Privacy Policy

Sandman ("we," "our," or "us") operates the sandmanci.com website and the Sandman performance-analysis platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Sandman, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — Required for account creation and communication
• Password — Stored in encrypted format (when using email/password authentication)
• Google account information — If you sign up via Google OAuth, we receive your email address and basic profile information from Google

1.2 Payment Information

When you subscribe to a paid plan, we collect:

• Stripe Customer ID — Used to manage your subscription
• Subscription details — Plan tier, subscription status, billing period dates
• Payment method — We do NOT store your full credit card number. All payment processing is handled securely by Stripe, Inc.

1.3 Content & Data You Provide

When you use Sandman, we collect and process:

• Profile requests — Social media handles and platforms (TikTok, Instagram, YouTube) you submit for analysis
• Video data — Publicly available information from the social media profiles you request, including:
  • Video URLs and identifiers
  • Captions and text content
  • Transcripts
  • Video duration and posting dates
  • Public engagement metrics (views, likes, comments, shares, saves)
  • Follower counts and display names
• Chat messages — Your messages to the AI assistant are stored securely and are not shared with third parties
• Consent records — We store a record of when you accepted our Terms of Service and Privacy Policy

1.4 Automatically Collected Information

When you access our Service, we automatically collect:

• Usage data — Pages visited, features used, time spent on the platform, product analytics events (e.g., feature interactions, funnel steps)
• Device information — Browser type, operating system, device identifiers
• Log data — IP address, access times, referring URLs
• Error and performance data — Application errors, stack traces, and performance metrics collected via Sentry
• Cookies and similar technologies — Session identifiers and authentication tokens

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Operate the Service

• Create and manage your account
• Process your subscription and payments
• Execute analysis jobs and ingest video data
• Generate AI-powered insights, recommendations, and content strategies
• Enable chat-based interactions with your data

2.2 Monitor and Improve Reliability

• Detect, diagnose, and resolve application errors using Sentry error monitoring
• Track performance metrics and identify bottlenecks
• Enforce rate limits to protect service availability for all users

2.3 Improve and Develop the Service

• Analyze usage patterns and product funnels via PostHog analytics
• Debug issues and optimize performance
• Develop new functionality based on user needs

2.4 Communicate With You

• Send service-related emails (job status updates, account notifications) via Resend
• Respond to support inquiries
• Inform you of important changes to terms or features

2.5 Ensure Security and Compliance

• Detect and prevent fraud, abuse, or unauthorized access
• Enforce rate limits using distributed Redis-based controls
• Enforce our Terms of Service
• Comply with legal obligations

3. How We Share Your Information

We do NOT sell your personal information. We may share your information only in the following circumstances:

3.1 Third-Party Service Providers

We use the following third-party services to operate Sandman:

Each third-party provider is contractually obligated to protect your data and use it only for the purposes specified.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

3.3 Business Transfers

If Sandman is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you services:

After retention periods expire, data is securely deleted or anonymized.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit — All data transmitted to and from our Service is encrypted using TLS/HTTPS
• Encryption at rest — Sensitive data is encrypted in our databases
• Access controls — Strict role-based access to production systems
• Row-Level Security (RLS) — Database policies ensure users can only access their own data
• Secure authentication — Passwords are hashed; OAuth tokens are handled securely
• Distributed rate limiting — Upstash Redis enforces per-user request limits to prevent abuse
• Error monitoring — Sentry captures and alerts on security-relevant errors in real time
• Health monitoring — Continuous automated checks on all critical service dependencies

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access the personal information we hold about you
• Request a copy of your data in a portable format

6.2 Correction

You can update your account information at any time through the Service settings.

6.3 Deletion

You can request deletion of your account and associated data by contacting us at support@sandmanci.com. Upon request, we will:

• Delete your account and personal information
• Remove analyzed data and chat history
• Cancel any active subscriptions

Note: Some information may be retained as required by law or for legitimate business purposes.

6.4 Analytics Opt-Out

You can opt out of PostHog product analytics tracking by contacting us at support@sandmanci.com or through your browser's Do Not Track settings. Note that Sentry error monitoring cannot be disabled as it is required for service reliability.

6.5 Marketing Opt-Out

You can opt out of promotional communications by:

• Using the unsubscribe link in emails
• Updating your notification preferences in account settings

6.6 Cookie Preferences

Essential cookies required for authentication cannot be disabled. We use minimal tracking and do not use cookies for advertising purposes.

7. International Data Transfers

Our Service is hosted in the United States. If you are accessing Sandman from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

We rely on appropriate safeguards for international transfers, including:

• Standard Contractual Clauses with third-party providers
• Privacy Shield certifications where applicable
• Consent-based transfers

8. Children's Privacy

Sandman is not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@sandmanci.com.

9. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., social media platforms). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know — Request information about the categories and specific pieces of personal information we collect
• Right to Delete — Request deletion of your personal information
• Right to Opt-Out — We do not sell personal information
• Right to Non-Discrimination — We will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@sandmanci.com.

11. European Users (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

11.1 Legal Bases for Processing

11.2 Your GDPR Rights

• Access — Right to access your personal data
• Rectification — Right to correct inaccurate data
• Erasure — Right to request deletion ("right to be forgotten")
• Restriction — Right to restrict processing
• Portability — Right to receive your data in a structured format
• Object — Right to object to processing based on legitimate interests
• Withdraw consent — Right to withdraw consent at any time

11.3 Data Protection Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries in the EEA, you may also contact our designated representative.

14. Summary of Data Practices

This Privacy Policy is designed to be transparent about our practices while protecting your privacy rights. Thank you for trusting Sandman with your content strategy.

Last Updated: April 30, 2026