Privacy Policy

Your privacy matters to us. This policy explains how InstantCampaign collects, uses, and protects your information.

Last updated: March 1, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you sign in with Google OAuth, we receive your name, email, and profile picture from Google.

Usage Data

We track usage metrics such as AI generation counts, template creation activity, and campaign history to enforce plan limits and improve our service.

AI-Generated Content

We store the prompts you submit and the content generated by our AI services (images, text, email templates) so you can access your generation history and reuse content.

Brand Configuration

If you configure brand settings, we store brand colors, fonts, brand voice descriptions, tone keywords, industry, and target audience information.

2. How We Use Your Information

  • To provide and maintain the InstantCampaign service, including AI image generation, text generation, and email template building
  • To authenticate your identity and manage your account
  • To send transactional emails such as team invitations and password resets
  • To enforce usage quotas and plan limits
  • To improve our AI models and service quality (aggregated, anonymized data only)
  • To communicate important updates about the service

3. Data Storage and Security

Your data is stored in a PostgreSQL database with encrypted connections. Passwords are hashed using bcrypt with a cost factor of 12. Authentication tokens are signed with a secure secret using JWT.

We implement security headers including X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and strict Referrer-Policy to protect against common web vulnerabilities.

API routes are protected by authentication middleware, and all AI endpoints are rate-limited to 10 requests per minute per user to prevent abuse.

4. Third-Party Services

We use the following third-party services:

  • Google AI (Gemini) — For AI image and text generation. Your prompts are sent to Google's API for processing. See Google's Privacy Policy.
  • Pollinations.ai — As a fallback image generation provider. Prompts may be sent to Pollinations when Google AI is unavailable.
  • Resend — For sending transactional emails (team invitations, password resets). Recipient email addresses are shared with Resend for delivery.
  • Stripe — For payment processing on paid plans. Payment information is handled directly by Stripe and never stored on our servers.
  • Google OAuth — For social sign-in. We receive your public profile information from Google when you choose to sign in with Google.

5. Your Rights

You have the right to:

  • Access your personal data through your account settings and generation history
  • Update your account information including name and password
  • Delete your account and all associated data through the account settings page
  • Export your email templates as HTML files
  • Withdraw consent by closing your account at any time

Account deletion is permanent and removes all your data including templates, generation history, campaigns, and team memberships.

6. Cookies

InstantCampaign uses essential cookies for authentication and session management. These cookies are required for the service to function and cannot be disabled.

  • Session cookie (next-auth.session-token) — Stores your encrypted authentication session
  • CSRF token (next-auth.csrf-token) — Protects against cross-site request forgery

We do not use advertising cookies or third-party tracking cookies.

7. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@instantcampaign.ai