Socialync Logo
Socialync

Privacy Policy

Last Updated: June 10, 2026

1. Introduction

Welcome to Socialync. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information about you when you use our social media management platform and connect your social media accounts.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information (name, email address, password)
  • Profile information and preferences
  • Content you create, upload, or schedule (text, images, videos)
  • Payment and billing information (processed securely through Stripe)
  • Communications with our support team

2.2 Information from Connected Social Media Platforms

When you connect your social media accounts, we collect specific information as authorized by you and permitted by each platform's API:

Facebook Data Collection

  • Page Information: Page names, IDs, and access tokens for pages you manage
  • Basic Metrics: Public engagement data (likes, comments, shares) only for content you post through our platform
  • Account Verification: Basic profile information to verify account ownership
  • Publishing Data: Success/failure status of posts made through our platform

Instagram Data Collection

  • Business Account Info: Instagram Business account username, ID, and basic profile data
  • Content Publishing: Media upload capabilities and posting confirmations
  • Basic Analytics: Public engagement metrics only for content posted through our platform
  • Account Connection: Verification of Instagram Business account linkage to Facebook Pages

Twitter Data Collection

  • Profile Information: Username, display name, profile picture, and public profile data
  • Tweet Publishing: Ability to post tweets on your behalf when you use our platform
  • Public Metrics: Follower count and public engagement data for analytics
  • Account Verification: Basic account information to confirm identity and permissions

TikTok Data Collection

  • User Profile: Basic user information including username and profile details
  • Video Upload: Capability to upload and publish video content to your account
  • Publishing Status: Confirmation of successful uploads and any error messages
  • Content Settings: Privacy settings for uploaded videos (comments, duets, stitching)

YouTube Data Collection

  • Channel Information: Channel name, ID, description, and basic statistics
  • Video Upload: Capability to upload videos to your channel
  • Video Metadata: Titles, descriptions, tags, and thumbnails for uploaded content
  • Analytics Data: View counts, engagement metrics, and performance data for content posted through our platform
  • Channel Settings: Video privacy settings and monetization status

LinkedIn Data Collection

  • Profile Information: Name, headline, profile picture, and basic professional information
  • Content Publishing: Ability to create posts and articles on your behalf
  • Company Pages: Access to company pages you manage (with additional permissions)
  • Network Information: Basic network size and professional connections count

2.3 Payment and Subscription Information

When you subscribe to Socialync Premium, we collect and process payment-related information depending on your purchase method:

  • Apple App Store Purchases: Apple processes all payment information directly. We receive a transaction receipt and subscription status from Apple/RevenueCat but never see or store your payment card details. We store your subscription status, plan type, purchase date, and expiration date.
  • Web Purchases (Stripe): Stripe processes your payment securely. We receive and store your subscription status, plan type, billing period, and a Stripe customer ID. We do not store your full credit card number — Stripe handles PCI compliance.
  • Subscription Status: We track whether your subscription is active, cancelled, expired, or in a trial period to provide the correct level of service access.

2.4 Automatically Collected Information

  • Usage analytics (pages visited, features used, time spent)
  • Device information (browser type, operating system, IP address)
  • Performance data (error logs, response times, system performance)
  • Security information (login attempts, authentication events)

3. How We Use Your Information

We use your information to provide, maintain, and improve our services:

  • Service Delivery: Enable posting, scheduling, and content management across platforms
  • Account Management: Maintain your account, verify connections, and process payments
  • Content Processing: AI-powered content generation and optimization (premium features)
  • Analytics & Insights: Provide performance metrics and optimization recommendations
  • Platform Compliance: Ensure all content meets platform guidelines and policies
  • Technical Support: Troubleshoot issues and provide customer assistance
  • Security: Detect fraud, prevent abuse, and protect account security
  • Legal Compliance: Meet legal obligations and respond to lawful requests

4. Platform-Specific Data Handling

4.1 Facebook/Meta Data Compliance

  • Data Minimization: We only access pages and data you explicitly connect
  • User Control: You can disconnect pages and revoke access at any time
  • Meta Platform Policy Compliance: All data usage complies with Meta's Platform Policy
  • No Data Sharing: Facebook/Instagram data is never shared with third parties
  • Retention Limits: Page access tokens are refreshed regularly; inactive connections are removed after 90 days

4.2 Google/YouTube API Compliance

  • Limited Use Policy: YouTube data usage strictly adheres to Google's API Services User Data Policy
  • No Data Transfer: YouTube data is never transferred to third parties
  • Human Access Restrictions: YouTube data is only accessed by automated systems unless required for security
  • No AI Training: YouTube data is never used for AI training or machine learning models
  • User Consent: All YouTube actions require explicit user consent through our interface
  • Data Deletion: YouTube access tokens and data are immediately deleted when you disconnect

How to delete your stored YouTube data from Socialync

You can delete the YouTube data Socialync stores for your account at any time, in either of the following ways:

  • Disconnect your YouTube channel inside Socialync. Go to Settings → Connected Accounts, find the YouTube card, and click "Disconnect." This immediately deletes your YouTube OAuth tokens, channel metadata, and any cached YouTube analytics from our systems. Any YouTube videos you previously uploaded to your own channel through Socialync remain on YouTube and are not deleted by this action — manage those directly on YouTube Studio.
  • Delete your entire Socialync account. From Settings you can permanently delete your Socialync account, which removes all stored data including any YouTube tokens and analytics we hold on your behalf.
  • Email us. You can also email support@socialync.io to request deletion of your YouTube data; we will action requests within 30 days.

How to revoke Socialync's access to your Google account

Independent of deleting data inside Socialync, you can revoke Socialync's access to your Google and YouTube account directly from Google's account permissions page:

  • Visit https://myaccount.google.com/permissions (Google Account → Security → Third-party apps with account access).
  • Find "Socialync" in the list of apps with access.
  • Click "Remove Access." This invalidates the OAuth grant Google issued to Socialync, and Socialync can no longer call any YouTube or Google API on your behalf.

When access is revoked through Google, Socialync detects the revocation on the next refresh attempt and removes the associated YouTube tokens and cached YouTube data from our systems. You can do this in addition to (or instead of) the in-product disconnect.

4.3 Twitter API Compliance

  • Developer Agreement: All usage complies with Twitter's Developer Agreement
  • Content Policy: We enforce Twitter's content policies for all posted content
  • Rate Limiting: API usage respects Twitter's rate limits and best practices
  • Data Accuracy: Profile and metric data is refreshed regularly for accuracy

4.4 TikTok Developer Compliance

  • Developer Policy: All integrations follow TikTok's Developer Policy
  • Content Guidelines: Uploaded content must comply with TikTok's Community Guidelines
  • Limited Data Access: Only basic profile and upload capabilities are accessed
  • User Safety: Content moderation features are respected and maintained

4.5 LinkedIn API Compliance

  • Professional Standards: All usage maintains LinkedIn's professional platform standards
  • Content Quality: Published content adheres to LinkedIn's content policies
  • Member Privacy: Personal connections and private member data are never accessed
  • Company Pages: Company page management requires explicit authorization

5. AI Features and Third-Party AI Processing

Socialync offers AI-assisted features such as caption drafting, content suggestions, transcript analysis, style analysis, and integrations with third-party AI agents through the Model Context Protocol (MCP). When you use these features, the content you submit (e.g., a draft caption, a transcript, an instruction to an AI agent) is sent to a third-party AI provider for processing and the response is returned to you.

5.1 AI Sub-Processors

We use the following AI providers to power AI features. We may add or change providers as the AI ecosystem evolves; material changes will be reflected here.

  • Anthropic (Claude models) — drafting, content generation, MCP-based agent interactions
  • OpenAI (GPT models) — drafting, content generation, transcription
  • Other AI providers may be added for specific features (e.g., transcription, image generation). Where this is the case, we identify them in the relevant feature documentation.

When you connect your own third-party AI agent or MCP-compatible service to your Socialync account, that agent is operated by you and any data it processes is governed by the terms of the agent or service you have chosen. Socialync is not the controller of data processed by user-connected AI agents.

5.2 What Is Sent to AI Providers

  • The content you submit to an AI feature (e.g., your draft, prompt, or transcript)
  • Where relevant to the feature, your account-level style or brand preferences that you have configured
  • Limited operational metadata required to route the request (e.g., feature ID, request timestamp)

We do not send your platform OAuth tokens, payment information, or your social media followers' personal data to AI providers.

5.3 No Training on Your Content

We do not use your content to train AI models. We use AI sub-processors under their commercial API terms, which by default do not train on data submitted through the API. The specific retention and training behavior of each sub-processor is governed by their published API terms, which may evolve over time.

5.4 Retention of AI Inputs and Outputs

  • AI providers may retain inputs and outputs short-term for abuse-monitoring purposes (typically up to 30 days), per their respective policies
  • Socialync stores AI-generated drafts in your account for as long as you keep them as drafts; deleting a draft removes it from our systems
  • We do not maintain a separate long-term archive of AI inputs and outputs for analytics or training

5.5 Processing Geography

AI providers may process requests in regions including the United States and the European Union. Where we use the EU data residency options offered by our AI providers, we will rely on them. We use Standard Contractual Clauses for transfers of personal data to AI providers outside of jurisdictions with adequacy decisions.

5.6 Human-in-the-Loop for AI Posting

AI agents (including MCP-connected agents) cannot publish to your social platforms without an explicit human approval step in your Socialync account. Please see our AI Features & Disclosure page and the Terms of Service for detail. This is a privacy-relevant control as well as a safety one: it ensures that no automated agent can use your connected accounts to publish to audiences without your authorization.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

  • With Connected Platforms: Content and data you explicitly choose to post to your connected social media accounts
  • Service Providers: Trusted third-party providers who assist with hosting, payment processing, and analytics (under strict data agreements)
  • Legal Requirements: When required by law, court order, or to protect rights and safety
  • Business Transfers: In connection with mergers or acquisitions (with advance notice and data protection measures)
  • With Your Consent: Any other sharing only with your explicit authorization

7. Data Security and Protection

6.1 Technical Safeguards

  • Encryption in Transit: All data transmission uses TLS 1.3 encryption
  • Encryption at Rest: All stored data, including OAuth tokens, is encrypted using AES-256
  • Secure Authentication: Multi-factor authentication and secure session management
  • API Security: Rate limiting, request validation, and secure token storage
  • Database Security: Encrypted databases with access controls and regular security updates

6.2 Access Controls

  • Principle of Least Privilege: System access limited to minimum necessary permissions
  • Administrative Security: Multi-factor authentication required for admin access
  • Regular Audits: Periodic review of access permissions and security practices
  • Secure Development: Security-focused coding standards and regular code reviews

6.3 Monitoring and Response

  • Security Monitoring: 24/7 monitoring for threats and unauthorized access
  • Incident Response: Documented procedures for security incidents
  • Vulnerability Management: Regular security assessments and penetration testing
  • Compliance Monitoring: Continuous monitoring for platform policy compliance

6.4 Breach Notification

If we become aware of a personal-data breach that affects you, we will notify affected users without undue delay and as required by applicable law. Where the EU or UK GDPR applies, we will notify the competent supervisory authority within 72 hours of becoming aware of a qualifying breach. For U.S. residents, we will provide notice in the most expedient time possible and without unreasonable delay, consistent with applicable state breach-notification laws and any legitimate needs of law enforcement.

8. Data Retention and Deletion

7.1 General Data Retention

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Content Data: Drafts and scheduled posts retained until posted or manually deleted
  • Analytics Data: Aggregated performance data retained for up to 2 years
  • Support Data: Customer support communications retained for 1 year

7.2 Platform-Specific Retention

  • OAuth Tokens: Automatically refreshed; immediately deleted when you disconnect platforms
  • YouTube Data: Deleted within 30 days of disconnection for account recovery, then permanently removed
  • Platform Analytics: Basic engagement metrics retained for 90 days to provide insights
  • Error Logs: Technical logs retained for 30 days for debugging and improvement

9. Your Privacy Rights

You have comprehensive control over your data and privacy:

9.1 Access and Portability

  • Data Access: Request a copy of all personal data we hold about you
  • Data Export: Download your content, analytics, and account information
  • Account Overview: View all connected platforms and permissions in your settings

9.2 Control and Modification

  • Data Correction: Update or correct your personal information at any time
  • Platform Management: Connect, disconnect, or modify platform connections individually
  • Content Control: Edit, delete, or modify any content before or after posting
  • Privacy Settings: Adjust data sharing and analytics preferences

9.3 Deletion and Withdrawal

  • Platform Disconnection: Instantly revoke access to any connected platform
  • Account Deletion: Permanently delete your account and all associated data
  • Consent Withdrawal: Withdraw consent for specific data processing activities
  • Data Deletion: Request deletion of specific data categories

10. International Data Transfers

Our services operate globally, and your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses: EU-approved contract terms for international transfers
  • Platform Compliance: Following each social media platform's international data policies
  • Security Measures: Additional safeguards for cross-border data protection

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, this section applies to our processing of your personal data. For that processing, Socialync LLC is the data controller. You can reach us about data protection at support@socialync.io.

