Amalgam Partners
Privacy Policy
Effective Date: July 3, 2026
amalgampartners.com
Notice to Meta / Facebook Reviewers
This privacy policy governs the Amalgam Partners application and platform, which integrates with the Meta Graph API to access Instagram Business account data on behalf of authorized restaurant and small business clients. Sections 3, 4, 5, and 9 specifically address Meta platform data handling, storage, use restrictions, and deletion procedures as required by Meta's Platform Policy.
1. Introduction
Amalgam Partners ("we," "us," or "our") operates an AI-powered analytics dashboard platform available at https://demo-dashboard-two-snowy.vercel.app/ (the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect information when you use our Service, including data obtained through third-party platform integrations such as the Meta Graph API (Instagram and Facebook), Google Business Profile, Clover POS, Yelp, weather data providers, and promotional data sources.
By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.
This policy applies to:
• Business owners and administrators who create accounts and connect their data sources
• End users (employees) who access the platform through an authorized business account
• Visitors to our website
2. Information We Collect
2a. Account Information
When you create an account with us, we collect:
• Name and email address
• Business name, address, and contact information
• Account credentials (passwords are hashed and never stored in plain text)
• Billing information (processed by our payment processor — we do not store full card numbers)
2b. Clover POS Data
With your explicit authorization through the Clover OAuth flow, we access:
• Transaction records including date, time, amount, and items sold
• Menu item names, categories, and pricing
• Employee sales performance data (aggregated)
• Void and refund records
• Payment type summaries (cash, card, digital wallet)
• Customer loyalty program data where enabled
We access this data solely to populate your analytics dashboard and provide insights to you as the authorized account holder.
2c. Meta Platform Data (Instagram and Facebook)
With your explicit authorization through Meta's OAuth 2.0 flow, we access the following data from your Instagram Business account and connected Facebook Page:
• Instagram Business account profile information: username, follower count, media count
• Post-level metrics: likes, comments, reach, and impressions for your business posts
• Account-level insights: profile reach, impressions, and follower growth over time
• Facebook Page metrics: page likes, page impressions, and engaged users
• Audience demographic data where available through the Instagram Graph API
Important: We access Meta platform data only on behalf of the business owner who has explicitly authorized our application. We do not access personal Instagram accounts, and we do not collect data from Instagram users who have not authorized our app. We access only the minimum permissions necessary to provide the dashboard features described in this policy.
2d. Google Business Profile and Review Data
With your authorization, we access:
• Your Google Business Profile metrics including views, search impressions, direction requests, and phone call clicks
• Google Reviews posted publicly about your business including reviewer display name, rating, review text, and date
• Review response history
2e. Yelp Review Data
We access publicly available Yelp review data for your claimed business listing including:
• Star ratings, review text, and reviewer display names
• Business rating summary and review count
2f. Weather Data
We collect historical and current weather data for your business location (temperature, precipitation, and conditions) from third-party weather data providers to enable sales-weather correlation analysis in your dashboard. No personal information is associated with weather data collection.
2g. Promotion and Marketing Data
We collect promotional campaign data you provide or that is accessible through your connected POS system, including promotion names, dates, redemption rates, and associated revenue figures.
2h. Usage Data
We automatically collect certain information when you use our Service:
• Log data including IP address, browser type, pages visited, and timestamps
• Device information including device type and operating system
• Cookies and similar tracking technologies as described in Section 10
3. How We Use Your Information
Provide the Service
Display analytics dashboards, generate AI-powered insights, and operate the chatbot assistant using your connected data sources
Meta Platform Data
Display Instagram and Facebook metrics on your dashboard only. We do not use Meta platform data for advertising, profiling unrelated to the Service, or any purpose beyond displaying your own business analytics to you
Clover POS Data
Analyze transaction patterns, generate sales reports, identify trends, and power the AI chatbot to answer questions about your business performance
Review Data
Aggregate and analyze customer sentiment, identify recurring themes, and display review summaries and trend analysis
Weather Data
Correlate weather patterns with your sales data to surface insights about demand drivers
Communication
Send transactional emails, product updates, and service notifications. We do not send marketing emails without your consent
Improve the Service
Analyze aggregated, anonymized usage patterns to improve our platform features and performance
Legal Compliance
Comply with applicable laws, regulations, and legal processes
Meta Platform Data Use Restriction
In accordance with Meta's Platform Policy, we do not use data obtained through the Instagram Graph API or Facebook Graph API for: advertising or marketing to users; selling or transferring the data to third parties; profiling users for purposes unrelated to the Service; or any purpose inconsistent with the permissions granted by the user during the OAuth authorization flow.
4. Data Storage and Security
4a. Where Data is Stored
Your data is stored on servers located in the United States. We use Vercel for infrastructure hosting. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.
4b. Access Controls
• Access to customer data is restricted to authorized personnel who need it to provide the Service
• All internal access is logged and audited
• We use role-based access controls to limit data exposure
• Employee access is governed by confidentiality agreements
4c. Meta Platform Data Storage
Regarding data obtained through the Meta Graph API specifically:
• Instagram and Facebook metrics are stored in our secure database associated with your business account only
• Access tokens obtained through Meta's OAuth flow are stored encrypted and are never logged or exposed in plain text
• We do not store Meta platform data beyond what is necessary to display your dashboard and maintain historical trend data
• Meta platform data is never transferred to third parties except as described in Section 6
4d. Data Retention
Account information
Retained while your account is active and for 90 days after deletion
Clover transaction data
Retained for 36 months to enable year-over-year comparisons
Meta platform data
Retained for 24 months of historical metrics to enable trend analysis
Review data
Retained for 36 months
Weather data
Retained for 36 months
Usage logs
Retained for 12 months
Access tokens
Retained until revoked, expired, or account deletion. Refreshed automatically every 30 days.
5. Data Sharing and Third Parties
We do not sell your personal information or your connected platform data to any third party. We share data only in the following limited circumstances:
5a. Service Providers
We share data with third-party service providers who assist us in operating the Service. These providers are contractually obligated to use data only for the purposes we specify:
Category
AI Processing
Anthropic, PBC (Claude API) — processes your business data to generate chatbot responses and AI insights. Data is processed per Anthropic's API data usage policy.
Database Hosting
Supabase
Infrastructure Hosting
Vercel
Payment Processing
Authorize.net — for subscription billing. We do not store payment card data.
Weather Data
Meteostat
5b. Meta Platform Data Sharing
Data obtained through the Meta Graph API (Instagram and Facebook) is shared only with:
• Anthropic (Claude API) for the sole purpose of generating AI-powered insights displayed to you within your dashboard
• Our database hosting provider for secure storage as described above
Meta platform data is never sold, transferred, or shared with any other third party for any purpose.
5c. Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
5d. Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
6. Your Rights and Choices
6a. Access and Portability
You have the right to request a copy of the personal information and business data we hold about you. To submit a request, contact us at contact@amalgampartners.com. We will respond within 30 days.
6b. Correction
You have the right to request correction of inaccurate personal information. You can update most account information directly through your dashboard settings.
6c. Deletion
You have the right to request deletion of your personal information and business data. To request deletion:
• Email contact@amalgampartners.com with the subject line 'Data Deletion Request'
• We will delete your account data within 30 days of receiving a verified request
• Following deletion, we will also ensure any cached Meta platform data associated with your account is purged from our systems within 30 days
• Some information may be retained for legal compliance purposes (e.g. billing records required by tax law)
6d. Revoking Third-Party Authorizations
You can revoke our access to any connected platform at any time:
• Clover: Through your Clover merchant dashboard under Connected Apps
• Meta (Instagram/Facebook): Through your Facebook Settings → Apps and Websites — remove our app to immediately revoke all access
• Google: Through your Google Account permissions settings
Upon revocation, we will stop pulling new data from that platform. Existing historical data in your dashboard will be retained per our data retention schedule unless you also submit a deletion request.
6e. New York Privacy Rights
As a New York-based company serving New York residents, we comply with applicable New York privacy laws. New York residents have the right to know what personal information is collected about them and how it is used, and to request deletion of that information. To exercise these rights, contact us using the information in Section 11.
7. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at contact@amalgampartners.com and we will take steps to delete such information.
8. AI-Powered Features
Our Service uses artificial intelligence to analyze your business data and generate insights. Specifically:
• We use Anthropic's Claude API to power our AI chatbot assistant and automated insight generation
• When you ask a question through the chatbot, relevant data from your connected sources (Clover, reviews, social media metrics, etc.) is sent to Anthropic's API to generate a response
• Anthropic's API data handling is governed by Anthropic's privacy policy and API usage terms
• We do not send personally identifiable information about your customers to the AI API — only aggregated business metrics and anonymized data
• AI-generated responses are provided for informational purposes only and should not be relied upon as professional financial, legal, or business advice
9. Meta Platform Compliance
Our use of the Meta Graph API is governed by Meta's Platform Policy and Terms of Service in addition to this Privacy Policy. Specifically:
9a. Permissions We Use
Permission
Why We Use It
instagram_basic
Read your Instagram Business profile and media to display profile metrics in your dashboard
instagram_manage_insights
Read account-level reach, impressions, and engagement metrics for display in your analytics dashboard
pages_show_list
List the Facebook Pages you manage to identify your business Page for data connection
pages_read_engagement
Read your Facebook Page metrics including reach, impressions, and engagement for display in your dashboard
9b. Data Use Restrictions
Consistent with Meta's Platform Policy, we confirm the following:
• We do not use Instagram or Facebook data to build user profiles for advertising purposes
• We do not transfer Meta platform data to data brokers or advertising networks
• We do not use Meta platform data for purposes beyond providing the analytics dashboard features described in this policy
• We do not combine Meta platform data with data from other sources for any purpose other than displaying your own business analytics to you
• We store Meta platform data only as long as necessary to provide trend analysis features (24 months maximum)
9c. Reporting Violations
If you believe our application has misused Meta platform data, you may report this to Meta directly at developers.facebook.com/support in addition to contacting us at contact@amalgampartners.com.
10. Cookies and Tracking
We use cookies and similar tracking technologies to operate our Service:
Essential cookies
Required for authentication and session management. Cannot be disabled without preventing login.
Analytics cookies
We use Google Analytics to understand how our Service is used. You can opt out through your browser settings.
Preference cookies
Remember your dashboard settings and display preferences
You can control cookie settings through your browser. Note that disabling certain cookies may affect the functionality of our Service.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
• Post the updated policy on this page with a new effective date
• Send an email notification to all registered account holders
• Display a prominent notice in your dashboard for 30 days following the update
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Amalgam Partners.com
Privacy Officer
550 W 45th St., New York, NY 10036
Email: contact@amalgampartners.com
Website: amalgampartners.com
Amalgam Partners Privacy Policy — Effective July 3, 2026
This document should be reviewed by a qualified attorney before publication. It is provided as a template and does not constitute legal advice.
Prefer email? You can reach us directly at contact@amalgampartners.com