← Back to SocialAI

Privacy Policy

Last updated: June 12, 2026

1. What We Collect

  • Account data — name, email, phone (optional), password (hashed by our auth provider).
  • Brand data — business details, logos, brand guidelines, and website content you provide or that we extract at your request.
  • Social account tokens — OAuth access tokens for the platforms you connect, stored encrypted, used solely to publish content you approve and read basic account/page metadata.
  • Content & usage — content you generate, upload, save, or schedule; credit consumption; feature usage and technical logs.
  • Billing data — handled by Stripe; we never see or store full card numbers.

2. How We Use It

To operate the Service: generate on-brand content with AI models, publish to your connected accounts at your direction, schedule and deliver notifications, meter usage against your plan, process payments, prevent abuse, and improve the product. We do not sell your personal data.

3. Third-Party Processors

We share data only with processors needed to run the Service: Supabase (database, authentication, file storage), Stripe (payments), Google and Anthropic (AI content generation — your brand context and prompts are sent to generate content), Upstash (job queue), Vercel/Railway (hosting), and the social platforms you connect (Meta, LinkedIn, X, Google/YouTube, TikTok) to publish your content.

4. Social Platform Data

Data received from social platforms (account IDs, page names, follower counts) is used only to provide publishing and analytics features you request. We comply with each platform's developer policies, including Meta's Platform Terms. You can disconnect a platform at any time, which deletes its tokens from our systems.

5. Retention & Deletion

Account data is retained while your account is active. Daily-feed content is replaced on each generation cycle; saved drafts expire per your plan; uploaded media is deleted when you remove it or close your account. When you delete your account, we delete your personal data, brand data, tokens, and content within 30 days, except records we must keep for legal or accounting reasons. To request deletion, email us or use the account deletion option in Settings.

6. Security

Data is encrypted in transit (TLS) and at rest. Social tokens are additionally encrypted at the application layer (AES-256-GCM). Access to production systems is restricted and credentialed. No method of storage is 100% secure; we will notify affected users of any breach as required by law.

7. Your Rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact us to exercise these rights; we respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

9. Changes & Contact

We will notify you of material changes to this policy by email or in-app notice. Questions or requests: nn0476476@gmail.com