This Privacy Policy explains what personal information Integreet collects, how we use it, and the choices you have. It applies to our mobile app, website, and related services (the "Service"). We comply with South Africa's Protection of Personal Information Act (POPIA) and, where applicable, the EU GDPR.
1. Information we collect
Information you provide
- Account details: name, email, password, phone number, profile photo.
- Profile content: bio, interests, location, posts, reels, messages, events, listings, reviews.
- Business application data: business name, registration details, representative ID, documents.
- Payment information: handled by our payment providers (we do not store full card numbers).
Information collected automatically
- Device data: IP address, device identifier, operating system, browser, app version.
- Usage data: pages viewed, features used, search queries, timestamps.
- Push notification token: a device-specific identifier issued by Firebase Cloud Messaging so we can deliver push notifications you have opted in to. The token does not identify you personally on its own.
- Camera, microphone, location, photo and video access — only when you grant the permission and only for the specific feature that needs it (for example, recording a reel, sharing your location in chat, or picking an image for a post). We never run these sensors in the background.
- Cookies and similar technologies on our website.
Content you submit to AI features
- When you use AI-assisted features (Beauty AI image transformation, the AI assistant, caption suggestions, or automated content moderation), the specific image, video, or text you submit is sent to the relevant AI provider for processing. We send only what is needed for the requested feature — never your full profile, contact list, or message history.
Information from third parties
- Social sign-in data when you choose to sign in with Google.
- Payment status from payment processors (e.g. Yoco, Google Play Billing).
2. How we use your information
- To provide, maintain, and improve the Service.
- To authenticate your account, send one-time codes, and prevent fraud.
- To personalise your feed and recommendations (the 80/20 interest model).
- To process marketplace transactions and promotions.
- To moderate content and enforce our Terms.
- To send transactional emails and, with your consent, occasional product updates.
- To run AI-assisted features (image transformations, content suggestions, automated moderation) — the input you provide is processed by the relevant AI provider and the output returned to you. We do not train AI models on your content.
- To comply with legal obligations.
3. Legal bases (POPIA / GDPR)
We process personal information on the basis of your consent, to perform our contract with you (the Terms), to pursue our legitimate interests in running and securing the Service, and to comply with legal obligations.
4. Sharing
We share personal information only as follows:
- Other users: your profile and public posts are visible to other users of the Service.
- Service providers (data processors): the named third parties listed below process data on our behalf under a Data Processing Agreement. They may only use the data for the specific purpose we instruct, and not for their own marketing or model-training.
- Legal requests: when required by law, court order, or to protect rights and safety.
- Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you where required.
We do not sell your personal information.
Named service providers
- Supabase Inc. (United States / EU) — application hosting, PostgreSQL database, authentication, and file storage. Receives all account data, profile content, posts, reels, messages, listings, and uploaded files. This is our primary data store.
- Cloudinary Ltd. (United States / EU) — media storage, transformations, on-demand watermarking, and content delivery (CDN) for images and videos. Receives the media files you upload (photos, reel videos, cover images, business verification documents).
- Yoco Technologies (Pty) Ltd (South Africa) — payment processing on the web for marketplace listings, physical-goods purchases, event tickets, and digital goods (subscriptions, Beauty AI credits, boost credits). Receives the payment amount, order reference, and the data Yoco requires to charge your card. We do not see or store full card numbers.
- Google LLC — Google Play Billing (United States) — on the Android app, the sole processor for digital goods (subscriptions, Beauty AI credits, boost credits). Receives the payment amount, product identifier, and a purchase token issued by Google that we use only to verify your purchase. Physical goods and event tickets on Android continue to use Yoco. Subject to Google's own privacy terms.
- Google LLC — Firebase Cloud Messaging (United States) — push notification delivery. Receives your device push token and the notification payload (title, body, link). Subject to Google's privacy terms.
- Google LLC — Sign in with Google (United States) — optional social sign-in. Receives the authentication request only; we receive your name, email, and profile picture from Google in return.
- Resend, Inc. (United States) — transactional email delivery (verification codes, receipts, account notices, password resets). Receives your email address and the email contents at the time of sending.
- OpenAI, L.L.C. (United States) — AI-assisted features such as the chat assistant, caption suggestions, and content categorisation. Receives only the specific text or image you submit for the requested feature. OpenAI does not use API inputs to train its models.
- fal.ai, Inc. (United States) — image transformation for the Beauty AI / generative photo features. Receives the source image you upload for the duration of the transformation only.
- Sightengine S.A.S. (France / EU) — automated moderation of user-generated photos and videos for nudity, sexual content involving minors (CSAM), graphic violence, and weapons. Receives the media file briefly at upload time so it can be classified before publishing. Used to protect users and comply with platform-safety laws.
- Agora.io, Inc. (United States) — real-time audio and video for live streaming and live video calls. Receives your audio/video stream in real time while a session is active. Streams pass through Agora's network and are not stored by Agora; if you save a replay, the recording is stored on Cloudinary.
These providers may process data in regions outside South Africa or the EU. Where required, we rely on approved cross-border transfer mechanisms (such as Standard Contractual Clauses and the providers' adequacy frameworks) to protect your information.
5. AI-generated content
Some Integreet features use generative AI (Beauty AI image transformation, caption suggestions, and the in-app assistant). We disclose AI features clearly in the app and follow these safeguards:
- Every AI-generated image carries a visible "AI generated" watermark baked into the saved file. Removing the watermark is a breach of our Acceptable Use Policy.
- Inputs you submit to AI features are sent to the relevant provider (OpenAI or fal.ai) only for that specific request. Per their published terms, providers do not use Integreet API inputs to train their models.
- AI inputs and outputs are scanned by the same Sightengine moderation pipeline as user uploads — generative content may not produce CSAM, non-consensual intimate imagery, or other prohibited content.
- Every AI-generated image, caption, and assistant reply has a Report button. Reports flagging offensive AI output are routed to our trust & safety queue and reviewed alongside user-generated reports.
- You can opt out of AI features at any time — they are never required to use core Integreet.
6. Retention
We keep personal information for as long as your account is active, and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. You can delete your account at any time from Settings.
7. Your rights
Depending on your location, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information (subject to legal obligations we must keep) — request deletion at /account-deletion.html without signing in, or from Settings if you are signed in.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with the Information Regulator of South Africa or your local data protection authority.
To exercise your rights, email support@integreet.com. We respond within 30 days.
8. Security
We use encryption in transit (TLS), encryption at rest for sensitive fields, row-level security on our database, and restricted staff access. No system is perfectly secure; please choose a strong password and enable two-factor verification.
9. Children
Integreet is not directed to children under 13. We collect each user's date of birth at sign-up and block accounts for anyone under that age. If we learn we have collected information from a child under 13, we will delete it. Our zero-tolerance commitments around child sexual abuse and exploitation, the safeguards built into the platform, and how to report concerns are set out in our Child Safety Standards.
10. International transfers
Our providers may process data in regions outside your country. Where required, we rely on approved transfer mechanisms (such as Standard Contractual Clauses) to protect your information.
11. Cookies
We use cookies and similar technologies for session management, preferences, and analytics. You can control cookies through your browser settings; disabling them may impact functionality.
12. Changes to this Policy
We may update this Policy. Material changes will be notified in-app or by email. The "Last updated" date above reflects the latest revision.
13. Contact
Integreet
Information Officer: James Ndou
1108 Copperleaf Country Estate, Mnandi, Centurion, Pretoria 0157, South Africa
Email: support@integreet.com