Social Schedule

Privacy Policy

Effective date: April 10, 2026
Last updated: April 10, 2026

Social Schedule("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have regarding your information when you use the Social Schedulewebsite, applications, APIs, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service. This Privacy Policy should be read together with our Terms of Service.

1. Who We Are and Scope

Social Schedule is a social media management platform that enables users to connect social media accounts (including Facebook Pages, Instagram business accounts, TikTok accounts, Facebook Ads accounts, and TikTok Ads accounts), schedule and publish content, run advertising campaigns, and view analytics across those platforms.

This Privacy Policy applies to personal information we process as a data controller about our registered users, website visitors, and other individuals whose information we collect. It does not apply to data we process solely as a processor on behalf of our business customers under a separate data processing agreement.

2. Information We Collect

We collect the following categories of information:

2.1 Information you provide to us

  • Account information: name, email address, password (hashed), profile image, role, and agency or workspace association.
  • Profile and preferences: language, time zone, notification settings, and any optional profile details you provide.
  • Content: posts, captions, comments, media (images, videos, audio), brand assets, campaign creatives, schedules, and any other content you upload or create within the Service.
  • Communications: messages, feedback, and support requests you send to us, including email correspondence and chat messages.
  • Billing information: if you purchase a paid plan, we (or our payment processor) collect billing name, billing address, payment card details, and transaction history. Full card numbers are handled by our PCI-DSS compliant payment processor and are not stored on our servers.

2.2 Information from connected social media accounts

When you connect a social media account to the Service through an OAuth authorization flow, we receive information from the applicable Third-Party Platform based on the permissions you grant. The specific data depends on which platform you connect and which features you use:

Facebook (Meta)

  • User ID and basic profile information (name, profile picture) of the account owner.
  • List of Facebook Pages you administer and related metadata (page ID, page name, category, token).
  • Page access tokens issued by Meta, which we store in encrypted form.
  • Page insights and analytics (followers, reach, impressions, engagement, post performance).
  • Content you publish or schedule via Social Schedule, including text, media, and targeting.
  • Existing posts retrieved for synchronization, analytics, and reply management.
  • Requested scopes: pages_show_list, pages_read_engagement, pages_manage_metadata, pages_manage_posts, pages_read_user_content.

Instagram (Meta)

  • Instagram Business/Creator account ID, username, profile picture, and the associated Facebook Page.
  • Content you publish or schedule (images, videos, carousels, reels, captions, hashtags).
  • Media you have previously published, for sync and analytics.
  • Insights and analytics (followers, reach, impressions, engagement, story metrics, video views).
  • Comments on posts, when comment management features are used.
  • Requested scopes: instagram_basic, instagram_content_publish, instagram_manage_comments, instagram_manage_insights, plus the related Facebook Page scopes listed above.

TikTok

  • TikTok open ID, union ID, display name, avatar, and basic profile information (returned by the user.info.basic scope).
  • Extended profile information such as username, bio description, profile deep link, and verification status (returned by the user.info.profile scope).
  • Account statistics such as follower count, following count, total likes, and total video count (returned by the user.info.stats scope). We use these metrics to power your analytics dashboard.
  • Metadata about the videos you have published on TikTok — video ID, title, description, cover image, share URL, create time, duration, and engagement metrics (likes, comments, shares, views) — returned by the video.list scope. We use this to import your existing TikTok posts into the Service, display them on your dashboard, and calculate performance reporting.
  • Access and refresh tokens issued by TikTok, stored in encrypted form.
  • Video and photo content that you upload or schedule through the Service for publishing to TikTok, together with captions, hashtags, privacy settings, and publishing status (returned by the video.upload andvideo.publish scopes). Uploaded media is transmitted to TikTok on your behalf so it can be published to your connected account.
  • Requested scopes: user.info.basic, user.info.profile,user.info.stats, video.list, video.publish,video.upload. We only use the scopes explicitly approved for the Service at any given time and never request more permissions than needed to deliver the features you use.

Facebook Ads and TikTok Ads

  • Ad account IDs, advertiser IDs, currency, time zone.
  • Campaigns, ad sets, ad groups, creatives, targeting, and budgets managed through the Service.
  • Performance metrics (impressions, clicks, spend, conversions, CTR, CPC, CPM).

We never request more permissions than we need to provide the features you use. You can review the full list of permissions at the time of connection and revoke them at any time.

2.3 Information collected automatically

  • Device and connection information: IP address, browser type and version, operating system, device identifiers, language, and referring URLs.
  • Usage information: pages visited, features used, buttons clicked, time spent, and timestamps of actions within the Service.
  • Log data: server logs, API request logs, error reports, and diagnostic data.
  • Activity audit logs: actions such as login, logout, connecting or disconnecting a social account, creating, updating, or deleting posts and campaigns, together with the IP address and user agent that initiated the action.
  • Cookies and similar technologies: see Section 9 for details.

