Privacy Policy
Last updated: 2026-05-21
This Privacy Policy explains what data SupremoAgent collects, why we collect it, how we store it, and how you can delete it. It applies to supremoagent.com (the marketing site) and app.supremoagent.com (the product).
Who we are
SupremoAgent is an AI growth assistant for social media. We help solopreneurs and small businesses plan, schedule, and analyze content across Instagram, Facebook, and other networks the user explicitly connects.
What we collect
Account data
When you create an account: email address, hashed password (or your identity-provider token if you sign in via Google), display name, and any profile details you choose to add.
Content data
Text prompts, drafts, images, scheduled posts, brand voice samples, and other content you create or upload so SupremoAgent can publish on your behalf.
Connected-platform data
When you click Connect Facebook & Instagram we take you to Meta's consent screen. Only after you approve do we receive an access token. With it we read and store the data needed for each scope below:
| Permission | Why we need it |
|---|---|
| pages_show_list | List the Pages you can manage so you can pick which to connect. |
| pages_read_engagement | Read Page-level reach, impressions, and engagement to power your dashboard. |
| pages_read_user_content | Read Page posts and comments so you can review and respond. |
| pages_manage_posts | Publish posts you authored in SupremoAgent to your Page on your behalf. |
| pages_manage_metadata | Subscribe your Page to webhook events so insights update in real time. |
| pages_messaging | Read Page DMs you've routed to SupremoAgent for triage (optional feature). |
| instagram_basic | Read your IG Business profile (username, bio, follower count). |
| instagram_content_publish | Publish posts and Reels you authored in SupremoAgent. |
| instagram_manage_insights | Read post and story metrics for your analytics views. |
| instagram_manage_comments | Read and reply to comments via SupremoAgent. |
| instagram_manage_messages | Read IG DMs you've routed to SupremoAgent for triage (optional). |
| ads_read | Read ad-account spend, impressions, and ROAS for the analytics dashboard. |
| business_management | Resolve which Business Manager assets your Pages and ad accounts belong to. |
How we use it
- Operate the Service — plan, generate, schedule, and publish your content; surface analytics; route messages and comments you've opted into.
- Improve the Service — measure feature usage in aggregate, debug errors, and tune the AI agents' performance on your own brand history.
- Communicate with you — transactional emails (receipts, security alerts, important product changes), and — if you opt in — occasional product updates and guides.
- Security and compliance — detect abuse, fraud, and policy violations; meet legal and regulatory obligations.
We do not use your content or connected-platform data to train third-party foundation models. AI generation requests are sent to model providers (e.g. Anthropic) under data-processing agreements that prohibit training on customer data.
Cookies and tracking
We set a first-party _sa_cid attribution cookie when you
first visit the marketing site. It stores an opaque random identifier so we can tell whether a
later signup came from a given marketing surface (ad, guide, referral). It contains no personal
data, isn't shared with third parties, and expires after 90 days. You can clear it at any time
in your browser settings; clearing it has no effect on logged-in functionality.
We use minimal first-party analytics to count page views and signups. We do not embed third-party tracking pixels on the marketing site beyond what's strictly needed to measure our own ad campaigns (Meta Pixel on landing pages we run paid traffic to).
How we store your data
Connected-platform access tokens are encrypted at rest using AES-128-CBC + HMAC-SHA256 (Fernet).
Communication with Meta uses HTTPS and includes appsecret_proof
on every request, binding the token to our app secret. We never log raw token values. Other
user data is stored in Supabase (Postgres) with row-level security and TLS in transit.
How long we keep it
We keep your data while your account is active. If you disconnect a platform in Settings, we delete the stored tokens and stop pulling new data. If you remove the SupremoAgent app from your Facebook account, Meta sends us a deletion notification and we remove all data tied to your Meta user id within 30 days.
Deleting your data
You can request deletion at any time:
- In SupremoAgent: Settings → Account → Delete account, or disconnect any individual platform.
- In Facebook: Settings → Apps and Websites → SupremoAgent → Remove.
- By email: privacy@supremoagent.com.
Sharing
We do not sell your data. We process it through service providers (Supabase for the database, Anthropic for AI generation, our email and payment providers) under standard data-processing agreements that bind them to use the data only to provide their service to us.
We may disclose data if required to comply with law, a valid legal request, or to protect the rights, safety, or property of SupremoAgent, our users, or the public.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Email privacy@supremoagent.com and we'll respond within the timeframes required by applicable law.
Children
SupremoAgent is not intended for use by anyone under 16. If you believe a child has provided us personal data, contact us and we'll delete it.
Changes
We'll update this page when our practices change and revise the "Last updated" date. Material changes will be announced by email or in-product notice.
Contact
Privacy questions: privacy@supremoagent.com.