SocialSail Privacy Policy

1. Introduction

SocialSail ("we", "our", "us") provides a unified platform that enables users to create, schedule, publish and analyse social‑media content across multiple networks. Protecting your privacy is fundamental to our mission. This Privacy Policy explains what personal data we collect, how we use and protect it, and the choices you have.

2. Scope

This Policy applies to visitors to socialsail.app (the "Site"), all registered workspace/organisation owners and members ("Users") and anyone who interacts with our services, mobile or desktop applications, browser extensions, APIs or related offerings (collectively, the "Services"). It does not cover information processed by the social‑media platforms themselves once a post is published.

3. Information We Collect

Category	Examples	Source
Account Data	Name, email, password hash, authentication tokens	You (signup/login)
Organisation Data	Workspace name, billing email, plan	You
Social‑Account Credentials	OAuth tokens, refresh tokens, session cookies, user‑agent strings	You (when you connect an account)
Content Data	Post drafts, titles, bodies, media (≤50 MB/image on free tier), scheduled times, per‑platform overrides	You
Engagement Metrics	Views, likes, comments, reposts, shares, platform permalink IDs	Collected automatically from each network (official APIs or Twikit for X/Twitter)
Usage & Device Data	IP address, browser type, referring pages, feature usage, crash logs	Collected automatically via server logs & Google Analytics
Cookie & Tracking Data	Session cookies, preference cookies, analytics cookies, localStorage values	Collected automatically when you visit the Site

Special note on Twikit

For X/Twitter publishing we use an internal micro‑service that relies on Twikit, an unofficial Python library that authenticates with your session cookies. These cookies are stored encrypted in our database and transmitted only to our Twikit service. SocialSail is not affiliated with X Corp. Use of Twikit may violate X/Twitter's Terms of Service; tokens can be revoked at any time by X Corp.

4. How We Use Your Information

Provide & operate the Services — e.g. save drafts, schedule posts, publish content, retrieve analytics.
Authenticate and secure access — maintain sessions, enforce row‑level‑security (RLS) in our database.
Measure performance & improve the Services — understand feature adoption, detect bugs, plan roadmap.
Communicate with you — account notices, product updates, security alerts. Marketing emails only with your consent (opt‑out at any time).
Enforce terms & protect rights — prevent abuse, investigate fraud, comply with law.

5. Legal Bases (EEA/UK GDPR)

Performance of a contract — to deliver the Services you request.
Legitimate interests — to prevent abuse, improve and secure the Services.
Consent — for marketing emails or when you connect a social‑media account via OAuth or cookies.
Legal obligation — to comply with accounting, tax or lawful data‑access requests.

6. Sharing & Disclosure

We never sell your personal data. We share it only:

Social‑Media Platforms – to publish your content and fetch engagement metrics.
Service Providers & Sub‑processors — e.g. Supabase (database, storage, auth), Vercel (website hosting), n8n & Redis (workflow engine), cloud infrastructure providers, email delivery services, analytics vendors. All are bound by confidentiality and data‑processing agreements.
Business Transfers — if we enter into a merger, acquisition or asset sale.
Legal & Compliance — if required by court order, subpoena or to protect rights, property, or safety of SocialSail, our users or others.

A current list of sub‑processors is available on request at [email protected].

7. International Data Transfers

We are headquartered in Pakistan and use cloud providers located in the United States, European Economic Area (EEA) and other jurisdictions. Where personal data is transferred outside your jurisdiction, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent safeguards.

8. Data Retention

Data category	Retention period
Account & Organisation records	For as long as the account remains active + 90 days, then deleted or anonymised.
Social‑Account credentials	Until you disconnect the account or delete your workspace, or 30 days after tokens expire, whichever is earlier.
Posted content & media	Until you delete the post or your workspace; backups retained for ≤30 days.
Engagement metrics	2 years for historical analytics, then aggregated & anonymised.
Server logs	30 days unless needed for security investigation.

You may delete your account at any time via Settings → Danger Zone or by emailing [email protected].

9. Security Measures

TLS 1.2+ encryption in transit.
AES‑256 encryption at rest for databases and backups.
Credential secrets encrypted using pg_crypto.
RLS policies isolate each organisation's data.
Principle of least privilege for staff and sub‑processor access.
Routine penetration testing and dependency patching.

Despite these measures, no Internet service can guarantee 100% security; you use the Services at your own risk.

10. Your Rights

Depending on your location, you may have rights to:

Access, correct or delete your personal data.
Port your data to another service.
Restrict or object to certain processing.
Withdraw consent at any time.
Lodge a complaint with a supervisory authority.

To exercise any rights, email [email protected]. We will respond within 30 days.

11. Children's Privacy

SocialSail is not directed to children under 16. We do not knowingly collect personal information from children. If we learn that we have done so, we will delete it promptly and disable the account.

12. Third‑Party Links

The Site may contain links to third‑party websites. We have no control over their privacy practices and disclaim responsibility for their content.

13. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you via email or an in‑app banner at least 30 days before the change takes effect. Continued use of the Services after that date constitutes acceptance.

14. Contact Us

If you have questions or concerns about this Policy or our data practices, please contact us:

SocialSail

Attn: Privacy Team

History Ave, Orlando, Florida 32832

Email: [email protected]