Information we collect
We collect information you provide directly, data from connected platforms, and technical data generated by using our service.
| Type | Examples | Source |
|---|---|---|
| Account data | Name, email address, password hash | You, at signup |
| Usage data | Pages visited, audits run, features used | Automatically |
| Audit input | Website URLs, uploaded files, chat prompts | You, when using the product |
| OAuth tokens | Access and refresh tokens for connected platforms | Third-party OAuth flow |
| Platform data | Ad campaigns, search data, email metadata | Connected integrations |
| Technical data | IP address, browser type, device info | Automatically |
Third-party integrations
When you connect external platforms, we access your data on those platforms only to provide the features you request. We access only the permissions you explicitly grant during the OAuth flow.
| Platform | Data accessed | Purpose |
|---|---|---|
| Google Ads | Campaigns, keywords, performance metrics | Audit and recommendations |
| Meta Ads | Campaigns, ad sets, ad performance | Audit and recommendations |
| Google Search Console | Search queries, page performance | SEO analysis |
| Gmail | Email metadata, thread content | AI marketing analysis and insights |
| Google Sheets | Spreadsheet content you select | Export and analysis |
| Public posts, subreddit data | Market research |
We do not store platform data longer than necessary to display it to you. You can disconnect any integration at any time from your Integrations page.
How we use your data
- To run website audits, generate scores, and produce marketing recommendations
- To power AI analysis using OpenAI's API — your data is sent to OpenAI for processing
- To display dashboards showing your connected platform metrics
- To maintain your account and authenticate you
- To send service-related emails (never marketing without consent)
- To detect errors, improve reliability, and debug issues
- To comply with legal obligations
Data storage
Your data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure. OAuth tokens are encrypted at rest using AES-256. We store only the presence of API keys — never the key values themselves in logs or error reports.
Our backend runs on Render. Our frontend is served as a static site. Both are hosted in the United States.
Data sharing
We share your data only with the following sub-processors, and only to deliver the service:
| Sub-processor | Purpose |
|---|---|
| OpenAI | AI analysis and content generation |
| Supabase | Database and authentication |
| Render | Backend hosting |
We may disclose data if required by law, court order, or to protect our rights or the safety of users.
Data retention
- Account data: retained while your account is active, deleted within 30 days of account deletion request
- Audit results: retained for your account history, deleted with your account
- OAuth tokens: deleted immediately when you disconnect an integration
- Platform data (cached): deleted within 7 days of disconnection
- Usage logs: retained for 90 days for debugging purposes
Your rights
Depending on your location, you may have the following rights:
- Access — request a copy of all data we hold about you
- Correction — update inaccurate data
- Deletion — request deletion of your account and all associated data
- Portability — receive your data in a machine-readable format
- Objection — object to certain types of processing
- Withdrawal — disconnect any integration and revoke access at any time
To exercise any right, email us at the address in the Contact section. We will respond within 30 days.
Security
We implement industry-standard security measures: OAuth tokens encrypted at rest, HTTPS-only connections, Supabase Row Level Security so users can only access their own data, and no storage of plaintext credentials.
No system is perfectly secure. If you discover a security vulnerability, please contact us immediately at the address below.
Cookies
We use minimal, necessary cookies only: session authentication tokens and preferences. We do not use advertising cookies or third-party tracking pixels. We do not use Google Analytics or similar tracking tools.
Children
Floating IQ is not directed at anyone under the age of 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us and we will delete it immediately.
Changes to this policy
We may update this policy from time to time. We will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the new policy.
Contact us
For any privacy-related questions, data requests, or to report a concern:
Floating IQ
Contact us: floatingiq.22@gmail.com