Jusqu'à 45 jours offerts pour toute souscription avant dimanche !

Se termine dans
00j
00h
00m
00s
logoPropulse
1

Privacy Policy

Propulse - propulse.me

Last updated: April 15, 2026

Article 1 - Data Controller

This Privacy Policy describes how the personal data of users of the propulse.me website (hereinafter the "Site") and the services offered by Propulse (hereinafter the "Services") is collected, processed, stored and protected.

The data controller for personal data is:

Imperivm Marketing FZCO Bureau A1, Dubai Silicon Oasis, Dubai, United Arab Emirates Email: support@propulse.me Legal representative: Enguerrand Masse

For any question relating to the protection of your personal data, you may contact our Data Protection Officer (DPO) at: support@propulse.me

Article 2 - Personal Data Collected

2.1 Data collected at registration

When creating your Client Account, the following data is collected:

  • First and last name
  • Email address
  • Phone number (where applicable)
  • Instagram or TikTok username
  • Payment method information (processed by Stripe, our payment service provider — Propulse does not retain any banking details)

2.2 Data collected in connection with the growth service

For the performance of the social media growth service, the following data is collected:

  • Access credentials for the Client's social media account (username and password)
  • Targeting parameters defined by the Client (target accounts, hashtags, locations)
  • Activity data related to service performance (actions taken, performance statistics)
  • Client's connection IP address

2.3 Data collected via the Instagram Graph API (Meta)

When the Client connects their Instagram Business or Creator account via Facebook Login to use the Propulse Audience service or the content calendar, the following data is collected via the official Meta API:

  • Profile information: username, profile picture, number of followers, number of publications.
  • Audience data: breakdown by age, gender, location (cities and countries) of the Client's followers.
  • Performance statistics: reach, impressions, profile visits, bio link clicks, audience activity hours.
  • Content data: publications (photos, videos, carousels), number of likes, comments, saves and shares.
  • Content publication: ability to schedule and publish posts via the content calendar.

2.4 Browsing data

When you browse the Site, the following data may be collected automatically:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and duration of consultation
  • Traffic source (referral URL)
  • Cookie data (see Article 9)

Article 3 - Purposes of Processing

The personal data collected is processed for the following purposes:

Performance of Services — Legal basis: performance of contract (Article 6.1.b GDPR). Provision of growth, analytics and publication services to which the Client has subscribed.

Client Account Management — Legal basis: performance of contract. Account creation and management, authentication, subscription and billing management.

Payment Management — Legal basis: performance of contract. Payment processing, management of payment incidents, billing.

Customer Support — Legal basis: performance of contract. Processing of support requests, complaint follow-up, communication with the Client.

Service Improvement — Legal basis: legitimate interest (Article 6.1.f GDPR). Usage analysis, improvement of Platform performance and features.

Commercial Communication — Legal basis: consent (Article 6.1.a GDPR). Sending information about new services, promotional offers and Propulse news. The Client may withdraw their consent at any time.

Security and Fraud Prevention — Legal basis: legitimate interest. Prevention of unauthorised access, detection of fraudulent behaviour, protection of Platform integrity.

Compliance with Legal Obligations — Legal basis: legal obligation (Article 6.1.c GDPR). Retention of billing data, response to requests from competent authorities.

Article 4 - Use of Instagram Data (Meta API)

Data collected via the Instagram Graph API (Meta) is used exclusively to:

  • Display the Client's Instagram statistics in the Propulse Audience dashboard.
  • Enable the scheduling and publication of content via the content calendar.

Propulse undertakes not to use data obtained via the Meta API for any purpose other than those described above. This data is not sold, rented or shared with third parties.

Propulse complies with the Meta Platform Terms and Meta Developer Policies. The Propulse application is verified by Meta as a Tech Provider.

Article 5 - Data Sharing

5.1 Principle

Propulse never sells, rents or shares the Client's personal data with third parties for commercial purposes.

5.2 Sub-processors

The Client's personal data may be communicated to the following sub-processors, acting on behalf of Propulse and in strict compliance with its instructions:

  • Stripe (United States): payment processing. PCI-DSS certified.
  • Supabase (United States): database hosting.
  • Cloudflare (United States): Site hosting and security.
  • Intercom (United States): customer support and communication.
  • PostHog (European Union): product analytics.
  • Meta Platforms (United States): Instagram Graph API for the Audience service.

Each sub-processor is bound by a data processing agreement (DPA) compliant with Article 28 of the GDPR.

5.3 Legal Obligations

Propulse may be required to disclose personal data in order to comply with a legal obligation, a court decision or a request from a competent authority.

Article 6 - International Data Transfers

Propulse's registered office is located in Dubai, United Arab Emirates. Some of our sub-processors are located in the United States. The United Arab Emirates and the United States do not benefit from an adequacy decision from the European Commission under Article 45 of the GDPR.

To guarantee an adequate level of protection of the personal data of Clients residing in the European Union, Propulse implements the following safeguards:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision 2021/914) signed with each sub-processor located in a country that does not benefit from an adequacy decision.
  • Transfer Impact Assessment for each recipient.
  • Additional technical security measures: encryption of data in transit (TLS/HTTPS) and at rest, pseudonymisation where possible, restricted access to authorised personnel.

