Privacy Policy

1. Scope and Applicability

This Privacy Policy applies to personal information we process in connection with the Services, including information from users who connect Instagram Business accounts, users who connect Google Calendar through Google OAuth, and users who integrate third-party customer relationship management ("CRM") systems.

2. Information We Collect

Information you provide directly

• Account registration information (such as name, email address, and account credentials).
• Business profile information and preferences you provide in the platform.
• Content inputs, drafts, and prompts you submit for content creation.
• Billing and subscription information processed through our payment providers.

Information from connected services

• Instagram Business account information obtained through Meta's official Instagram Graph API after OAuth authorization, including account identifiers, basic profile metadata, posts, and comments/engagement data permitted by granted scopes.
• Google Calendar event data obtained through Google's official Calendar API after Google OAuth authorization, including event titles, start and end times, descriptions, locations, and your basic Google account identifier. We request only the read-only calendar scopes needed to surface content opportunities and do not request write, delete, or attendee-management permissions.
• CRM data fields and statuses from supported integrations (for example, Follow Up Boss, KW Command, Salesforce, HubSpot, and similar CRM providers) when you choose to connect those services.

Automatically collected information

• Device, log, and analytics information (such as IP address, browser type, timestamps, and feature usage events).
• Service performance and diagnostic information for security, reliability, and troubleshooting.

3. Instagram Graph API and OAuth Disclosures

• We connect to Instagram Business accounts via OAuth using Meta's official APIs only.
• We store access tokens securely in encrypted form and limit token access to authorized systems and personnel.
• We retrieve engagement data, including comments and basic metadata, to help agents monitor and respond to leads.
• We use engagement data to support follow-up workflows, including optional CRM lead creation and task routing.
• We do not access personal messages beyond the permissions granted by Meta APIs and your authorization.
• We do not scrape social media data and we are not a data broker.
• Users can disconnect their social account at any time in product settings, which revokes ongoing access.

4. Google APIs and Calendar OAuth Disclosures

ModernCue's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request

• https://www.googleapis.com/auth/calendar.readonly — read-only access to the list of calendars on your Google account so you can select which calendar(s) ModernCue analyzes.
• https://www.googleapis.com/auth/calendar.events.readonly — read-only access to events on the calendars you select, including event titles, descriptions, locations, and start/end times.

How we use Google Calendar data

• We access calendar events for the sole purpose of suggesting content opportunities. Event metadata is passed to our AI relevance scoring pipeline to identify open windows and event-driven moments (for example, open houses, showings, and listing milestones) and to recommend suggested post slots on your content calendar.
• We use Google OAuth access tokens only to read calendar event data on your behalf. Tokens are stored securely in encrypted form and access is limited to authorized systems and personnel.
• Relevance scoring is performed within our secure Azure environment using Azure OpenAI services. Calendar event content is not used to train generalized or third-party AI models.

What we do not do with Google Calendar data

• We do not share, sell, rent, license, or transfer Google Calendar data to any third party.
• We do not use Google Calendar data for advertising or for any purpose unrelated to suggesting content opportunities.
• We do not allow humans to read Google Calendar data except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
• We do not write to, modify, or delete events on your Google Calendar.

Revoking access

You can revoke ModernCue's access to your Google Calendar at any time. You may disconnect inside ModernCue product settings, or revoke directly through your Google Account at https://myaccount.google.com/permissions. Revoking access stops further data retrieval immediately; previously cached event metadata is purged in accordance with Section 8 (Data Retention).

5. How We Use Personal Information

• Provide, operate, and maintain the Services.
• Generate captions and content suggestions using secure Azure OpenAI services.
• Publish or schedule content on your behalf at your direction.
• Retrieve and analyze comments for engagement tracking and intent detection.
• Create or update CRM records and follow-up workflows when enabled by you.
• Process subscriptions, provide support, and communicate service updates.
• Improve service quality, enforce terms, and protect against misuse and fraud.

6. Legal Bases and U.S. Privacy Compliance

We process personal information as needed to provide the Services you request, for legitimate business purposes such as security and product improvement, to comply with legal obligations, and where required, with your consent.

We comply with applicable U.S. privacy laws, including state privacy laws that provide CCPA-style rights. We do not sell personal information and do not share personal information for cross-context behavioral advertising. We do not sell, rent, license, or share Google Calendar data with any third party, and we do not use Google Calendar data for advertising or for any purpose other than providing the content-opportunity features described in Section 4.

7. Your Rights

Subject to applicable law, you may have the right to:

• Know whether we process your personal information and access a copy of it.
• Request correction of inaccurate personal information.
• Request deletion of personal information we hold about you.
• Request portability of certain information.
• Opt out of certain processing where required by law.
• Receive non-discriminatory treatment for exercising privacy rights.

To exercise your rights, email support@moderncue.com. We may verify your identity before processing requests.

8. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, meet contractual commitments, and comply with legal, accounting, tax, audit, and regulatory requirements.

Depending on data type and legal obligations, certain records may be retained for up to ten (10) years for audit and compliance purposes.

9. Data Deletion and Account Disconnection

You may disconnect Instagram, Google Calendar, and other integrations at any time through your ModernCue account settings. For Google Calendar specifically, you may also revoke ModernCue's access directly from your Google Account at https://myaccount.google.com/permissions. You may also request deletion of your account and associated data by emailing support@moderncue.com.

We process verified deletion requests within seven (7) days, except where limited retention is required by law or for legitimate compliance purposes.

See our Data Deletion Instructions page for request details.

10. Security Practices

• Encryption in transit using TLS and encryption at rest for stored data.
• Secure storage and handling of access tokens and credentials.
• Role-based access controls, least-privilege practices, and monitoring.
• Administrative, technical, and organizational safeguards designed to protect personal information.

No method of transmission or storage is completely secure, but we maintain safeguards appropriate for a U.S. SaaS platform of our size and scope.

11. Third-Party Services

We use trusted service providers and integration partners to operate the Services, including:

• Meta / Instagram: social account authentication, publishing, and engagement data through official APIs.
• Google: Google OAuth for sign-in authorization and the Google Calendar API for read-only calendar event data used to surface content opportunities. Our use of Google user data is governed by the Google API Services User Data Policy, including the Limited Use requirements. Access can be revoked at https://myaccount.google.com/permissions.
• Microsoft Azure: hosting, infrastructure, storage, security tooling, and Azure OpenAI processing.
• CRM providers: user-enabled lead syncing and workflow integrations with third-party CRM platforms.

These third parties process information under their own terms and privacy notices where applicable, and only as necessary to deliver the requested functionality.

12. Children's Privacy

The Services are intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact support@moderncue.com and we will take appropriate action.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy with a revised "Last updated" date and provide notice through the Services or by other reasonable means.

14. Contact Us

For privacy or data requests, contact: support@moderncue.com.