2.4 Information from third parties

  • Single sign-on providers: if you sign in via Google, we receive your name, email address, and profile picture as authorized by you.
  • Third-Party Platforms: as described above, based on the permissions you grant.
  • Service providers: we may receive information from analytics, security, and infrastructure providers that help us operate the Service.

3. How We Use Your Information

We use the information we collect only for the following purposes:

  • To provide the Service: create and maintain your account, authenticate you, connect your social media accounts, publish and schedule posts, manage campaigns, and display analytics and insights.
  • To operate background jobs: refresh access tokens on your behalf, sync analytics, import existing posts, retry failed publishes, and process media.
  • To communicate with you: send transactional messages (account confirmation, security alerts, billing notifications), respond to support requests, and provide updates about the Service.
  • To improve the Service: understand how users interact with features, diagnose technical issues, and develop new features.
  • To protect the Service and our users: detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms of Service.
  • To comply with legal obligations: respond to lawful requests, enforce agreements, and meet regulatory requirements.
  • With your consent: for any other purpose that we disclose to you and for which you have consented.

We do not sell, rent, or trade your personal information.We do not use information obtained through Meta or TikTok APIs to build advertising profiles, to train unrelated machine-learning models, or for any purpose that would violate the platforms' developer policies.

4. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract: to perform our obligations under our Terms of Service and provide the Service you requested.
  • Legitimate interests: to operate, secure, and improve the Service, prevent fraud and abuse, and communicate with you about the Service, provided these interests are not overridden by your rights and interests.
  • Consent: where you have given consent, such as for certain cookies, marketing communications, or optional features. You may withdraw consent at any time.
  • Legal obligations: where processing is required to comply with applicable law.

5. How We Share Your Information

We share information only in the limited circumstances described below and do not sell personal information.

  • With Third-Party Platforms: when you publish content or manage campaigns through the Service, we transmit that content and the necessary metadata to the applicable Third-Party Platform on your behalf.
  • With service providers (processors): we use trusted third parties to help us operate the Service, including:
    • Hosting and infrastructure providers
    • Managed PostgreSQL database providers
    • Redis cache and queue providers (for background jobs)
    • Media storage and processing providers (including UploadThing)
    • Email delivery providers
    • Analytics and error-tracking providers
    • Payment processors for billing
    • Customer support tools
    These providers only access personal data as needed to perform their services and are contractually required to protect it.
  • With team members and workspace administrators: if you are part of an agency, workspace, or organization account, information about your activity and connected accounts may be visible to other authorized members and administrators.
  • For legal reasons: we may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
  • In connection with a business transaction: if we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent or at your direction: we will share information with other parties when you ask us to.

6. Meta Platform Terms Compliance (Limited Use)

Our use and transfer to any other app of information received from Meta APIs (for Facebook and Instagram) adheres to the Meta Platform Terms, including the Limited Use requirements. Specifically:

  • We only use Meta Platform data to provide or improve the features you use, as authorized by you.
  • We do not sell Meta Platform data.
  • We do not transfer Meta Platform data to data brokers, information resellers, or other parties who would resell it.
  • We do not use Meta Platform data for determining eligibility for credit, employment, insurance, housing, education, scholarships, or government benefits.
  • We do not use Meta Platform data to discriminate against any person or group.
  • We do not use Meta Platform data for advertising profiling, retargeting, or building look-alike audiences outside of the authorized platform features.
  • Our employees may only access Meta Platform data when it is necessary to provide the Service, to respond to a specific support request, or to comply with legal obligations.

7. TikTok Platform Compliance

Our use of information received from the TikTok API adheres to the TikTok Developer Terms of Service. Specifically:

  • We request only the scopes approved for our Service and necessary to deliver the features you use.
  • We do not sell or rent TikTok user data.
  • We do not use TikTok user data for advertising, profiling, or to build datasets for model training outside of the approved purposes.
  • We store TikTok access and refresh tokens encrypted at rest, and we automatically delete them when you disconnect your account or delete your Social Schedule account.
  • Any data we retrieve from TikTok is used only to display insights or execute actions you have requested within Social Schedule.

