Privacy Policy

Effective date: April 6, 2026

1. Information We Collect

We collect information necessary to provide the Service:

  • Account information: name, email address, and password when you register
  • Content you create: scheduled posts, media uploads, DM automation rules, and message templates
  • Usage data: features used, actions taken, timestamps, and device/browser information
  • Payment information: billing details processed through our third-party payment provider; we do not store full payment card numbers

2. Data From Connected Platforms

When you connect a social media account, we access data permitted by that platform's API and your authorization scope. The specific data varies by platform:

Instagram & Facebook (Meta)

  • Profile name, username, profile picture, and account ID
  • Access and refresh tokens (encrypted at rest)
  • Post content, media URLs, captions, and publishing timestamps
  • Engagement metrics: likes, comments, shares, reach, impressions
  • Direct message metadata: conversation IDs, message timestamps, and sender/recipient identifiers (used for DM automation features)
  • Follower and following counts

TikTok

  • Display name, username, profile picture, and account ID
  • Access and refresh tokens (encrypted at rest)
  • Video metadata: titles, descriptions, publishing timestamps
  • Engagement metrics: views, likes, comments, shares

YouTube (Google)

  • Channel name, channel ID, and profile picture
  • Access and refresh tokens (encrypted at rest)
  • Video metadata: titles, descriptions, thumbnails, publishing timestamps
  • Engagement metrics: views, likes, comments, subscriber count

YouTube data is accessed via the YouTube API Services. By connecting YouTube you also agree to YouTube's Terms of Service and Google's Privacy Policy. You can revoke access at any time via Google Security Settings. We do not use data obtained through Google APIs to develop, improve, or train generalized AI or machine learning models.

We only access data necessary to provide the features you use. We do not sell or share Connected Platform data with third parties for advertising purposes.

3. DM Recipient Data

When you use the automated messaging features, we may process limited data about the recipients of your messages ("Contacts"):

  • Platform username and user ID of people who interact with your automated DM rules
  • Conversation metadata: timestamps, trigger keywords, and rule match data
  • Whether a Contact has opted out of automated messages from your account

You are the data controller for your Contacts' data; social-claw acts as a data processor on your behalf. We process Contact data solely to deliver the automated messaging features you configure. We do not use Contact data for our own marketing or share it with third parties.

Contact data associated with inactive DM rules is automatically purged 90 days after the rule is disabled or deleted. You can also manually delete Contact data from your dashboard at any time.

4. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To schedule posts and send automated messages on your behalf through Connected Platforms
  • To display analytics and performance data for your accounts
  • To process payments and manage subscriptions
  • To communicate with you about the Service, including support requests, security alerts, and product updates
  • To detect and prevent fraud, abuse, spam, or violations of our Terms of Service
  • To comply with legal obligations and respond to lawful requests

We do not use your data to train machine learning or AI models. We do not use data obtained through Connected Platform APIs for any purpose other than providing the Service to you.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: hosting, payment processing, and infrastructure partners that help us operate the Service, bound by contractual data protection obligations
  • Connected Platforms: to publish content and send messages on your behalf, as authorized by you
  • Legal compliance: when required by law, regulation, court order, or governmental request; we will attempt to notify you before disclosure unless legally prohibited
  • Business transfers: if social-claw is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction; we will notify you via email or in-app notice before your data becomes subject to a different privacy policy

6. Data Storage & Security

Your data is stored on secure infrastructure. Access tokens for Connected Platforms are encrypted at rest using AES-256 encryption. We implement industry-standard security measures to protect against unauthorized access, alteration, or destruction of data, including TLS encryption in transit and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

  • Account data: retained for as long as your account is active
  • Scheduled posts & DM rules: retained while your account is active; deleted within 30 days of account deletion
  • Contact/recipient data: automatically purged 90 days after the associated DM rule is disabled or deleted
  • Analytics data: may be retained in anonymized, aggregated form after account deletion
  • Payment records: retained as required by applicable tax and financial regulations

When you delete your account, we remove your personal data within 30 days, except where retention is required by law. Content already published or sent on Connected Platforms is not affected by account deletion. It remains on those platforms and is governed by their retention policies.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request restriction of processing or object to processing of your data
  • Disconnect any connected social media account at any time
  • Export your data in a machine-readable, portable format
  • Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at the address below. We will respond within 30 days. If you are in the EEA, UK, or other jurisdiction with a data protection authority, you also have the right to lodge a complaint with your local supervisory authority.

9. International Data Transfers

Your data may be processed in countries other than your country of residence, including India and the United States (where our infrastructure providers operate). Where data is transferred across borders, we ensure appropriate safeguards are in place, including contractual data protection clauses with our service providers.

10. Cookies

We use essential cookies required for authentication and session management. We do not use third-party tracking or advertising cookies. You may configure your browser to refuse cookies, but this may prevent certain features of the Service from functioning correctly.

11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 15 days before they take effect. Continued use of the Service after the effective date of any update constitutes acceptance. The "Effective date" at the top of this page indicates when the policy was last revised.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@social-claw.com.