Privacy Policy

Last updated: May 2026

1. Introduction

LocalPop ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

  • Name and email address
  • Password (encrypted)
  • Payment information (processed securely through Stripe)

Business Information

  • Business name and description
  • Target audience information
  • Brand voice and style preferences
  • Uploaded images (logos, product photos, etc.)

Usage Information

  • Generated content (images, captions, hashtags)
  • Service usage patterns and preferences
  • Device information and IP address
  • Browser type and operating system

3. How We Use Your Information

We use your information to:

  • Provide and improve our content generation services
  • Process your payments and manage your subscription
  • Send you service-related emails (content ready notifications, receipts)
  • Respond to your support requests and feedback
  • Analyze usage patterns to improve our service
  • Prevent fraud and ensure service security
  • Comply with legal obligations

4. Information Sharing

We share your information only in these limited circumstances:

Service Providers

  • Stripe: Payment processing (PCI-compliant)
  • Supabase: Database and authentication hosting
  • OpenAI: AI content generation (images and text)
  • Resend: Email delivery service

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from public authorities.

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encrypted data transmission (SSL/TLS)
  • Secure password hashing
  • Regular security audits
  • Access controls and authentication
  • Secure cloud infrastructure

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

  • Your account and business information are permanently deleted within 30 days
  • Generated content is deleted unless you've downloaded it
  • Payment records are retained for tax and legal compliance (7 years)

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your generated content
  • Opt-out: Unsubscribe from marketing emails (service emails required)

To exercise these rights, contact us at privacy@socialmediaengine.com

8. Cookies and Tracking

We use cookies and similar tracking technologies to provide and improve our service:

Essential Cookies

  • Authentication cookies: Keep you logged in securely
  • Preference cookies: Remember your settings and choices
  • Security cookies: Protect against fraud and abuse

Analytics and Advertising Cookies

  • Facebook Pixel: Tracks conversions and measures ad effectiveness
  • Facebook Conversions API: Server-side conversion tracking for improved accuracy
  • Google Analytics: Understand service usage and improve user experience

These tracking technologies help us:

  • Understand which marketing campaigns bring customers to our service
  • Measure the effectiveness of our advertising
  • Deliver relevant advertising to potential customers
  • Improve our service based on how people use it

You can control cookies through your browser settings. Note that disabling cookies may limit some functionality. To opt out of Facebook advertising, visit Facebook's Ad Preferences.

9. Third-Party AI Services

We use OpenAI's services to generate content. Your business information may be processed by OpenAI's systems, but:

  • OpenAI does not use customer data to train their models
  • Content generation happens in real-time and is not stored by OpenAI
  • Generated content is stored securely in our system

10. Biometric Data and Facial Imagery

This section applies only if you choose to use the optional AI Likeness feature, which requires uploading photographs of yourself. The feature is never required to use LocalPop.

What We Collect and Why

When you enable this feature, we collect (a) your original photographs and (b) scans of face geometry derived from those photographs — each a biometric identifier under the Illinois Biometric Information Privacy Act (740 ILCS 14/10) and the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), and biometric data under GDPR Article 4(14) and California CPRA (Cal. Civ. Code § 1798.140).

The sole purposeof this collection is to generate AI images resembling you for your own business social media posts. We do not use your biometric data for identity verification, advertising targeting, analytics, or model training, and we do not sell, lease, trade, or profit from it (740 ILCS 14/15(c); Tex. Bus. & Com. Code § 503.001(c)).

How Your Data Is Processed and Who Sees It

  • Your photos are stored in a private storage bucket accessible only to your account and our image generation pipeline. No other user can access them.
  • When generating a post, your photos are transmitted to OpenAI, Inc. via their images API. By default, OpenAI retains API inputs (including images) for up to 30 daysfor abuse monitoring, after which they are deleted from OpenAI's systems. OpenAI does not use API inputs to train its models. See OpenAI's data controls documentation.
  • No other third party receives your photos or derived face geometry.

Retention Schedule and Destruction Policy (740 ILCS 14/15(a))

This is our publicly posted biometric data retention and destruction schedule:

  • Your photos and derived face geometry are retained only while your account is active and you have not deleted them.
  • You may delete individual photos or all photos and revoke consent at any time via the “Delete all & revoke consent” control in Business Details settings. Deletion from our storage is immediate and permanent.
  • Upon account closure, all photos and derived biometric data are permanently deleted within 30 days.
  • In no event will we retain your biometric data for longer than 1 year after the purpose for collection has been satisfied (Tex. Bus. & Com. Code § 503.001(c)(3)) or 3 years from your last interaction with LocalPop (740 ILCS 14/15(a)), whichever is sooner.
  • We do not retain backup copies of photos or derived biometric data after deletion.

Consent and Withdrawal

We collect biometric data only after you provide an explicit written release through an in-app consent screen presented before any photo upload, in compliance with 740 ILCS 14/15(b) and Tex. Bus. & Com. Code § 503.001(b). Under GDPR Article 9(2)(a), this constitutes explicit consent for biometric data processing. We record a server-side timestamp of your consent at the time it is given.

You may withdraw consent at any time using the “Delete all & revoke consent” button in your settings. Withdrawal stops all future use of your likeness and triggers immediate deletion of your photos. It does not affect posts already generated and downloaded.

AI-Generated Content — Disclosure Responsibility

Images generated using your likeness are AI-generated synthetic content. Under EU AI Act Article 50(4) (effective 2 August 2026), when you publish AI-generated images depicting real persons on social media, you are responsible for disclosing that the content is AI-generated. We recommend adding a label such as “#AIGenerated” or “Made with AI” when posting these images.

Illinois Residents — BIPA Compliance Statement

In compliance with the Illinois Biometric Information Privacy Act (740 ILCS 14): (1) we inform you in writing of the specific purpose and the length of term for which your biometric identifier is collected, stored, and used, before collection (§ 15(b)(1)–(2)); (2) we obtain a written release executed via electronic signature before collection (§ 15(b)(3), as amended by SB 2979, P.A. 103-769); (3) we do not sell, lease, trade, or profit from your biometric identifier or biometric information (§ 15(c)); (4) we do not disclose or disseminate biometric data without consent except as described above or as required by law (§ 15(d)); and (5) we protect biometric data using the same or greater standard of care as our other confidential information (§ 15(e)).

Deletion Requests

To request deletion of your biometric data, use the in-app deletion control, visit our contact page, or email privacy@localpopstudio.com. We will confirm deletion in writing within 10 business days.

11. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

12. International Users

Our services are hosted in the United States. If you access our service from outside the US, your information may be transferred to, stored, and processed in the US. By using our service, you consent to this transfer.

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal data we collect, use, and share
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: You can opt out of the "sale" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at support@localpopstudio.com

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing

Our legal basis for processing includes contract performance, legitimate interests, and your consent. To exercise these rights, contact us at support@localpopstudio.com

15. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the service. Continued use after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy-related questions or to exercise your rights, please visit our contact page to get in touch.