Privacy Policy

Last updated: August 11, 2025

Effective date: August 11, 2025

1. Introduction

EKO GROWTH LLC ("we," "us," or "our") operates ThemePages.ai ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us, including:

  • Name and contact information (email address, phone number)
  • Account credentials and profile information
  • Payment and billing information
  • Communication preferences
  • Social media account information (when connecting platforms)
  • Content you create or upload through our Service

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Log data (access times, error logs, performance data)
  • Cookies and similar tracking technologies
  • Analytics data from third-party services

2.3 Third-Party Platform Data

When you connect your social media accounts or other third-party platforms, we may collect:

  • Account information and profile data (with your consent)
  • Public content and posts (with your permission)
  • Analytics and performance metrics
  • Engagement data and audience insights

2.3.1 Instagram OAuth Integration

When you connect your Instagram Business Account through our OAuth integration, we collect and process the following information:

  • Account Information: Instagram username, account ID, account type (Business/Creator), and profile picture URL
  • Authentication Data: OAuth access tokens and refresh tokens for secure API access
  • Profile Data: Public profile information including name, bio, and follower count
  • Content Metadata: Post analytics, engagement metrics, and performance data (with your explicit consent)
  • Connection Status: Information about the connection status and permissions granted

2.3.2 OAuth Authentication Process

Our Instagram integration follows the OAuth 2.0 protocol and Meta's Platform Policy:

  • Secure Authentication: All authentication is handled through Meta's secure OAuth endpoints
  • Limited Scope: We request only the minimum permissions necessary (instagram_basic)
  • Token Management: Access tokens are encrypted and stored securely in our database
  • Revocation Rights: You can revoke access at any time through your Instagram account settings
  • No Password Access: We never have access to your Instagram password

2.3.3 Social Media Platform Compliance

We comply with all applicable platform policies and terms of service:

  • Meta Platform Policy: Full compliance with Instagram and Facebook platform policies
  • Data Usage Guidelines: Adherence to platform-specific data usage and privacy guidelines
  • API Rate Limits: Respect for platform API rate limits and usage restrictions
  • Content Policies: Compliance with platform content and community guidelines

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide, maintain, and improve our Service
  • Process transactions and manage billing
  • Send you service-related communications
  • Respond to your inquiries and support requests
  • Analyze usage patterns and optimize performance
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Send marketing communications (with your consent)
  • Personalize your experience and content
  • Enable AI-powered features and automation

3.1 Instagram OAuth Data Usage

When you connect your Instagram Business Account, we use the collected data specifically for:

  • Account Management: Creating and managing your creator profile within our platform
  • Content Analytics: Providing insights into your Instagram performance and engagement metrics
  • Automation Features: Enabling AI-powered content management and scheduling tools
  • Platform Integration: Seamlessly connecting your Instagram account with our creator management tools
  • Performance Optimization: Analyzing trends to help improve your content strategy
  • Compliance Monitoring: Ensuring adherence to platform policies and terms of service

3.2 Data Processing Limitations

We strictly limit our use of your Instagram data to:

  • Authorized Purposes Only: We only use data for the specific purposes you've consented to
  • Minimum Necessary Access: We request and use only the minimum data required for our services
  • No Unauthorized Sharing: We do not share your Instagram data with third parties without your explicit consent
  • Respect for Platform Policies: All data usage complies with Meta's Platform Policy and Instagram's Terms of Service

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers

We may share your information with trusted third-party service providers who assist us in:

  • Hosting and infrastructure services
  • Payment processing and billing
  • Analytics and performance monitoring
  • Customer support and communication
  • AI and machine learning services
  • Security and fraud prevention

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Secure data centers and infrastructure
  • Employee training on data protection
  • Incident response procedures

5.1 OAuth Security Measures

For Instagram OAuth integration, we implement additional security measures:

