Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information you give us when you register for an account, subscribe to a plan, or contact us for support:

• Account information: Your name, email address, and password.
• Business information: Your business name, website URL, industry, and target audience details you provide during onboarding.
• Social media credentials: Access tokens and authorization credentials for the social media accounts you connect to SocialEngine (e.g., Facebook, Instagram, LinkedIn, X/Twitter, TikTok). We access these accounts solely to provide the Service on your behalf.
• Communications: Messages, feedback, and support requests you send us.

1.2 Payment Information

We use Stripe to process all payments. SocialEngine does not store your credit card numbers or banking details. When you enter payment information, it is transmitted directly to Stripe and governed by Stripe's Privacy Policy. We retain only the last four digits of your card, card type, billing name, and transaction history for your records.

1.3 Information Collected Automatically

When you use the Service, we automatically collect certain technical and usage information:

• Log data: IP address, browser type and version, operating system, referring URLs, pages viewed, and timestamps.
• Device information: Hardware model, operating system version, and unique device identifiers.
• Usage data: Features you use, content you create or schedule, actions taken within the platform, and session duration.
• Cookies and similar technologies: We use cookies and local storage to maintain your session, remember your preferences, and analyze site traffic. See Section 7 for details.

1.4 Social Media Analytics Data

To deliver analytics and performance reporting, we access metrics and insights data from the social media platforms you connect. This includes post engagement data (likes, comments, shares, impressions, reach), follower growth, audience demographics, and link click data provided by those platforms' APIs. This data is used solely to generate reports and improve content strategy for your accounts.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To create, schedule, and publish AI-generated social media content on your behalf; to generate analytics reports; and to manage your connected accounts.
• Account management: To maintain your account, authenticate you, and provide customer support.
• Billing and payments: To process subscription payments, issue invoices, and manage plan changes.
• Product improvement: To analyze usage patterns, identify bugs, and improve the performance and features of the Service.
• AI model training (opt-in): With your explicit consent, we may use anonymized content performance data to improve our AI content generation models. You may opt out at any time in your account settings.
• Communications: To send you service-related notifications (e.g., post published, trial expiring), account alerts, and — with your consent — product updates and marketing messages.
• Legal compliance: To comply with applicable laws, respond to legal requests, and protect our rights and yours.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Performance of a contract: Processing necessary to provide the Service you have subscribed to (Art. 6(1)(b) GDPR).
• Legitimate interests: Processing for fraud prevention, security, product analytics, and improving our services, where these interests are not overridden by your rights (Art. 6(1)(f) GDPR).
• Consent: Where we rely on your consent (e.g., marketing emails, optional AI training), you may withdraw it at any time (Art. 6(1)(a) GDPR).
• Legal obligation: Where processing is required to comply with applicable law (Art. 6(1)(c) GDPR).

4. How We Share Your Information

We do not sell your personal information. We share information only in these limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors who process data on our behalf under contractual obligations consistent with this policy:

• Stripe — payment processing
• Amazon Web Services (AWS) — cloud infrastructure and data storage
• OpenAI — AI content generation (prompts include your brand information; OpenAI's API data usage policies apply)
• Postmark / SendGrid — transactional email delivery
• Vercel — website hosting and edge delivery

4.2 Social Media Platforms

To publish content on your behalf, we transmit content and scheduling instructions to the APIs of social media platforms you authorize (Facebook/Meta, Instagram, LinkedIn, X/Twitter, TikTok, etc.). Your use of those platforms is governed by their respective terms and privacy policies.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

If SocialEngine is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account cancellation:

• Your account data is retained for 30 days to allow for account recovery, then deleted.
• Published post records and analytics data are deleted within 90 days.
• Payment records are retained for 7 years as required by applicable tax and financial regulations.
• Backup copies may persist for up to 90 days before being purged.

You may request earlier deletion of your data as described in Section 6.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Rights Under GDPR (EEA/UK Users)

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Automated decisions: Request human review of any automated decisions that significantly affect you.

Rights Under CCPA (California Residents)

• Know: The right to know what personal information we collect, use, share, or sell.
• Delete: The right to request deletion of your personal information.
• Opt-out: The right to opt out of the sale or sharing of personal information. We do not sell personal information.
• Non-discrimination: The right not to be discriminated against for exercising your privacy rights.

To exercise any of these rights, contact us at hello@socialengine.agency with "Privacy Request" in the subject line. We will respond within 30 days (GDPR) or 45 days (CCPA) of receipt.

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for the Service to function (session authentication, security tokens). These cannot be disabled.
• Preference cookies: Remember your settings such as theme (light/dark mode) and display preferences.
• Analytics cookies: Help us understand how users interact with the Service to improve performance. These are anonymized and aggregated.

You can control non-essential cookies through your browser settings. Disabling cookies may affect some Service functionality. We do not use cookies for cross-site advertising or behavioral tracking.

8. Data Security

We implement industry-standard security measures to protect your information, including:

• TLS/SSL encryption for all data in transit
• Encryption of data at rest using AES-256
• Access controls and least-privilege principles for internal systems
• Regular security assessments and vulnerability scanning
• Secure OAuth 2.0 flows for social media account authorization

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. If we become aware of a data breach affecting your personal information, we will notify you as required by applicable law.

9. International Data Transfers

SocialEngine is operated from the United States. If you are located outside the United States, your information is transferred to and processed in the U.S. For transfers of EEA/UK personal data, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission and the UK International Data Transfer Addendum where applicable. By using the Service, you acknowledge this transfer.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete it promptly. If you believe we may have information about a child under 16, please contact us at hello@socialengine.agency.

11. Third-Party Links

The Service may contain links to third-party websites, including the social media platforms we integrate with. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and/or by displaying a prominent notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@socialengine.agency
• Website: socialengine.agency

If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.