Outlume logo

Privacy Policy

Last updated: April 26, 2025

Please note: This Privacy Policy is for informational purposes only and does not constitute legal advice. Consult with a legal professional for advice specific to your situation.

1. Introduction

Welcome to Outlume! We are committed to protecting your privacy. This Privacy Policy explains how Outlume ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our SaaS application, website, and related services (collectively, the "Services"). Our Services are designed primarily for businesses to create social media plans and content, leveraging AI for ease of use and effectiveness.

Please read this policy carefully. By accessing or using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use the Services.

2. Information We Collect

We collect information that you provide directly to us, information generated during your use of the Services, and information collected automatically.

2.1 Information You Provide

  • Account Information: When you register for an account, we collect your name, email address, and potentially company name. We use third-party providers (Google, Microsoft, Apple) for Single Sign-On (SSO) and magic links for authentication; we do not store passwords directly.
  • Organization & Questionnaire Data: To tailor your experience, we collect information about your organization through detailed questionnaires. This includes business details, marketing goals, target audience information, brand voice, and other relevant marketing data.
  • User Content & Instructions: We collect the text, images (including those you upload), instructions, important dates, and preferences you provide when creating social media plans, single posts (including text, story ideas, reel scripts), interacting with the Copilot assistant, or using the AI feedback feature.
  • Team Member Information: If you use our multitenancy features, administrators may provide email addresses to invite other users to an organization. We store this information and associate users with their respective organizations and roles (Admin or User).
  • Payment Information: For paid plans, we use Stripe, a third-party payment processor. Stripe collects and processes your payment information (like credit card details and billing address) directly. We do not store your full payment card details on our servers. We may receive transaction identifiers and summary information from Stripe.
  • Communication Information: We collect information when you contact us for support or provide feedback.
  • Connected Social Media Accounts (Coming Soon): If you choose to connect your Facebook and/or Instagram accounts, we will request permission via the respective platform's authorization process (OAuth). We will collect necessary tokens and potentially basic profile information required to schedule posts on your behalf via their APIs. We only access information you explicitly authorize.

2.2 Information Generated or Collected Automatically

  • Usage Data: We collect information about how you interact with our Services, such as features used (e.g., AI Feedback requests, Copilot queries, plan generation), content viewed or generated, actions taken within your organization, and dates/times of access.
  • Log and Device Data: Like most online services, we automatically collect standard log information (IP address, browser type, operating system, referring URLs, pages visited) and device information (device type, unique identifiers).
  • AI Interaction Data: We store the inputs you provide to AI features (like AI Feedback prompts, Copilot questions) and the outputs generated by the AI to provide the service, improve our models, and ensure quality.
  • Cookies and Similar Technologies: We use cookies and similar technologies for functionality, authentication, preferences, analytics, and performance. See Section 5 for more details.

3. How We Use Your Information

We use the information we collect for purposes including:

  • Providing and Operating the Services: To create and manage your account, enable multitenancy features, process payments (via Stripe), facilitate SSO/magic link login, and deliver core functionalities like social media plan/post creation and display.
  • Personalization and AI Features: To tailor the Services to your organization using questionnaire answers, provide relevant AI Feedback, power the Copilot marketing assistant using your organization's context, and generate personalized social media content, plans, story ideas, and reel scripts.
  • Social Media Integration (Coming Soon): To connect with your authorized Facebook and Instagram accounts and schedule posts as requested using their respective APIs.
  • Improving Our Services: To understand how users interact with Outlume, analyze usage patterns, gather feedback, troubleshoot issues, improve AI model performance and accuracy, and develop new features.
  • Communication: To send you service-related notifications (updates, security alerts, support messages, billing information) and, if you opt-in, promotional communications about Outlume.
  • Security and Compliance: To maintain the security and integrity of our Services, prevent fraud, enforce our terms, and comply with legal obligations.
  • Feature Differentiation: To manage access to features based on subscription plans (Free vs. Paid) and user roles (Admin vs. User).

