ConfideLeap does not claim any rights over the content you publish through Social Flow.

We may share your information with:

• Service Providers: Cloud hosting, database, email delivery, analytics, and security vendors who process data on our behalf under contractual data-processing agreements.
• Social Media Platforms: When you use Social Flow, content and credentials are shared with the relevant platform APIs (Instagram, Facebook, LinkedIn, etc.) strictly to fulfil the publishing action you requested.
• Legal Requirements: If required by law, court order, or governmental authority, or to protect the rights, property, or safety of ConfideLeap, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We do not sell, rent, or trade your personal information or your social media data to advertisers or data brokers.

We retain your account and IRM data for as long as your account is active or as needed to provide our services. Social media OAuth tokens are retained until you disconnect an account or delete your ConfideLeap account. Post content in the scheduling queue is deleted after successful publication or within 30 days of a failed/cancelled task.

Upon account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., financial records).

Depending on your location, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal data (right to erasure).
• Restrict or object to certain processing activities.
• Data portability — receive a copy of your data in a machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at privacy@confideleap.com. We will respond within 30 days.

To disconnect a social media account, go to Settings → Connected Accounts in your ConfideLeapdashboard and click "Disconnect".

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest for sensitive credentials, role-based access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security of your data.

If you believe your account has been compromised, contact us immediately at privacy@confideleap.com.

ConfideLeap is not directed at children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on our platform at least 7 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of ConfideLeap after the effective date constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: