Privacy Policy

How Social Poster handles your data

Effective date: 30 April 2026 · Last updated: 30 April 2026

Overview

This Privacy Policy explains how Social Poster ("Social Poster", "we", "us", or "our") collects, uses, stores, shares, retains, and deletes information when you use our application available at https://socialposter.easy-ai.co.uk (the "Service"). It also explains how Social Poster's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

If you have any questions about this policy, contact us at daniel.shulman@gmail.com.

1. Information We Collect

1.1 Account information

When you sign in to Social Poster using Google Sign-In, we receive from Google your basic profile information:

  • Your Google account email address
  • Your name (display name)
  • Your Google account profile picture URL
  • A unique Google account identifier (sub claim)

1.2 Google user data accessed via Google APIs

With your explicit consent during the Google OAuth consent flow, Social Poster requests access to the following Google scopes:

  • https://www.googleapis.com/auth/spreadsheets.readonly — read-only access to Google Sheets you choose to connect.
  • https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile — to identify you in our system.

When you connect a specific Google Sheets spreadsheet, we read:

  • The spreadsheet's metadata (title, sheet/tab names, sharing state).
  • Cell values from the rows and columns you have configured Social Poster to use as content for scheduled social media posts.

We only read spreadsheets you have explicitly selected and connected within Social Poster. We do not list, scan, or read any other files in your Google Drive, and we do not request Google Drive scopes.

1.3 Information you provide directly

You may provide the following information when configuring Social Poster:

  • Connection credentials and metadata for third-party social media platforms you choose to connect (for example, account IDs and OAuth tokens for X/Twitter, LinkedIn, Facebook, Instagram, etc.).
  • Scheduling rules, post templates, and any text or media you create within the app.
  • Support requests, feedback, and other communications you send us.

1.4 Automatically collected information

When you use the Service we automatically collect a limited set of operational information:

  • Log data (IP address, user agent, request timestamps, and error traces) used for debugging and abuse prevention.
  • Authentication tokens (Google OAuth refresh and access tokens) needed to call Google APIs on your behalf.
  • Cookies or similar local-storage tokens that keep you signed in.

We do not use third-party advertising trackers and we do not sell personal information.

2. How We Use Your Information

We use the information described above strictly for the following purposes:

  • Authenticate you and maintain your session within Social Poster.
  • Read content from spreadsheets you have connected so that you can schedule and publish that content to social media platforms you have separately authorized.
  • Schedule and publish posts on your behalf to the social media accounts you have connected.
  • Operate, maintain, and secure the Service, including diagnosing errors, preventing abuse, and protecting against unauthorized access.
  • Communicate with you about service-related matters (for example, OAuth re-authentication prompts, scheduling failures, and important account notices).

We do not use Google user data for advertising, profiling unrelated to the Service, or any purpose outside the features described here.

We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Any automated processing of your spreadsheet content (for example, formatting a row into a post draft) happens only in the context of fulfilling your direct, in-app request.

3. How We Share Information

Social Poster shares information only as described below. We do not sell personal information to third parties.

3.1 Social media platforms you connect

When you instruct Social Poster to publish a post, the post content (and any media you have included) is transmitted to the social media platform you selected (for example, X/Twitter, LinkedIn, Facebook, Instagram). Their use of that content is governed by their own terms and privacy policies.

3.2 Service providers (sub-processors)

We rely on the following categories of trusted service providers to operate Social Poster. These providers process information only on our behalf and under contractual confidentiality and security obligations:

  • Hosting and edge delivery — Vercel Inc. (application hosting and CDN).
  • Database and authentication infrastructure — Supabase Inc. (managed PostgreSQL hosting and auth).
  • Email delivery — transactional email providers used to send service notifications.
  • Error monitoring and logging — error-tracking and log-aggregation providers used to diagnose issues.

3.3 Legal and safety

We may disclose information if we are required to do so by law, valid legal process, or to protect the rights, property, or safety of Social Poster, our users, or the public.