8. Data Retention

We retain personal information only for as long as necessary to provide the Service and for the purposes described in this Privacy Policy, or as required by law:

  • Account data: retained while your account is active. When you delete your account, we delete or anonymize your account data within 30 days, except as described below.
  • Social account tokens: retained while the social account is connected. Tokens are revoked and deleted when you disconnect the account or delete your Social Schedule account.
  • Posts, media, and drafts: retained while your account is active. You may delete individual items at any time; deletions are permanent after 30 days.
  • Analytics snapshots: retained for up to 24 months to provide historical reporting; you may request earlier deletion.
  • Activity logs: retained for up to 12 months for security and audit purposes.
  • Billing records: retained for the period required by applicable tax and accounting laws (typically 7 years).
  • Backups: backups are retained for up to 35 days and are automatically overwritten.
  • Legal holds: we may retain information longer where required to comply with legal obligations, resolve disputes, or enforce our agreements.

9. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Service.

  • Strictly necessary cookies: required for authentication, session management, and security. The Service cannot function without these.
  • Functional cookies: remember your preferences such as theme and language.
  • Analytics cookies: help us understand how the Service is used so that we can improve it. Where required, we ask for your consent before setting these cookies.

You can control cookies through your browser settings. Blocking strictly necessary cookies may prevent you from using parts of the Service.

10. Data Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit using TLS (HTTPS) for all network communication.
  • Encryption of sensitive fields (including social media access and refresh tokens) at rest using AES-256-GCM with a dedicated application-level encryption key.
  • Passwords stored as salted bcrypt hashes.
  • API tokens stored as SHA-256 hashes.
  • Role-based access controls and principle of least privilege for internal access to production systems.
  • Activity logging and monitoring of authentication, administrative, and sensitive operations.
  • Regular security updates of dependencies and infrastructure.
  • Isolation of customer data by workspace and user.

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we work hard to protect your information and to continuously improve our practices. If we become aware of a data breach that affects your personal data, we will notify you and the appropriate authorities as required by law.

11. International Data Transfers

We may transfer, store, and process your information in countries other than the one in which you reside, including the United States and other jurisdictions where our service providers are located. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data outside the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms.

12. Your Rights and Choices

Subject to applicable law, you have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete information.
  • Erasure ("right to be forgotten"): ask us to delete your personal information.
  • Restriction: ask us to restrict processing of your personal information in certain circumstances.
  • Portability: request a copy of your information in a structured, commonly used, machine-readable format.
  • Objection: object to processing based on our legitimate interests.
  • Withdraw consent: where processing is based on your consent, withdraw your consent at any time (this does not affect the lawfulness of prior processing).
  • Complain: lodge a complaint with your local data protection authority.

You can exercise most of these rights directly from your account settings. You can also email us at jomedeveloper@gmail.com and we will respond within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before acting on your request.

12.1 California residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended, provides additional rights, including the right to know what personal information we collect, the right to delete it, the right to correct inaccuracies, and the right to opt out of "sale" or "sharing" of personal information (we do not sell or share personal information as those terms are defined under the CCPA). You also have the right not to be discriminated against for exercising these rights.

12.2 Requesting removal of data from Facebook, Instagram, or TikTok

You can revoke our access to any connected social media account at any time:

  • Facebook & Instagram: go to Facebook Settings → Business Integrations, select Social Schedule, and click "Remove".
  • TikTok:go to TikTok Settings → Privacy → Manage app permissions and remove Social Schedule.
  • Alternatively, disconnect the account from within Social Schedulevia Settings → Accounts.

Upon revocation we will stop accessing data from that account and delete the access tokens from our systems.

13. Account Deletion and Data Deletion Requests

You can permanently delete your Social Scheduleaccount from the Settings → Profile page in the application. When you delete your account:

  • Your user profile, posts, drafts, media, campaigns, and analytics snapshots are scheduled for deletion and removed from our production systems within 30 days.
  • All connected social media tokens are revoked and deleted.
  • We may retain limited information where necessary for legal, accounting, fraud-prevention, or security purposes, as described in Section 8.

You may also submit a data deletion request by emailing jomedeveloper@gmail.comwith the subject "Data Deletion Request" and including the email address associated with your account. For requests originating from Facebook's Data Deletion Request Callback, we use the email address and platform ID provided by Meta to locate and delete the related records, and we return a confirmation code that you can use to track the status of your request.

14. Children's Privacy

The Service is not directed to children under the age of 13 (or the minimum age of digital consent in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us and we will take steps to delete it.

15. Automated Decision-Making and Profiling

We do not make decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you. Where the Service offers AI-assisted features (such as content suggestions or optimal-time recommendations), these are intended to support your own decisions, not replace them.

16. Third-Party Links and Services

The Service may contain links to third-party websites, products, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the Privacy Policy was last revised. We encourage you to review this Privacy Policy periodically.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection law.

Thank you for trusting Social Schedule with your data. We take that responsibility seriously and will continue to work hard to protect your privacy.