  • Token Encryption: All OAuth access tokens are encrypted using industry-standard AES-256 encryption
  • Secure Storage: Tokens are stored in secure, isolated database environments with restricted access
  • Token Rotation: Automatic token refresh and rotation to minimize exposure windows
  • API Rate Limiting: Implementation of rate limiting to prevent abuse and ensure platform compliance
  • Audit Logging: Comprehensive logging of all OAuth operations for security monitoring
  • Secure Communication: All API communications use TLS 1.3 encryption

5.2 Social Media Data Protection

We protect your social media data through:

  • Data Minimization: We collect and store only the minimum data necessary for our services
  • Access Controls: Strict role-based access controls for all social media data
  • Data Segregation: Social media data is isolated from other user data
  • Regular Audits: Periodic security audits of our social media integrations
  • Incident Response: Dedicated response procedures for social media data incidents
  • Compliance Monitoring: Continuous monitoring for platform policy compliance

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Improve our Service and user experience

When we no longer need your information, we will securely delete or anonymize it.

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

  • Access and review your personal information
  • Update or correct inaccurate information
  • Request deletion of your information
  • Export your data in a portable format
  • Object to certain processing activities
  • Withdraw consent where applicable

7.2 Social Media Account Rights

For connected social media accounts, you have additional rights:

  • Revoke Access: Disconnect your Instagram account at any time through our platform or your Instagram settings
  • Token Revocation: Request immediate revocation of all access tokens and API permissions
  • Data Deletion: Request complete deletion of all Instagram-related data from our systems
  • Permission Management: Modify or restrict the permissions granted to our application
  • Usage Transparency: Request a detailed report of how your Instagram data has been used
  • Portability: Export all Instagram-related data in a machine-readable format

7.3 OAuth-Specific Controls

Our OAuth integration provides specific privacy controls:

  • Granular Permissions: We request only essential permissions (instagram_basic) and do not access private content
  • Session Management: You can view and manage active sessions through your account settings
  • Token Expiration: Access tokens automatically expire and require re-authentication for security
  • Audit Trail: We maintain logs of all API access for transparency and security monitoring
  • Emergency Disconnect: Immediate account disconnection available through our support team

7.4 Communication Preferences

You can control your communication preferences by:

  • Unsubscribing from marketing emails
  • Adjusting notification settings in your account
  • Contacting us to update your preferences

7.5 Cookies and Tracking

You can control cookies and tracking technologies through your browser settings. However, disabling certain cookies may affect the functionality of our Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect and how we use it
  • The right to delete your personal information
  • The right to opt-out of the sale of personal information
  • The right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to be informed about data processing
  • The right of access to your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision making

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Displaying a notice in our Service

Your continued use of our Service after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EKO GROWTH LLC

8141, 1621 Central AVE

CHEYENNE WY 82001-4531

Business Phone: 1-800-829-4933

Email: privacy@themepages.ai

15. Data Processing Legal Basis (GDPR)

For EEA users, we process your personal data based on the following legal grounds:

  • Consent: When you explicitly agree to data processing
  • Contract: To fulfill our contractual obligations to you
  • Legitimate Interest: To improve our Service and prevent fraud
  • Legal Obligation: To comply with applicable laws

16. Automated Decision Making

Our Service uses AI and automated systems to provide personalized features and content recommendations. You have the right to request human review of automated decisions that significantly affect you.

17. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable laws and regulations.

Messenger Data – Compliance Notice

Last updated: August 11, 2025

What we collect

  • Page-scoped IDs, message text and attachments, timestamps
  • Quick reply/postback payloads, opt-ins, reads, deliveries, handovers

Why we collect (lawful basis: legitimate interests & performance of service)

  • Provide automated assistance and route to a human agent
  • Support campaign/order inquiries and security/audit logs
  • Improve reliability and abuse prevention

Retention

Messenger data is retained up to 30 days, then deleted or anonymized unless longer retention is required by law or active disputes.

User controls

  • Type STOP to opt-out of automated messages; START to re-opt-in
  • Request deletion or export via support@themepages.ai or the Data Deletion page

Third parties

We do not sell data. Processors may include hosting, analytics, and Meta Platforms for message transport.

Contact

Email: support@themepages.ai