3.4 Business transfers

If Social Poster is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify users before any such transfer takes effect.

3.5 Limited Use disclosure (Google API Services)

Social Poster's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Google user data accessed via Google APIs:

  • Is used only to provide or improve user-facing features of Social Poster that are prominent in the application's user interface.
  • Is not transferred to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • Is not used for serving advertisements.
  • Is not read by humans except (a) with your explicit consent for specific messages, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) when the data has been aggregated and anonymized for internal operational reporting.
  • Is not used to develop, improve, or train generalized or non-personalized AI/ML models.

4. How We Store and Protect Your Information

  • Encryption in transit. All traffic between your browser and Social Poster is served over HTTPS/TLS. All calls to Google APIs and to social media platform APIs are made over TLS.
  • Encryption at rest. Data stored in our managed database is encrypted at rest by our infrastructure providers (Supabase / underlying cloud provider).
  • Access controls. Production database access is restricted to a small number of named administrators using strong authentication. OAuth tokens are stored in restricted-access tables and are never exposed to the client-side application.
  • Token handling. Google OAuth refresh and access tokens are stored encrypted in our database and are used only by server-side processes to call Google APIs on your behalf. Access tokens are short-lived and refreshed only when needed to fulfill your scheduled actions.
  • Network controls. Database connections require authenticated, TLS-protected sessions. Row-level security is enabled on user-scoped tables so that one user's data cannot be queried by another.
  • Operational security. We monitor application logs for anomalies and errors. We promptly patch and update dependencies.

No system can be 100% secure. If we become aware of a security incident affecting your data, we will notify you and, where required, the relevant data protection authority without undue delay.

5. Data Retention and Deletion

5.1 Retention

We retain your information for as long as your Social Poster account is active and for as long as needed to provide the Service. Specifically:

  • Account profile information and OAuth tokens are retained while your account exists.
  • Scheduled posts and post history are retained until you delete them or your account is deleted.
  • Application logs are retained for up to 90 days for debugging and abuse-prevention purposes.

5.2 Disconnecting Google Sheets

You can disconnect Google Sheets access at any time from within Social Poster's Settings page. Disconnecting revokes our stored OAuth tokens for your Google account and immediately stops all further reads of your spreadsheet data. You can additionally revoke Social Poster's access from your Google Account at https://myaccount.google.com/permissions.

5.3 Account deletion and data deletion requests

You can request deletion of your Social Poster account and all associated data at any time by:

  • Using the Delete my account option in the in-app Settings page; or
  • Emailing daniel.shulman@gmail.com from the email address associated with your account with the subject "Delete my account".

When you delete your account, we will:

  • Delete your profile information, OAuth tokens, scheduled posts, post history, and any spreadsheet content cached for the purpose of scheduling.
  • Complete deletion within 30 days of the request, except where retention is required by law (for example, audit logs of authentication events may be retained for a limited period for security and legal-compliance purposes).

5.4 Backups

Routine encrypted backups may temporarily contain a copy of your data after deletion from primary storage. Backup copies are overwritten on a rolling schedule and are not used for any purpose other than disaster recovery.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct or update inaccurate information.
  • Request deletion of your information (see Section 5.3).
  • Object to or restrict certain processing.
  • Receive a portable copy of your information.
  • Lodge a complaint with a data protection authority.

To exercise any of these rights, email daniel.shulman@gmail.com. We will respond within 30 days.

7. International Data Transfers

Social Poster is operated from the United Kingdom and uses infrastructure providers that may process data in the European Union, United Kingdom, and United States. Where personal data is transferred outside your jurisdiction, we rely on appropriate safeguards (for example, Standard Contractual Clauses) put in place by our service providers.

8. Children

Social Poster is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you in the application or by email. Your continued use of Social Poster after the updated policy takes effect constitutes acceptance of the changes.

10. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, contact us at daniel.shulman@gmail.com.

(c) 2026 Social Poster. All rights reserved.

Privacy PolicyTerms and Conditions