Privacy Policy

Last updated: May 5, 2026

1. Introduction

SocialQo ("we," "our," or "us") operates the SocialQo platform, a social media management service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account registration data: name, email address, and password.
  • Team/workspace information: team name and member details.
  • Billing information processed securely through Stripe (we do not store full card details).
  • Content you create, upload, or schedule through the Service (posts, media files, templates).
  • Communications you send to us (support requests, feedback).

2.2 Information from Third-Party Platforms

When you connect social media accounts (Facebook, Instagram, Twitter/X, LinkedIn, TikTok, YouTube, Pinterest, Google Business, Threads), we collect:

  • Your social media account name, profile picture, and account/page identifiers.
  • OAuth access tokens and refresh tokens (stored encrypted) to act on your behalf.
  • Page/account metadata (e.g., category, follower count) as provided by the platform APIs.
  • Post performance metrics (likes, comments, shares, impressions, reach) for analytics.

We only request the minimum permissions necessary to provide our services. For Facebook and Instagram, this includes permissions to manage posts, read engagement, and list your pages/accounts. For Google Business Profile, this includes permissions to list the locations you manage, publish posts (local posts) on your behalf, and read post performance.

2.3 Automatically Collected Information

  • Usage data: pages visited, features used, and actions taken within the Service.
  • Device and browser information: IP address, browser type, operating system.
  • Cookies and similar technologies for session management and preferences.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Publish and schedule content to your connected social media accounts on your behalf.
  • Fetch and display analytics and performance metrics for your posts.
  • Generate AI-powered content suggestions using the Anthropic API (content is not used to train AI models).
  • Process billing and subscription management.
  • Send transactional notifications (post published, approval requests, etc.).
  • Respond to your support requests and communications.
  • Detect and prevent fraud, abuse, or security issues.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Social media platforms: To publish content and retrieve metrics on your behalf, as authorized by you.
  • Service providers: Third-party services that help us operate (e.g., Stripe for payments, Anthropic for AI content generation). These providers only access data necessary for their function.
  • Team members: Information within your workspace is visible to other members of the same team, based on their role and permissions.
  • Legal requirements: When required by law, regulation, or legal process.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of OAuth tokens at rest using AES-256 encryption.
  • HTTPS encryption for all data in transit.
  • Password hashing using bcrypt.
  • Role-based access controls within teams.
  • Regular security reviews and updates.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account, we remove your personal data within 30 days, except where retention is required by law. Soft-deleted records are permanently purged after the retention period.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (see our data deletion page).
  • Object to or restrict processing of your data.
  • Export your data in a portable format (available via the Export feature in the Service).
  • Withdraw consent at any time where processing is based on consent.

8. Facebook and Instagram Data

In compliance with Meta Platform Terms, we want to be transparent about how we handle data received from Facebook and Instagram:

  • We only access Facebook and Instagram data that you explicitly authorize through the OAuth consent flow.
  • Data received from Facebook APIs is used solely to provide the Service (publishing posts, fetching metrics).
  • We do not sell, license, or otherwise transfer Facebook/Instagram data to third parties.
  • We do not use Facebook/Instagram data for advertising, data brokering, or profiling purposes.
  • You can disconnect your Facebook/Instagram accounts at any time from the Channels page, which revokes our access.
  • Upon disconnection or account deletion, associated Facebook/Instagram data is deleted within 30 days.

9. Pinterest API Data

SocialQo uses the Pinterest API to allow you to connect your Pinterest account and manage content through our Service. SocialQo is not endorsed by, affiliated with, or sponsored by Pinterest, Inc.

  • We only access Pinterest data that you explicitly authorize through the OAuth consent flow.
  • Data received from Pinterest APIs is used solely to provide the Service (publishing pins, fetching boards and metrics).
  • We do not sell, license, resell, or redistribute Pinterest content or Pinterest-derived data to any third parties.
  • We do not use Pinterest data for advertising, data brokering, or profiling purposes.
  • You can disconnect your Pinterest account at any time from the Channels page, which revokes our access.
  • Upon disconnection or account deletion, all Pinterest-derived data (including OAuth tokens, account metadata, and cached metrics) is deleted within 30 days.

10. Google Business Profile API Data

SocialQo integrates with the Google Business Profile API (part of Google's APIs and Services) to allow you to connect your Google Business Profile account, list the business locations you manage, and publish and measure local posts through our Service. SocialQo is not endorsed by, affiliated with, or sponsored by Google LLC.

SocialQo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only access Google Business Profile data that you explicitly authorize through Google's OAuth consent screen, using the minimum scopes required (business.manage) to publish and read your local posts and to list the locations you administer.
  • Data received from Google APIs (account profile, location identifiers and metadata, posts, and post performance metrics) is used solely to provide and improve user-facing features of SocialQo — namely, listing the locations you manage, publishing local posts on your behalf, and showing you the resulting analytics inside the Service.
  • We do not sell, license, resell, or transfer Google user data to third parties for advertising, data brokering, profiling, or any other purpose.
  • We do not use Google user data to train, fine-tune, or otherwise improve generalized or non-personalized AI/ML models. AI features in SocialQo (e.g. content suggestions) operate on the content you create inside SocialQo, not on data fetched from Google APIs.
  • Humans do not read Google user data, except (a) with your explicit consent (e.g. when you ask our support team to investigate an issue), (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymised for internal operations.
  • OAuth access tokens and refresh tokens issued by Google are stored encrypted at rest and transmitted only over HTTPS.
  • You can disconnect your Google Business Profile account at any time from the Channels page in SocialQo, which revokes our access. You can also revoke access directly from your Google Account at myaccount.google.com/permissions.
  • Upon disconnection or account deletion, all Google-derived data (including OAuth tokens, location metadata, cached posts, and cached metrics) is deleted within 30 days.

11. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use advertising or third-party tracking cookies.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@socialqo.com