Privacy Policy

Account information: email address and password (hashed) when you register.

Content: posts, captions, media files, and scheduling data you create through the Service.

Connected accounts: OAuth access tokens for social platforms you connect (TikTok, X/Twitter).

Usage data: API requests, post publish history, and analytics about your posts' performance.

Device and browser data: IP address, browser type, and operating system for security and debugging purposes.

To provide the Service: storing and publishing your content to connected social platforms.

To improve the Service: analyzing usage patterns to fix bugs and improve features.

To communicate with you: sending important account notifications and product updates.

To ensure security: detecting and preventing fraudulent or unauthorized use.

We do not use your content to train AI models or sell your data to advertisers.

When you connect a social account, we store OAuth access tokens in our database to post on your behalf.

Tokens are stored encrypted at rest and transmitted over HTTPS.

Tokens are used exclusively to perform actions you explicitly authorize (e.g., publishing a post).

You can disconnect a social account at any time from the Accounts page, which revokes and deletes the stored token.

We collect basic analytics about your posts (views, likes, shares) by querying the connected platform APIs.

This data is stored in your account and is not shared with other users.

We may use aggregated, anonymized analytics to understand overall platform usage and improve the Service.

We use session cookies to keep you logged in to the web dashboard.

We do not use third-party tracking cookies or advertising cookies.

You can disable cookies in your browser settings, but this will prevent you from using authenticated features.

We use Supabase for our database and authentication infrastructure. Your data is stored on Supabase-managed servers.

We use Vercel to host the web application. Web requests are processed through Vercel's infrastructure.

We do not share your personal data with any other third parties except as required by law.

We retain your account data for as long as your account is active.

When you delete your account, we delete all associated data including posts, analytics, connected accounts, API keys, and media within 30 days.

Some data may be retained in backups for up to 90 days after deletion before being permanently purged.

Right to access: You can request a copy of all data we hold about you.

Right to deletion: You can delete your account and all associated data at any time from Settings.

Right to portability: You can export your post data through the API.

Right to correction: You can update your account information through the dashboard.

If you are located in the EU, you have additional rights under GDPR. Contact us at shane@launchsocial.io to exercise these rights.

All data is transmitted over HTTPS. Passwords are hashed using industry-standard algorithms and never stored in plaintext.

OAuth tokens are encrypted at rest. API keys are stored as SHA-256 hashes.

We follow security best practices including row-level security on all database tables.

In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.

If you believe a child under 13 has provided us with personal data, please contact us at shane@launchsocial.io and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the Service.

Your continued use of the Service after changes constitutes acceptance of the new policy.

For privacy-related inquiries, data access requests, or to exercise your rights, please contact us at shane@launchsocial.io.