Armonil

Privacy Policy

Last updated: March 30, 2026

1. Who we are

Armonil (“we”, “us”, “our”) is an analytics dashboard for short-form content creators, operated by Julien Lecornet, based in Alsace, France. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, web application, and mobile application (collectively, the “Service”) available at https://armonil.com.

Contact: privacy@armonil.com

2. What data we collect

2.1 Account data

When you create an account, we collect:

  • Your email address
  • Your name and profile picture (obtained via Supabase Auth, which manages the OAuth flow with Google, TikTok, or Meta on our behalf)

2.2 Social media data

When you connect a social media account (TikTok, YouTube, or Instagram), we access — with your explicit authorization — the following data through official platform APIs:

TikTok (via TikTok Business API / Login Kit):

  • Profile information: username, display name, profile picture, follower count, following count
  • Video metrics: views, likes, comments, shares, watch time, publication date, thumbnail
  • Account-level metrics: total followers over time, total views, engagement rates

YouTube (via YouTube Data API v3 and YouTube Analytics API):

  • Profile information: channel name, profile picture, subscriber count
  • Video metrics: views, likes, comments, average watch time, publication date, thumbnail
  • Account-level metrics: total subscribers over time, total views
  • Audience demographics: age ranges, gender distribution, geographic distribution (used solely to display your own insights in the dashboard)

Instagram (via Instagram Graph API):

  • Profile information: username, display name, profile picture, follower count
  • Reels metrics: views (plays), likes, comments, reach, impressions, saves, shares, publication date, thumbnail
  • Account-level metrics: total followers over time
  • Audience demographics: age ranges, gender distribution, city and country distribution (used solely to display your own insights in the dashboard)

We only access data that you explicitly authorize through the OAuth consent screen of each platform. We never access your private messages, passwords, or payment information from these platforms.

Data obtained through TikTok APIs is not shared with any third party except as strictly necessary to operate the Service (database hosting, see section 6). TikTok data is never used for advertising, data brokering, profiling, or aggregated benchmarking against other users.

2.3 Usage data

We automatically collect:

  • Pages visited within the Service
  • Features used (achievements unlocked, Creator Cards generated)
  • Browser type, device type, and operating system
  • IP address (used for security and approximate geolocation for service optimization)

2.4 Mobile application data (coming soon)

If you use the Armonil mobile application (built with Capacitor for iOS and Android, coming soon), we may additionally collect:

  • Push notification token (if you grant notification permissions), used solely to send you achievement notifications and weekly recaps
  • Device timezone, used to display analytics in your local time

We do not access your device's location, contacts, camera, microphone, or any other system resource unless explicitly disclosed and authorized.

2.5 Payment data

If you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We do not store your credit card number, CVV, or full payment details on our servers. We only store your Stripe customer ID and subscription status.

2.6 Waitlist data

If you submit your email address to join the Armonil waitlist before creating an account, we collect:

  • Your email address, used solely to notify you when early access becomes available and to send you a one-time confirmation email

Waitlist entries are stored until you either create an account or request removal by emailing privacy@armonil.com. We do not use waitlist emails for any purpose other than early access notification.

3. Why we collect your data

We use your data for the following purposes:

  • Providing the Service: Displaying your unified analytics dashboard, calculating your progression score, generating Creator Cards, and tracking your achievements
  • Improving the Service: Understanding how features are used to prioritize improvements
  • Communications: Sending you weekly recap emails, achievement notifications, and important service updates (you can opt out of non-essential emails at any time)
  • Security: Protecting your account and detecting unauthorized access
  • Billing: Managing your subscription and processing payments via Stripe
  • Waitlist: Notifying you when early access to the Service becomes available, if you have submitted your email address prior to account creation

We do not use your data for advertising, profiling, or selling to third parties.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your data based on the following legal grounds:

  • Contract (Art. 6.1.b GDPR): Processing your account data and social media analytics is necessary to perform the Service you signed up for. This includes connecting your social media accounts via OAuth, storing and displaying your metrics, and generating Creator Cards. Without this processing, the Service cannot function.
  • Legitimate interest (Art. 6.1.f GDPR): Basic usage analytics to improve the Service, and security measures to protect accounts. These interests do not override your privacy rights.
  • Consent (Art. 6.1.a GDPR): Sending non-essential communications such as weekly recap emails and achievement notifications, and processing waitlist email addresses submitted prior to account creation. You may withdraw this consent at any time by contacting privacy@armonil.com or, for registered users, via your account settings.

You may stop using the Service and delete your account at any time. Disconnecting a social media account will prevent further data collection from that platform.

