Privacy Policy

We collect information in three ways:

Information you provide directly:

• Account data — your name, email address, and password when you register.
• Profile data — profile picture, display name, and preferences you set.
• Social account credentials — OAuth tokens for connected social media accounts (stored encrypted; we never store raw passwords).
• Content you create — post drafts, captions, scheduled content, and media you upload.
• Communications — messages you send to our support team.

Information collected automatically:

• Usage data — pages visited, features used, clicks, and session duration.
• Device and browser data — IP address, browser type, operating system, and device identifiers.
• Log data — error logs, API request timestamps, and performance metrics.

Information from third parties:

• Social platform APIs — post metrics, follower counts, and engagement data from platforms you connect (Instagram, Twitter/X, LinkedIn, Facebook, TikTok).
• AI providers — when you use AI content generation, your prompts and generated content are processed by OpenAI under their own privacy policy.

We use your information to:

• Create and maintain your account
• Provide the social media scheduling, analytics, and AI content generation services
• Authenticate with connected social media platforms on your behalf
• Analyze usage patterns to improve performance and add new features
• Send transactional emails (password resets, posting confirmations, billing receipts)
• Provide customer support and respond to your inquiries
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations

We share your data only in these circumstances:

• Service providers — trusted vendors who process data on our behalf (e.g., cloud hosting, payment processing, analytics). They are bound by data processing agreements and may not use your data for their own purposes.
• Social media platforms — we share content and credentials solely to perform the actions you request (publishing posts, fetching analytics).
• AI providers (OpenAI) — your content generation prompts are sent to OpenAI's API. Review OpenAI's Privacy Policy for details.
• Legal requirements — if required by law, court order, or governmental authority.
• Business transfers — in the event of a merger or acquisition, your data would be transferred with appropriate notice.

We never sell your personal information to third parties.

We retain your data for as long as your account is active or as necessary to provide services. Specifically:

• Account data — retained until you delete your account.
• Published post content — retained indefinitely unless you delete it.
• Usage logs — retained for up to 12 months for security and analytics purposes.
• Billing records — retained for 7 years to comply with financial regulations.

When you delete your account, we permanently delete all your personal data within 30 days, except where retention is legally required.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.2+
• Passwords are hashed using bcrypt (never stored in plaintext)
• OAuth tokens for connected social accounts are encrypted at rest using AES-256
• Access to production systems is restricted and requires multi-factor authentication
• We conduct periodic security audits and vulnerability assessments

No system is 100% secure. In the event of a data breach that affects your information, we will notify you within 72 hours as required by applicable law.

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data (the "right to be forgotten").
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to certain processing activities.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@socialcopilot.app. We will respond within 30 days.

You can delete your account and all associated data at any time from Settings > Account > Delete Account.

We use cookies and similar technologies for:

• Essential cookies — required for authentication and session management (cannot be disabled).
• Preference cookies — remember your UI preferences like theme and language.
• Analytics cookies — help us understand how users interact with SocialCopilot (aggregated, anonymized data only).

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences in your browser settings at any time.

SocialCopilot integrates with third-party platforms. Their privacy policies govern their use of your data:

• OpenAI — AI content generation. Privacy Policy
• Meta (Instagram, Facebook) — social publishing and analytics. Privacy Policy
• Twitter/X — social publishing and analytics. Privacy Policy
• LinkedIn — social publishing and analytics. Privacy Policy
• TikTok — social publishing and analytics. Privacy Policy

We are not responsible for the privacy practices of these third-party services.

SocialCopilot is not directed to children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you by email if the changes materially affect your rights
• Show an in-app notification for changes that require your attention

Your continued use of SocialCopilot after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

• Email: privacy@socialcopilot.app
• Response time: We aim to respond within 5 business days.

For account-related support, visit the Support Center or contact our team through the dashboard.