← Back to PurpleUp

Privacy Policy

Last updated: March 2026

1. Introduction

PurpleUp.ai ("PurpleUp," "we," "us," or "our") is an AI-powered content management platform operated as a business based in the European Union. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services at purpleup.ai (the "Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Profile picture (if provided via Google sign-in)
  • Password (stored in hashed form; not applicable for Google OAuth users)

2.2 Google OAuth Data

If you choose to sign in with Google, we request access to your basic Google profile information, specifically:

  • Email address — used as your account identifier and for communications
  • Name — used to personalise your account
  • Profile picture — displayed within the app as your avatar

We do not request access to your Google Drive, Gmail, contacts, calendar, or any other Google services. We do not store your Google access token beyond what is needed for authentication. You can revoke PurpleUp's access to your Google account at any time through your Google Account permissions.

2.3 Content and User-Generated Data

We store content you create and manage through the Service, including:

  • Scripts, strategies, carousel content, and other text you create
  • Social media profile URLs you connect or reference
  • Uploaded media files (images, videos)
  • Content calendar entries and scheduling data
  • Engagement and activity history within the platform

2.4 Usage and Analytics Data

We automatically collect certain technical and usage information, including:

  • Pages visited and features used within the Service
  • Browser type, operating system, and device information
  • IP address (anonymised where possible)
  • Session duration and interaction patterns
  • Error logs and performance data

2.5 Payment Information

Payment processing is handled entirely by Stripe. We never receive, store, or have access to your full credit card number, CVV, or other sensitive payment credentials. We may store a Stripe customer ID, subscription status, and the last four digits of your card for display purposes.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Service delivery: To provide, maintain, and improve our content management platform
  • Authentication: To verify your identity and secure your account
  • AI processing: To generate content, strategies, and recommendations using AI providers on your behalf
  • Communications: To send you account-related emails such as verification, password resets, billing notifications, and product updates
  • Analytics: To understand how the Service is used and to improve it
  • Error monitoring: To detect, diagnose, and fix bugs and technical issues
  • Legal compliance: To comply with applicable laws and regulations

We do not sell your personal data. We do not use your data for third-party advertising. We do not use your content to train AI models.

4. Third-Party Services

We share data with the following third-party service providers, solely to operate and improve the Service. Each provider processes data under their own privacy policies and, where applicable, data processing agreements.

4.1 Authentication and Database

  • Supabase — Authentication, database hosting, and file storage. Stores account data, user content, and uploaded media.

4.2 Payment Processing

  • Stripe — Processes all payments and subscription billing. Stripe receives your payment card data directly; PurpleUp does not handle or store card numbers.

4.3 AI Providers

When you use AI-powered features, relevant portions of your content and prompts may be sent to the following providers for processing:

  • Anthropic (Claude) — AI text generation and analysis
  • Google (Gemini) — AI text generation and analysis
  • OpenAI — AI text generation and analysis
  • ElevenLabs — Text-to-speech audio generation
  • Perplexity — AI-powered research and information retrieval

These providers process your data solely to generate the requested output and are contractually prohibited from using your data to train their models (where such options are available, we opt out of training). Refer to each provider's privacy policy for details on their data handling.

4.4 Analytics and Monitoring

  • PostHog — Product analytics to understand how features are used. May collect anonymised usage data, device type, and session information.
  • Sentry — Error tracking and performance monitoring. Collects error logs which may include technical identifiers and stack traces.

4.5 Email

  • Mailgun — Transactional email delivery (account verification, password resets, billing receipts, and product updates).

4.6 Hosting

  • Vercel — Application hosting and CDN. Processes HTTP requests which include IP addresses and standard request metadata.

5. Data Storage and Security

Your data is primarily stored within Supabase infrastructure. We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Secure password hashing (bcrypt)
  • Row-level security policies on database tables
  • Regular security reviews and updates
  • Principle of least privilege for internal access

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the provider's participation in recognised data protection frameworks.

7. Your Rights (GDPR)

As a user based in or protected by EU/EEA data protection laws, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You can request that we delete your personal data, subject to legal retention obligations.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to restrict processing: You can ask us to limit how we process your data in certain circumstances.
  • Right to object: You can object to the processing of your data for certain purposes.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at privacy@purpleup.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.

8. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication and core Service functionality (e.g., session tokens). These cannot be disabled.
  • Analytics cookies: Used by PostHog to collect anonymised usage data to help us improve the Service. You can opt out of analytics tracking via your browser settings or by contacting us.

We do not use advertising cookies or third-party tracking for ad targeting purposes.

9. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where we are legally required to retain it.
  • Content: Your created content is retained while your account is active and deleted upon account deletion.
  • Analytics data: Anonymised analytics data may be retained indefinitely for aggregate statistical analysis.
  • Billing records: Retained for up to 7 years as required by tax and accounting regulations.
  • Error logs: Automatically purged after 90 days.

10. Children's Privacy

PurpleUp is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at privacy@purpleup.ai and we will promptly delete such data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

12. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide you the Service you signed up for (Article 6(1)(b) GDPR).
  • Legitimate interest: Analytics and security monitoring to improve and protect the Service (Article 6(1)(f) GDPR).
  • Consent: Where you have given explicit consent, such as optional marketing emails (Article 6(1)(a) GDPR).
  • Legal obligation: Processing required to comply with tax, accounting, or other legal requirements (Article 6(1)(c) GDPR).

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Email: privacy@purpleup.ai

PurpleUp.ai
European Union

Terms & Conditions