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • With Service Providers: We share information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting (e.g., AWS, Vercel), database management, payment processing (Stripe), authentication providers (Google, Microsoft, Apple), analytics providers, customer support tools, and AI service providers (e.g., OpenAI or similar) that power features like AI Feedback and Copilot. These providers are contractually obligated to protect your data and use it only for the services we request. We take steps to minimize the personal data shared with AI providers where possible.
  • Within Your Organization: Information related to an organization (like questionnaire answers, generated plans/posts, connected accounts status) is accessible to authorized users within that organization, subject to their assigned roles (Admin or User). Admins can view and manage team member information within their organization.
  • With Social Media Platforms (Coming Soon): If you connect your social media accounts, we will share necessary information (e.g., content, scheduling instructions, access tokens) with Facebook/Instagram via their APIs to fulfill your requests to post or schedule content. Their use of your data is governed by their respective privacy policies.
  • For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In connection with a merger, acquisition, financing, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

5. Cookies and Tracking Technologies

We use cookies (small text files stored on your device) and similar tracking technologies (like web beacons or pixels) to operate and analyze our Services.

We use these technologies for purposes such as:

  • Essential Operations: Authenticating users, maintaining sessions, and ensuring security.
  • Preferences: Remembering your settings and preferences.
  • Analytics: Understanding how our Services are used to help us improve them (e.g., using Google Analytics).

Most web browsers allow you to control cookies through their settings preferences. However, limiting the ability of websites to set cookies may impact your overall user experience.

6. Data Security

We implement technical and organizational measures designed to protect your personal information from unauthorized access, use, alteration, or disclosure. These include:

  • Using secure authentication methods (SSO, magic links) and not storing user passwords directly.
  • Partnering with Stripe for secure handling of payment information.
  • Utilizing secure cloud infrastructure with firewalls and access controls.
  • Encrypting data in transit (HTTPS/TLS).
  • Regular security assessments and updates.

However, no internet transmission or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. The security of your information also depends on you maintaining the confidentiality of your account access (e.g., securing your email for magic links).

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. This includes retaining data associated with your active account and organizations to provide the Services. Specifically:

  • Account, organization, questionnaire data, and user-generated content (plans, posts) are retained while your account or the relevant organization is active.
  • AI interaction data may be retained for model improvement purposes, potentially in an anonymized or aggregated form, even after account deletion, subject to legal and technical limitations.
  • Usage logs and analytics data may be retained for a period necessary for analysis, security, and reporting.

When your information is no longer needed, we will either delete or anonymize it. If deletion is not immediately possible (e.g., data in backup archives), we will securely store it and isolate it from further processing until deletion is possible. You can request deletion of your account and associated personal data as described in Section 8.

8. Your Rights & Choices

Depending on your location and applicable law (e.g., GDPR, CCPA), you may have certain rights regarding your personal information:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information. You can often update account and organization information directly within the Services.
  • Deletion: Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing service needs for an organization you belong to but don't own/administer). Deleting your user account will remove your personal profile information. Admins can manage organization data.
  • Objection: Object to processing of your personal information under certain circumstances.
  • Restriction: Request restriction of processing under certain circumstances.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Withdraw Consent: Withdraw consent where processing is based on consent (e.g., for marketing emails or connecting social accounts).
  • Marketing Communications: Opt-out of receiving promotional emails by following the unsubscribe link in those emails. You will still receive essential service-related communications.
  • Social Media Connections (Coming Soon): You can typically manage or revoke permissions granted to applications like Outlume directly within your Facebook or Instagram account settings.

To exercise these rights, please contact us at [email protected]. We may need to verify your identity before processing your request.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18 (or the relevant age of majority). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take steps to delete it.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers or those of our service providers may be located. Data protection laws in these countries may differ from those in your country. We take appropriate safeguards to ensure your information remains protected when transferred internationally.

11. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. We will notify you of significant changes by posting the updated policy on this page, updating the "Last updated" date, and/or sending you a notification through the Services or via email. We encourage you to review this policy periodically.

12. Contact Information

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:

[email protected]