1. Introduction
Trinchero Control Panel ("the Platform") is a marketing management tool operated by Nonfiction Agency ("we," "us," or "our") on behalf of Trinchero Family Estates. This Privacy Policy describes how we collect, use, and protect information when you use the Platform or when the Platform interacts with third-party services on your behalf.
2. Information We Collect
We collect the following categories of information:
- Account Information: Email address and authentication credentials for authorized users of the Platform.
- Social Media Data: When you connect social media accounts (Instagram, Facebook, TikTok, YouTube, Pinterest), we access public profile information, post content, engagement metrics, comments, and direct messages as authorized by each platform's API permissions.
- Content You Create: Posts, images, videos, captions, and other marketing content created or uploaded through the Platform.
- Usage Data: Information about how you interact with the Platform, including pages visited and features used.
3. How We Use Information
We use collected information to:
- Provide and operate the Platform's marketing management features
- Publish content to connected social media platforms on your behalf
- Sync and display analytics from connected social media accounts
- Manage community engagement (comments, messages) across platforms
- Generate AI-assisted marketing content using third-party AI services
- Track competitor activity from publicly available sources
4. Third-Party Services
The Platform integrates with the following third-party services:
- Meta (Instagram & Facebook): We use the Meta Graph API to read and publish content, sync analytics, and manage comments and messages.
- TikTok: We use the TikTok Content Posting API to publish video content and retrieve analytics.
- YouTube: We use the YouTube Data API to publish videos and retrieve channel and video analytics.
- Supabase: We use Supabase for data storage and authentication.
- OpenAI & Google AI: We use AI services for content generation. Content sent to these services is used solely for generating responses and is subject to their respective privacy policies.
- Apify: We use Apify for publicly available social media data collection related to competitor tracking.
Each third-party service has its own privacy policy. We encourage you to review those policies. We only request the minimum permissions necessary to provide the Platform's functionality.
5. Data Storage and Security
Data is stored securely using Supabase (hosted on AWS) with row-level security policies. API credentials and tokens are encrypted and stored server-side only — they are never exposed to client-side code. We use HTTPS for all data transmission and follow industry-standard security practices.
6. Data Retention
We retain social media data and analytics for as long as the associated brand account is active on the Platform. Content you create is retained until you delete it. Authentication tokens are automatically rotated and updated as required by each platform's API.
7. Data Sharing
We do not sell, rent, or trade your personal information. We share data only as follows:
- With third-party APIs as necessary to provide Platform features (publishing, analytics sync)
- With AI service providers for content generation (no personal data is sent; only marketing content)
- As required by law or to protect our legal rights
8. Your Rights
You may request access to, correction of, or deletion of your data by contacting us. You may disconnect any social media account at any time, which will stop further data collection from that platform.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify authorized users of material changes via the Platform.