Privacy Policy

Last updated: July 14, 2026

Content Architect (“we”, “us”) is operated by Ironact, Inc. This policy explains what information we collect, how we use it, and the choices you have. By using our website and services you agree to this policy.

Information we collect

  • Account data, name, email, and brand details you provide when you sign up or onboard.
  • Usage data, pages viewed, features used, and actions taken in the product, collected via analytics.
  • Device & log data, IP address, browser type, and cookies/identifiers.
  • Content you submit, e.g. Instagram handles or brand context entered into our tools, used to generate results.

How we use information

  • Provide, operate, and improve the service.
  • Generate analyses, creatives, and recommendations you request.
  • Measure and improve our marketing and advertising performance.
  • Communicate with you about your account and support.
  • Detect, prevent, and address security or technical issues.

Analytics & advertising

We use third-party tools to understand how the site is used and to measure advertising:

  • Meta Pixel (Meta Platforms), measures conversions and helps us optimize and attribute ads shown on Facebook and Instagram.
  • Google Analytics (Google), website usage measurement.
  • PostHog, product analytics.

These tools may set cookies and collect identifiers. You can control cookies through your browser settings, and opt out of interest-based ads via your Meta ad preferences and Google ad settings.

Google account data (Gmail)

If you connect a Google account, you grant Content Architect the gmail.send scope. We use this access only to send outreach and transactional emails on your behalf from your connected mailbox, as part of the campaigns you operate in the product. We do not read, store, or analyze the contents of your inbox, and we request no inbox-read scopes.

We store the OAuth refresh token needed to send on your behalf, encrypted at rest, plus the connected email address. You can disconnect at any time from your account settings or by revoking access at your Google Account permissions, which immediately ends our ability to send.

Content Architect’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not sell it, and do not transfer it to third parties except as necessary to provide or improve the sending feature, comply with law, or as part of a merger or acquisition.

Amazon seller and fulfillment data

If you connect an Amazon Seller Central account, Amazon sends us your seller identifier and an OAuth authorization that lets Content Architect use only the Selling Partner API roles you approve. We use that authorization to create Amazon Multi-Channel Fulfillment shipments from your FBA inventory for campaign gifts that an authorized member of your team approves, and to retrieve their fulfillment and tracking status. We do not access Amazon buyer orders, messages, financial data, or advertising data.

We store the Amazon OAuth refresh token encrypted at rest. The seller identifier is stored as an operational account identifier and protected by tenant isolation and database access controls. Short-lived access tokens are used only on our servers and are not stored. A creator’s name, shipping address, selected seller SKU, and quantity are sent to Amazon only when needed to fulfill that seller-approved gift. Shipping addresses are encrypted at rest and are not displayed in shipment-list views.

We do not sell Amazon seller data, use it for advertising, or provide Amazon credentials or shipment data to analytics vendors or AI model providers. We share data only with infrastructure providers needed to host and secure the service under appropriate confidentiality and security obligations, or where required by law.

Brand administrators can disconnect Amazon at any time in account settings, which deletes the stored Amazon authorization and ends our API access. You can also revoke authorization in Seller Central. Verified deletion requests and account closure remove or de-identify associated Amazon integration and fulfillment data, subject only to legal, fraud-prevention, and financial record obligations. Send requests to privacy@ironact.net.

Sharing

We do not sell your personal information. We share data only with service providers that help us run the service (e.g. hosting, analytics, payments) under appropriate confidentiality obligations, or where required by law.

Data retention

We keep personal information for as long as your account is active or as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at the email below.

Contact

Questions about this policy or your data? Email privacy@ironact.net.