5. How we store and protect your data

  • Database: Your data is stored in a PostgreSQL database hosted by Supabase in the EU (Frankfurt, Germany) region
  • Encryption: All API access tokens are encrypted at rest using AES-256. All data is transmitted over HTTPS (TLS 1.2+)
  • Access tokens: OAuth tokens from TikTok, YouTube, and Instagram are stored encrypted and are only used to fetch your analytics data on your behalf. They are never shared with anyone. Tokens are automatically deleted when you disconnect a platform, when they are revoked by the platform, or when you delete your account. We perform periodic validation to ensure no orphaned tokens are retained.
  • Hosting: The Service is hosted on Vercel (global CDN; edge processing may occur in the US or EU depending on your location, governed by Standard Contractual Clauses — see section 11)
  • Backups: Database backups are performed daily and retained for 7 days

6. Who we share your data with

We do not sell, rent, or trade your personal data to anyone.

We share data only with the following service providers, strictly necessary to operate the Service:

ProviderPurposeData sharedLocation
SupabaseDatabase & authenticationAccount data, social media metricsEU (Frankfurt)
VercelWeb hosting & edge deliveryIP address, usage dataGlobal (US/EU, SCCs apply)
Vercel AnalyticsAggregate site analytics (cookieless)Anonymized page view dataUS (SCCs apply)
StripePayment processingEmail, subscription statusUS (SCCs apply)
ResendTransactional emailsEmail addressUS (SCCs apply)

These providers act as data processors under GDPR and are bound by data processing agreements. We do not share your social media analytics data with any of these providers beyond what is technically necessary to operate the Service.

Creator Cards: When you share a Creator Card, the image is generated from your data and shared by you. We do not share your Creator Card or analytics with anyone unless you choose to do so.

7. Data retention

  • Active accounts: We retain your data for as long as your account is active
  • Historical analytics:We store your social media metrics for as long as you maintain your account. The display of historical data within the dashboard is limited by your subscription plan (30 days for Free, 90 days for Basic, unlimited for Pro). Metrics beyond your plan's display window are archived rather than deleted, and become immediately accessible if you upgrade your plan. Archived data is permanently purged after 12 months in the archived state for accounts that have not upgraded during that period. This is a core feature of the Service: platforms such as TikTok only retain 60 days of analytics natively, and Armonil preserves your history beyond that window.
  • Deleted accounts: When you delete your account, all your personal data, connected accounts, and stored metrics are permanently deleted within 30 days. Deletion from the live database occurs immediately; the 30-day period covers propagation to encrypted backups, which are also purged within that window.
  • Disconnected platforms: When you disconnect a social media account, the associated access tokens are immediately deleted. Historical metrics already collected are retained in your account unless you request their deletion.
  • Inactive tokens: OAuth tokens that fail validation (e.g., revoked by the platform or expired beyond renewal) are deleted within 24 hours of detection.

8. Your rights

If you are located in the EEA, UK, or other jurisdictions with applicable data protection laws, you have the following rights:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and all associated data
  • Portability: Request your data in a machine-readable format (JSON/CSV)
  • Restriction: Request that we limit processing of your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Unsubscribe from non-essential communications at any time via email settings or account preferences

To exercise any of these rights, contact us at privacy@armonil.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (for France: CNIL).

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising cookies, tracking cookies, or cookies from third-party analytics tools.

We use Vercel Analytics, a privacy-first analytics service provided by Vercel, Inc. It collects aggregate, anonymized data (page views, referrers, device types) without cookies, without fingerprinting, and without collecting personally identifiable information. No cookie consent banner is required for this tool.

CookiePurposeDuration
Session cookieMaintain your login sessionUntil logout
Auth tokenSecure authentication7 days

Because we only use strictly necessary cookies, no cookie consent banner is required under GDPR/ePrivacy regulations.

10. Children's privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete that data promptly.

11. International data transfers

Your data is primarily stored and processed in the EU (Frankfurt, Germany) via Supabase. When data is transferred outside the EEA to US-based service providers (Stripe, Vercel, Resend), such transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, as required by GDPR Chapter V.

Vercel operates a global CDN. Edge requests may be processed at nodes outside the EEA; however, personal data stored in our database remains in the EU region at all times.

12. Platform-specific disclosures

TikTok

We access TikTok data through the official TikTok Business API under TikTok's Platform Terms of Service. Data obtained through TikTok APIs is used exclusively to provide the analytics features of the Service to the authenticated user who granted authorization. This data is not used to build profiles for advertising, is not sold or rented, and is not shared with third parties except as described in section 6.

Users in the EEA and UK may also be eligible to transfer their TikTok data to the Service via the TikTok Data Portability API, where available. Data transferred via this mechanism is subject to the same protections described in this policy.

YouTube / Google

We access YouTube data through the YouTube Data API v3 and YouTube Analytics API under Google's API Terms of Service. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Instagram / Meta

We access Instagram data through the Instagram Graph API under Meta's Platform Terms. Access is limited to Business and Creator accounts that have explicitly authorized the Service. Data obtained is used solely to display analytics to the authenticated user.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.

14. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@armonil.com
Website: https://armonil.com