11.1 Legal Bases for Processing

We rely on the following legal bases:

  • Performance of a contract: to create and operate your account, connect your social platforms, and publish and schedule the content you direct us to (Art. 6(1)(b)).
  • Legitimate interests: to secure the Service, prevent fraud and abuse, debug, and improve our product, balanced against your rights (Art. 6(1)(f)).
  • Consent: for optional features such as certain analytics and non-essential cookies, which you may withdraw at any time (Art. 6(1)(a)).
  • Legal obligation: to comply with law, lawful requests, and our safety and reporting duties (Art. 6(1)(c)).

11.2 Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data (the "right to be forgotten")
  • Restrict or object to certain processing, including processing based on legitimate interests
  • Receive your data in a portable format (data portability)
  • Withdraw consent at any time, without affecting processing done beforehand
  • Lodge a complaint with your local supervisory authority

To exercise any of these rights, email support@socialync.io. We respond within one month, as required by the GDPR. We do not charge a fee unless your request is manifestly unfounded or excessive.

11.3 Transfers and Retention

We are based in the United States, so your data is transferred to and processed in the U.S. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or another lawful transfer mechanism, as described in Section 10. We keep personal data only as long as necessary for the purposes in this Policy and as set out in Section 8, after which it is deleted or anonymized.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), gives you the rights described below. Socialync is the business that determines the purposes and means of processing your personal information.

12.1 Categories We Collect

In the past 12 months we have collected these categories of personal information:

  • Identifiers: name, email address, account ID, IP address
  • Customer records: billing details handled by our payment processor (we do not store full card numbers)
  • Commercial information: subscription plan, purchase and cancellation history
  • Internet/network activity: usage analytics, device and log data
  • User content: the posts, captions, and media you create or schedule
  • Connected-platform data: profile and publishing data from the social accounts you connect

We collect this information from you directly, automatically through your use of the Service, and from the social platforms you connect. We use it for the business purposes in Section 3 and disclose it only to the service providers and in the circumstances described in Section 6.

12.2 No Sale or Sharing

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information in the past 12 months, and we do not knowingly sell or share the personal information of consumers under 16.

12.3 Your California Rights

  • Right to know the categories and specific pieces of personal information we collected, the sources, the purposes, and the categories of recipients
  • Right to delete personal information we collected from you, subject to legal exceptions
  • Right to correct inaccurate personal information
  • Right to opt out of any sale or sharing (we do not sell or share)
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising any of these rights

To exercise these rights, email support@socialync.io. We verify your request using information associated with your account and respond within 45 days (extendable by another 45 days with notice). You may use an authorized agent to submit a request on your behalf.

13. Cookies and Tracking Technologies

We and our service providers use cookies and similar technologies (such as local storage and pixels) to operate the Service, keep you signed in, remember your preferences, and understand how the Service is used.

  • Strictly necessary: required for authentication, security, and core functionality. These cannot be turned off.
  • Functional: remember your settings and preferences.
  • Analytics: help us understand usage so we can improve the product.

We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings, though blocking strictly necessary cookies may break parts of the Service. Where required by law, we ask for your consent before setting non-essential cookies, and you can withdraw that consent at any time.

14. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately for deletion. Platform age requirements (13+ for most platforms, 18+ for some features) also apply to content posting.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or platform policies. Material changes will be communicated through:

  • Email notification to your registered email address
  • Prominent notice in our application
  • Updated "Last Updated" date at the top of this policy
  • 30-day advance notice for significant changes affecting your rights

16. Contact Us

For any privacy-related questions, requests, or concerns, please contact us:

Company: Socialync LLC

Email: support@socialync.io

Response Time: We respond to privacy requests within 30 days

16.1 Platform-Specific Privacy Contacts

For platform-specific privacy concerns, you can also contact the platforms directly: