Cullen ← trycullen.com
Legal

Privacy Policy

Effective 6 July 2026

Cullen ("we", "us") is a Singapore-based business. This policy explains what we collect when you use the Cullen extension and trycullen.com, why we collect it, who processes it for us, and the choices you have. The short version: we collect what the product needs to work, we never see your card details, and we do not sell personal data.

1. What we collect

We do not collect your Instagram, TikTok, or YouTube passwords, and the extension does not read your private messages, your feed, or pages you did not point it at.

2. How we use it

Captured public content also feeds Cullen's shared understanding of what performs: engagement records and public comments from pages that were scanned may be analyzed once and reused, so the same public post is not re-billed to every user who studies it. This shared record is about the public post, not about you, and does not include your identity.

3. Who processes data for us

Each processor receives only what its job needs. We do not sell or rent personal data to anyone, and there is no third-party advertising or tracking on our pages.

4. Retention and deletion

Account data is kept while your account exists. If you ask us to delete your account, we delete your profile, onboarding answers, brand file, credit history, and the links between you and everything you scanned. Records of public posts and public comments that are not tied to your identity may persist in the shared corpus described in section 2. Commenters who want a specific public comment removed from our records can write to us and we will remove it.

5. Your rights

You can ask us at any time to show you the personal data we hold about you, correct it, or delete it, consistent with Singapore's PDPA and, where it applies to you, the GDPR and similar laws. Email [email protected] from your account email and we will act on it promptly.

6. Cookies and local storage

We use storage for exactly one thing: keeping you signed in (your Supabase session in this site's local storage, and in the extension's own storage). No analytics cookies, no ad trackers.

7. Security

Data lives in Supabase behind row-level security, so an account can only read its own records; paid state and credit records can only be written by our backend, never by a client. Secrets and API keys are never shipped in the extension or this website. No system is perfectly secure, but if a breach ever affects your data we will tell you.

8. Changes

If this policy changes in a way that matters, we will post the new version here with a new effective date and email account holders about significant changes.

9. Contact

Privacy questions and requests: [email protected].