APInguinAPInguin

Privacy Policy

Last updated: July 5, 2026

1. Who we are

APInguin (“we”, “us”) provides a compliance scanning platform for marketing content. This policy explains what personal data we collect, why, and the choices you have. It applies to our website, the free public scan tool and the APInguin application.

2. Data we collect

  • Account data: name, work email, password (stored as a salted hash, never in plain text), company details you provide during onboarding.
  • Billing data: plan and invoice records. Card details are handled by Stripe and never touch our servers.
  • Content you ask us to scan: URLs of channels, posts and videos, and the publicly available content behind them (captions, transcripts, frames, comments) needed to produce a report.
  • Free scan leads: if you unlock a public scan report, the email address you enter and the scanned URL.
  • Usage and security data: log records such as IP address, browser type and actions taken, used for security, rate limiting and debugging.

3. How we use data

  • to provide, secure and improve the Service;
  • to run the scans you request and generate reports;
  • to process payments and manage subscriptions;
  • to send transactional messages (verification, password reset, invitations) and, with your consent where required, product updates you can opt out of at any time;
  • to detect and prevent abuse of the platform.

We do not sell personal data.

4. AI processing

Scans are performed in part by third-party AI providers (currently Google Gemini, Anthropic Claude and providers reachable via OpenRouter) acting as our processors. We send them only the content needed to assess compliance - the public media, captions and transcripts of the items being scanned - not your account details. Their processing is governed by their respective enterprise data terms, which exclude use of API data for model training.

5. Sharing

We share data only with service providers needed to run APInguin (hosting on AWS, payments via Stripe, email delivery, AI providers above, data collection via Apify for public social content), with members of your own workspace, and where required by law. Each provider is bound by contractual confidentiality and data protection obligations.

6. Retention

Account data is kept while your account is active. Scan artifacts and logs are retained according to your plan’s retention window. Free public scan results and lead emails are retained for up to 12 months. When your account is deleted we remove or anonymize personal data within 30 days, except where law requires longer retention (for example billing records).

7. Security

Credentials and API keys are encrypted at rest, traffic is encrypted in transit (TLS), access is role-based and audit-logged, and login endpoints are rate limited with automatic lockouts. No system is perfectly secure; we notify affected users of any breach as required by law. See our security page for more detail.

8. Your rights

Depending on your location (including under GDPR and CCPA) you may have the right to access, correct, export, restrict or delete your personal data, and to object to certain processing. To exercise any of these rights, email privacy@apinguin.com. We respond within the timelines required by applicable law. You may also lodge a complaint with your local supervisory authority.

9. Cookies

We use strictly necessary cookies for authentication and session security, and a preference cookie for your theme choice. We do not use third-party advertising cookies on the application.

10. Changes and contact

We will post any changes to this policy here and update the date above; material changes will be notified in the Service or by email. Questions or requests: privacy@apinguin.com.