Privacy Policy

Last updated: June 8, 2026

1. Who we are

Apparition is a multi-tenant SaaS product operated by Phasmotic LLC, a Delaware limited liability company. Each Tenant uses Apparition to plan, generate, schedule, and publish marketing content to their own connected social accounts. Phasmotic acts as the data controller for account, billing, and platform-operational data, and as a data processor for the content and connected-account data that Tenants bring into the Service.

2. Information we collect

2.1 Account information

When you sign up, we collect your name, email address, and authentication credentials. If you sign in through a third-party identity provider, we receive the basic profile fields that the provider releases to us (typically name, email, and an account identifier).

2.2 Connected social accounts

When you connect an Instagram, Facebook, or Threads account through Meta’s OAuth flow, we receive and store the access tokens and scopes you authorize, along with the connected account’s public metadata (page or profile name, ID, profile picture, business asset IDs). We use these tokens only to perform actions you have requested through Apparition (publishing posts, reading scheduled-post status, retrieving analytics).

2.3 Content and brand data

We collect and store the content you upload, generate, draft, schedule, or publish through the Service. This includes images, video, captions, hashtags, brand profiles, brand voice guidelines, product catalogs, characters, and related metadata.

2.4 Payment information

Subscription billing is processed by Stripe. We do not store full payment card numbers on our servers; Stripe holds that information and returns to us a customer ID, a subscription record, and limited non-sensitive metadata (last 4 digits, card brand, billing country) to display in your account.

2.5 Usage and device data

We collect basic usage and diagnostic information such as IP address, browser type, pages visited, feature interactions, and error logs. This data helps us operate, secure, and improve the Service.

3. How we use information

• To provide the core Service: scheduling posts, AI-assisted content generation, analytics, and brand-profile management.
• To authenticate users and protect accounts from abuse.
• To process payments and manage subscriptions.
• To respond to support requests and operational notices.
• To improve the Service’s reliability, performance, and feature set.
• To meet legal obligations and enforce our Terms of Service.

4. AI model providers and how content is processed

Apparition uses third-party AI inference providers to generate text, images, and video on your behalf. When you generate content, the prompts and reference materials you provide are sent to the relevant provider for processing and are returned as outputs that are stored in your account. We do not authorize these providers to use your prompts or outputs to train their foundation models.

5. Third parties we share data with

We share data with the service providers below only to the extent needed to operate Apparition:

• Meta Platforms (Instagram, Facebook, Threads) — for the publishing, scheduling, and analytics actions you initiate against your connected accounts.
• Anthropic — for AI text generation and reasoning.
• MiniMax, fal.ai, Kling — for AI image and video generation.
• Stripe — for subscription billing and payment processing.
• Supabase — for database hosting, authentication, and storage of application data.
• Cloudflare R2 — for object storage of generated and uploaded media.
• Vercel — for application hosting and edge delivery.

We do not sell personal information. We do not share your data with advertisers or data brokers.

6. Data retention

We retain your account, connected-account, and content data for as long as your account is active. When you close your account or request deletion, we delete your personal data and connected-account tokens within 30 days, except where we are required to retain certain records (for example, billing records) to comply with legal, accounting, or tax obligations. Backups are purged on our normal backup-rotation schedule.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete the personal data we hold about you, and to object to certain processing. You can:

• Manage and disconnect connected social accounts from Settings inside the Service.
• Request deletion of data Apparition has gathered through Meta integrations using the steps on our Data Deletion page.
• Email phasmotic@gmail.com with any other privacy request.

We aim to respond to verified requests within 30 days.

8. Security

We take reasonable administrative, technical, and physical safeguards to protect the information we hold, including encryption in transit, access controls, scoped OAuth tokens, and least-privilege defaults across our infrastructure. No system is perfectly secure, and we cannot guarantee absolute security; if we become aware of a breach affecting your data, we will notify you as required by applicable law.

9. Children

Apparition is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will take steps to delete it.

10. International data transfers

Phasmotic operates in the United States, and our service providers may process data in the United States and other countries. By using the Service you consent to your information being transferred to and processed in those locations.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at this URL and update the “Last updated” date above. For significant changes we will also notify account holders by email or through the Service.

12. Contact

Questions about this Privacy Policy or our data practices can be sent to phasmotic@gmail.com.