VIREALLAB

Privacy Policy

Last updated: May 12, 2026

1. Who We Are

VirealLab ("we", "us", "our") is a creator analytics and AI content platform operated at vireallab.app. We help content creators grow their audience, track analytics, manage brand deals, and generate content using AI.

For questions about this policy, contact us at privacy@vireallab.app.

2. Information We Collect

We collect the following categories of information:

2a. Account Information

  • Email address (used for magic-link authentication)
  • Display name (optional, set by you in Settings)

2b. Instagram / Meta Data

When you connect your Instagram account, we request the following permissions from Meta:

  • instagram_basic — your Instagram username, profile picture, account type, and media count, used to display your profile inside VirealLab.
  • instagram_manage_insights — post-level and account-level metrics (reach, impressions, engagement), used to display analytics on your dashboard.
  • instagram_content_publish — the ability to schedule and publish content to your Instagram account on your behalf, only when you explicitly trigger a publish action inside VirealLab.
  • pages_read_engagement — page engagement metrics for Instagram Business accounts linked to a Facebook Page.

We do not access your direct messages, contact list, or any data beyond what is listed above.

2c. TikTok Data

When you connect your TikTok account, we request the following permissions:

  • user.info.basic — your TikTok display name, avatar, and follower count, used to populate your profile in VirealLab.
  • video.list — your public video list including titles, view counts, like counts, comment counts, and share counts, used to display post analytics on your dashboard.
  • video.insights — detailed performance metrics for your videos (impressions, reach, watch time), used to generate analytics reports.

We do not access your TikTok inbox, followers list, or financial data.

2d. YouTube / Google Data

  • Channel statistics (subscriber count, total views)
  • Video metadata and performance metrics (views, likes, comments, watch time)
  • Analytics data via YouTube Analytics API

VirealLab's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

2e. OAuth Access Tokens

We store the OAuth access tokens and refresh tokens needed to retrieve your platform data. These tokens are encrypted at rest using AES-256-GCMand are never shared with third parties. You can revoke them at any time by disconnecting the platform in Settings, or directly through each platform's own security settings.

2f. Content You Create

  • Draft posts and published content you create using the AI Writer
  • Writing style samples you upload for Ghost Mode
  • Deal notes and brand contacts you add to the Deal Room

2g. Usage and Technical Data

  • Server logs including IP address, browser type, and pages visited
  • Session data (stored in encrypted server-side session cookies)
  • Error logs for debugging and service improvement

2h. Billing Information

Subscription and payment processing is handled by Stripe. We do not store credit card numbers or banking information. We receive only non-sensitive billing metadata (plan type, billing status, last-4 of card) from Stripe.

3. How We Use Your Information

  • To authenticate you and maintain your account session
  • To display your social media analytics on your VirealLab dashboard
  • To generate AI-assisted content using prompts you provide
  • To schedule and publish content to connected platforms on your explicit request
  • To process your subscription and send billing receipts
  • To send transactional emails (magic-link sign-in, billing notifications)
  • To improve the reliability and performance of our service

We do NOT:

  • Sell your personal data or platform data to any third party
  • Use your content or platform data to train AI or machine learning models
  • Access your platform data for any purpose other than providing you the VirealLab service
  • Share your data with advertisers
  • Use your data for cross-context behavioral advertising

4. How We Share Your Information

We only share your data with the following categories of service providers, strictly to operate the platform:

  • Microsoft Azure — cloud hosting and database storage (West US 2 region)
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Anthropic — AI content generation (your prompts are sent to Anthropic's API; see Anthropic's Privacy Policy)
  • Meta Platforms — to retrieve Instagram data and publish content you request
  • TikTok — to retrieve analytics data you authorize
  • Google — to retrieve YouTube analytics data you authorize

We do not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes.

5. Data Retention

  • Your account data is retained for as long as your account is active.
  • Cached analytics data from connected platforms is refreshed regularly and not retained beyond 90 days after you disconnect a platform.
  • OAuth tokens are deleted immediately when you disconnect a platform or delete your account.
  • Server logs are retained for up to 90 days for security and debugging purposes.
  • When you delete your account, all personal data is permanently removed within 30 days.

6. Your Rights and Choices

Disconnect a Platform

You can disconnect Instagram, TikTok, or YouTube at any time from Settings → Connected Platforms. This immediately revokes our access tokens and stops all data collection from that platform.

Delete Your Account

You can delete your VirealLab account from Settings → Account. This permanently deletes all your data within 30 days.

Request Your Data

You may request a copy of all personal data we hold about you by emailing privacy@vireallab.app. We will respond within 30 days.

Correct or Update Your Data

You can update your display name and email preferences directly in Settings. For other corrections, contact privacy@vireallab.app.

GDPR Rights (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you have the right to: access your personal data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict or object to processing, and data portability. To exercise these rights, email privacy@vireallab.app.

CCPA Rights (California Users)

California residents have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To submit a request, email privacy@vireallab.app.

7. Security

  • All data transmission uses TLS 1.2 or higher
  • OAuth tokens are encrypted at rest using AES-256-GCM
  • Our database is hosted on Microsoft Azure with access controls and encryption at rest
  • We perform regular security reviews and follow industry-standard practices

No method of transmission over the internet is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

8. Children's Privacy

VirealLab is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@vireallab.app and we will delete it promptly.

9. Cookies

VirealLab uses only essential session cookies required to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and notify you by email. Your continued use of VirealLab after changes become effective constitutes your acceptance of the updated policy.

11. Contact Us

For any privacy-related questions, data requests, or to exercise your rights:

We will respond to all privacy requests within 30 days.