The main database data is hosted on servers located in the European Union.

Article 7 - Data Retention Periods

Personal data is retained for the following periods:

Client Account Data: For the entire duration of the subscription, then thirty (30) days after cancellation or account deletion.

Social media credentials: For the entire duration of the subscription. Deleted within forty-eight (48) hours following cancellation.

Instagram data (Meta API): For the entire duration of the Instagram account connection. Deleted within thirty (30) days following revocation of access or deletion of the Propulse account.

Billing data: Ten (10) years from the end of the financial year, in accordance with applicable fiscal and accounting obligations.

Browsing data and cookies: Maximum thirteen (13) months from their collection.

Prospect data (non-clients): Three (3) years from the last contact.

T&C acceptance evidence: Five (5) years from acceptance (contractual prescription period).

Upon expiry of the retention periods, data is permanently deleted or irreversibly anonymised.

Article 8 - Data Security

Propulse implements appropriate technical and organisational measures to guarantee the security and confidentiality of personal data, including:

  • Encryption of data in transit via the HTTPS/TLS protocol.
  • Encryption of sensitive data at rest (credentials, access tokens).
  • Data access restricted to authorised personnel, on a least-privilege basis.
  • Secure authentication for access to internal systems.
  • Monitoring and logging of data access.
  • Regular backups and business continuity plan.
  • Staff awareness of best security and confidentiality practices.

Propulse never stores Client Instagram or TikTok passwords in plain text. Meta API access tokens are encrypted at rest and in transit.

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of the persons concerned, Propulse undertakes to notify the competent supervisory authority within seventy-two (72) hours and to inform the persons concerned as soon as possible, in accordance with Articles 33 and 34 of the GDPR.

Article 9 - Cookies

9.1 Definition

A cookie is a small data file stored on the user's device (computer, tablet, smartphone) when visiting a website. Cookies allow the site to recognise the user on subsequent visits.

9.2 Types of Cookies Used

Strictly necessary cookies These cookies are essential for the Site to function and cannot be disabled. They enable in particular authentication, secure browsing and session management. Legal basis: legitimate interest. Duration: session.

Performance and analytics cookies These cookies collect anonymous information about how visitors use the Site (pages visited, length of consultation, bounce rate). We use PostHog for these analyses. Legal basis: consent. Duration: maximum 13 months.

Functional cookies These cookies allow the user's preferences to be remembered (language, display settings). Legal basis: consent. Duration: 12 months.

9.3 Cookie Management

On your first visit to the Site, an information banner allows you to accept or refuse non-essential cookies. You can modify your preferences at any time from the cookie settings accessible at the bottom of the Site page.

You can also configure your browser to accept or refuse cookies. Disabling certain cookies may reduce the functionality available on the Site.

Article 10 - Rights of Data Subjects

In accordance with the GDPR, you have the following rights regarding your personal data:

Right of access (Article 15): Obtain confirmation that your data is being processed and access that data.

Right to rectification (Article 16): Request the correction of inaccurate or incomplete data.

Right to erasure (Article 17): Request the deletion of your data in the cases provided for by the GDPR.

Right to restriction of processing (Article 18): Request restriction of processing of your data in certain cases.

Right to data portability (Article 20): Receive your data in a structured, commonly used and machine-readable format.

Right to object (Article 21): Object to the processing of your data based on legitimate interest.

Right to withdraw consent (Article 7): Withdraw your consent at any time, without this affecting the lawfulness of the processing carried out prior to withdrawal.

To exercise these rights, send your request to: support@propulse.me. Propulse undertakes to respond to your request within thirty (30) days. Identity verification may be requested before processing your request.

In the event of a complaint, you may also lodge a complaint with the supervisory authority of your country of residence. For France: Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr.

Article 11 - Revoking Access to Instagram Data

The Client may revoke Propulse's access to their Instagram account at any time:

  • From their Instagram account settings (Settings > Apps and Websites).
  • From the Propulse dashboard.
  • By contacting support at support@propulse.me.

Revocation immediately removes Propulse's access to the Client's Instagram data. Data previously collected via the Meta API is deleted from our servers within thirty (30) days.

Article 12 - Protection of Minors

Propulse's Services are intended for persons aged 18 or over. Propulse does not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it as soon as possible.

Article 13 - Modification of the Privacy Policy

Propulse reserves the right to modify this Privacy Policy at any time. In the event of a material change, the Client will be informed by email at least fifteen (15) days before the new version comes into effect.

The version of the Privacy Policy in force is the one accessible on the Site at the date of consultation. The date of last update is indicated at the top of this document.

Article 14 - Contact

For any question relating to this Privacy Policy or the processing of your personal data, you may contact us:

By email: support@propulse.me By post: Imperivm Marketing FZCO, Bureau A1, Dubai Silicon Oasis, Dubai, UAE Data Protection Officer: support@propulse.me

Propulse - Imperivm Marketing FZCO Bureau A1, Dubai Silicon Oasis, Dubai, UAE support@propulse.me