Back to Home
Legal

Privacy Policy

Last updated: April 14, 2026

Our approach

Socio Linki is built on data minimization: we collect what the product needs to work, nothing else. We never sell your data, we never use it to train third-party models, and we give you controls to disconnect any channel or delete your account at any time.

What we collect

Account data

Your email address, name (optional), password hash (bcrypt — we never see your plaintext password), plan level, and preferences. Used to authenticate you and scope your data.

OAuth tokens for connected channels

When you connect a YouTube, Instagram, Facebook, LinkedIn or X account, the platform returns an OAuth access token (and sometimes a refresh token) to Socio Linki. We store these tokens to publish on your behalf, refresh analytics, and sync inbox items. Tokens are stored server-side and associated only with your user account.

Channel metadata

Display name, profile picture URL, platform IDs (e.g. YouTube channel ID, Instagram account ID, Facebook page ID, LinkedIn URN, X username). Used to render your channels in the dashboard and route API calls to the correct account.

Posts and content assets

Content you create inside Socio Linki — scheduled posts, ideas, drafts, templates, tags, board columns, per-platform captions, thumbnails, media URLs. Stored to let you plan and publish across platforms.

Inbox data (comments & direct messages)

For the Smart Inbox, we fetch comments and direct messages from your connected platforms via their official APIs. We persist the message text, sender name/id, timestamps, and an AI-generated sentiment tag so you can triage and reply inside the dashboard. We do not import messages from conversations unrelated to your connected accounts.

Analytics data

Public metrics returned by each platform's analytics endpoint — views, likes, comments, reach, engagement, demographics. Used to render charts, reports, and best-time suggestions inside your dashboard.

Client preview link data

When you generate a public approval link, we store: a unique random token, a bcrypt hash of the password you set, the post it points to, the expiry timestamp (24 hours), and any approve/reject decision or feedback the client submits. The password itself is never stored in plaintext.

Technical data

Standard request logs — IP address (for abuse prevention and rate limiting), user agent, request path, and timestamp. Retained for a limited period for security and debugging.

What we do not collect

  • Social platform passwords. OAuth removes the need for us to ever see or touch them.
  • Content you don't connect. We only read from channels you explicitly connect, and only within the OAuth scopes you approve.
  • Cross-site browsing. We don't track you around the web. No advertising pixels on the dashboard.
  • Persistent raw media. Uploaded videos and images are transmitted to the target platform (or to a CDN like Cloudinary for hosting during scheduling) and are not retained on Socio Linki servers beyond what's needed to publish.
  • Sensitive personal data. We do not knowingly collect government IDs, financial account numbers (payments are handled by Stripe), or health data.

How we use your data

  • Operate the Service — publish your posts, show your inbox, render your analytics, let your clients view approval links.
  • AI features — when you use the AI Assistant, draft refinement, idea expansion, template generation, repurposing, or sentiment tagging, the specific text you submit is sent to the model provider (e.g. OpenAI) to generate a response. We do not send your OAuth tokens, your analytics, or data from other users.
  • Security & abuse prevention — rate-limiting, anomaly detection, debugging platform integrations.
  • Product analytics — aggregated usage metrics to improve the product (which features get used, error rates). Never sold, never used for advertising.
  • Communication — transactional emails (sign-in, password reset, billing, platform token expiry notices). Marketing emails only with your opt-in, and always unsubscribable.

Subprocessors we rely on

To operate the Service, we share the minimum required data with vetted providers:

  • MongoDB Atlas — managed database for your account data, posts, channels, inbox threads, content assets.
  • Cloudinary — media hosting for videos and images you upload for scheduling.
  • OpenAI — large-language-model provider powering our AI features; receives the prompt text you submit at the moment of the request.
  • Stripe — payments processor for paid plans. Socio Linki does not store your card number.
  • Email provider — transactional email delivery (sign-in links, password reset).
  • Hosting & CDN — cloud infrastructure for running the app.

Each subprocessor is contractually bound to handle data on our behalf only for the purpose of delivering their service.

Connected platform privacy

When you connect a channel, your use of that platform continues to be governed by that platform's own privacy policy:

Google PrivacyMeta PrivacyLinkedIn PrivacyX Privacy

YouTube API Services. Socio Linki's use of information received from YouTube APIs adheres to the YouTube API Services Terms of Service and the Google Privacy Policy. We do not use any YouTube user data to train AI models.

Your controls & rights

  • View your data — everything Socio Linki holds about your channels, posts, inbox, and assets is visible to you in the dashboard.
  • Disconnect a channel — from the Channels page. This invalidates the OAuth token and stops further syncing. You can also revoke access directly at Google/Meta/LinkedIn/X (links in our Terms).
  • Delete individual items — posts, drafts, ideas, templates, tags, inbox messages, and preview links can all be deleted from the dashboard.
  • Delete your account — email privacy@sociolinki.com with subject "Data Deletion Request". We process within 48 hours. We will also revoke stored OAuth tokens on your behalf.
  • Export your data — available on request via the same email address.
  • GDPR / CCPA rights — right to access, rectify, erase, restrict processing, object, and port your data. Contact us to exercise any of these.

How long we keep data

  • Account data and content assets — for as long as your account is active, plus 30 days after deletion request for recovery purposes, then permanently removed.
  • OAuth tokens — until you disconnect the channel or delete your account; then deleted and (for supported platforms) revoked upstream.
  • Client preview links — automatically expire and are purged 24 hours after creation.
  • Request logs — retained for up to 30 days, then deleted or aggregated.
  • Billing records — retained as long as required by applicable tax and financial regulations.

Security

  • All traffic is encrypted in transit (TLS/HTTPS).
  • Passwords are hashed with bcrypt; we cannot read them.
  • Client preview link passwords are also bcrypt-hashed — we verify, we don't store the plaintext.
  • Access to production systems is restricted and audited.
  • We report material security incidents to affected users promptly, in line with applicable law.

Children's privacy

Socio Linki is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy as the product evolves. The "Last updated" date at the top reflects the most recent change. For material changes, we will give reasonable notice — typically via in-app notice or email.

Contact

Questions, concerns, or requests? Email privacy@sociolinki.com. We aim to respond within 48 hours.