Privacy Policy

Last updated: January 2025

Privacy Policy

1. Information We Collect

  • Account Data: Name, email, password.
  • Third-Party Login Data: If you sign in with Google, we collect your Google account email and profile information for authentication purposes only.
  • Social Media Platform Data:
    • Meta Platforms (Facebook, Instagram, Threads): User ID, page/account names, page access tokens, content permissions
    • Pinterest: User ID, board information, authentication tokens for pin creation
    • Other Platforms (X/Twitter, LinkedIn, YouTube, TikTok, Bluesky): Authentication tokens, usernames, profile information necessary for posting
    • Content Data: Posts, images, videos you create and schedule
    • Analytics: Post performance metrics (with your consent)
  • Payment Data: Processed securely via Stripe (we never store full card details).
  • Usage Data: Browser, IP address, time zone, app interactions.
  • AI Features: Optional AI content suggestions (processed by OpenAI).

2. How We Use Your Data

  • To provide and improve the Service.
  • To authenticate and connect your social media accounts.
  • To publish scheduled posts on your behalf to connected platforms.
  • To display analytics and performance metrics for your content.
  • To process payments and manage subscriptions.
  • To send you updates and important account information.
  • To comply with legal obligations.

3. Meta Platform Data Handling

When you connect your Facebook, Instagram, or Threads accounts:

  • Data We Access: Only the minimum data required to post content and read basic analytics.
  • Data Storage: Access tokens are encrypted and stored securely in our database.
  • Data Usage: Used solely to perform actions you explicitly request (posting, scheduling, analytics).
  • Data Deletion: You can disconnect accounts anytime. We support Meta's data deletion callbacks.
  • No Third-Party Sharing: We never sell or share your Meta platform data with advertisers or other third parties.

4. Data Processors and Service Providers

We work with trusted service providers to deliver our service:

  • Supabase Inc.: Database hosting and authentication services
  • Cloudflare, Inc.: Media storage and content delivery
  • Vercel Inc.: Application hosting and deployment
  • OpenAI, L.L.C.: AI-powered content suggestions (optional feature)
  • Stripe, Inc.: Payment processing (no social media data shared)

These processors are contractually bound to protect your data and use it only as we direct.

5. Data Security

  • Industry-standard encryption for data in transit and at rest
  • Row-level security on database access
  • Regular security audits and updates
  • Secure OAuth 2.0 authentication for social platforms
  • Automatic token refresh and validation

6. Your Rights and Controls

  • Access: View all data we have about you in your account settings
  • Correction: Update your profile and connected accounts anytime
  • Deletion: Request complete account and data deletion
  • Portability: Export your data in a machine-readable format
  • Disconnection: Remove social media connections instantly
  • Consent Withdrawal: Opt out of optional features like analytics

7. Data Retention

  • Account Data: Until you delete your account
  • Posted Content: Removed after 90 days
  • Payment Data: Retained as required by law (typically 7 years)
  • Support Records: 2 years
  • Media Files: Automatically deleted after successful posting
  • Disconnected Social Accounts: Tokens deleted immediately upon disconnection

8. Sharing Data

We share limited data only with:

  • Stripe: Payment processing
  • Supabase: Secure hosting and authentication
  • OpenAI: Content suggestions (if used)
  • Cloudflare: Media storage and CDN
  • Vercel: Application hosting
  • Social Media APIs: To post and manage content on your behalf

We never sell personal or social media data.

9. API & Platform Compliance

  • We use APIs of Meta (Facebook, Instagram, Threads), Pinterest, X/Twitter, LinkedIn, YouTube, TikTok, and Bluesky only as necessary to provide the Service
  • We do not use social media data for advertising or analytics outside the Service
  • Users may disconnect accounts at any time via SocialCal or directly at the platform
  • We comply with each platform's developer policies

10. Cookies

We use cookies for:

  • Login and authentication
  • Analytics and performance monitoring
  • User preferences and settings
  • Essential cookies cannot be disabled

11. International Data Transfers

Your data may be processed outside your country. We apply GDPR-compliant safeguards where applicable and ensure appropriate protection for international transfers.

12. Legal Requests and Compliance

We may disclose your information if required by law or valid legal process. We will:

  • Review the legality of all requests
  • Challenge unlawful requests when appropriate
  • Minimize data disclosure to what's legally required
  • Notify you of requests unless legally prohibited
  • Document all requests and our responses

13. California Privacy Rights (CCPA)

California residents have additional rights including the right to know, delete, and opt-out of data sales (we don't sell data).

14. European Privacy Rights (GDPR)

EU residents have rights under GDPR including access, rectification, erasure, and data portability. Contact us to exercise these rights.

15. Children's Privacy

SocialCal is not intended for children under 13. We do not knowingly collect data from children.

16. Privacy Settings

  • Manage email preferences in your account dashboard
  • Disconnect integrated social media accounts anytime
  • Request account/data deletion at [email protected]

17. Changes to This Policy

We may update this policy and will notify you of material changes via email or in-app notification.

18. Company Information

SocialCal – operated by Jan Oršula

  • IČO: 75463822
  • Not a VAT payer
  • Business Address: Marie Majerove 1633, Sokolov, 35601, Czech Republic
  • Email: [email protected]

19. Contact Us

For privacy concerns or to exercise your rights: