Privacy Policy

Effective Date: January 18, 2025

Welcome to Social Forge. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media automation platform.

1. Information We Collect

Personal Information

When you register for an account, we collect:

  • Email address
  • Name (first and last name)
  • Company/Organization name
  • Password (encrypted)
  • Profile picture (optional)
  • Bio (optional)
  • Timezone preference

Authentication Information

If you choose to authenticate using third-party services:

  • OAuth provider details (GitHub, Google, Farcaster)
  • Provider user ID
  • Email address from provider

Usage Information

We automatically collect certain information when you use our service:

  • IP address
  • Browser type and version (User Agent)
  • Last online timestamp
  • Language preference
  • Organization preferences

Content and Social Media Data

To provide our services, we process:

  • Social media posts and content you create
  • Connected social media account information
  • Media files (images, videos) you upload
  • AI-generated content based on your prompts
  • Analytics data from connected platforms

TikTok-Specific Data

When you connect your TikTok account, we collect:

  • TikTok username and profile information
  • OAuth access tokens (expire after 24 hours)
  • OAuth refresh tokens (valid for 1 year)
  • Content posting permissions you grant
  • Video engagement metrics and analytics
  • Privacy settings for each post

You control which permissions to grant us. TikTok allows you to approve only a subset of requested permissions. All TikTok data processing follows TikTok's Privacy Policy.

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain our social media automation services
  • Authenticate your identity and manage your account
  • Post content to your connected social media accounts with your explicit consent
  • Generate AI-powered content based on your requests
  • Provide analytics and insights about your social media performance
  • Communicate with you about your account and services
  • Improve our services and develop new features
  • Comply with legal obligations and platform requirements

User Consent for Posting

We only post content to your social media accounts after receiving your explicit consent. For TikTok specifically:

  • You must manually review and approve each post before publishing
  • You select privacy settings for each post (no default values)
  • You can revoke posting permissions at any time
  • We display what will be posted before you confirm

3. Third-Party Services

We integrate with various third-party services to provide our functionality:

Social Media Platforms

We connect to over 20 social media platforms including:

  • Facebook, Instagram, Twitter/X, LinkedIn, YouTube
  • TikTok, Pinterest, Reddit, Discord, Slack
  • Telegram, Mastodon, Bluesky, Threads, Nostr
  • Lemmy, Dribbble, VK, and custom Mastodon instances

Each platform has its own privacy policy. We only access the permissions necessary to post content and retrieve analytics on your behalf.

AI Services

We use AI services for content generation:

  • OpenAI (GPT-4) for text generation
  • Anthropic (Claude) for AI assistance
  • Google (Gemini) for AI features

Content you create using these services is processed according to their respective privacy policies. We do not share your personal information with these services beyond what is necessary for content generation.

4. Cookies and Tracking

We use cookies to enhance your experience:

  • Authentication Cookie (auth): Maintains your login session
  • Language Cookie (i18next): Remembers your language preference
  • Organization Cookies: Temporary cookies for organization management
  • Marketplace Cookie: Remembers your marketplace preferences

All cookies are essential for the operation of our service. We do not use third-party analytics or tracking cookies.

Note: We do not use TikTok Pixel or similar tracking technologies. Any analytics data from TikTok is obtained through their official API with your consent.

5. Data Storage and Security

We implement industry-standard security measures:

  • Passwords are encrypted using bcrypt
  • JWT tokens for secure authentication
  • HTTPS encryption for all data transmission
  • Rate limiting to prevent abuse
  • Input validation to prevent injection attacks
  • Regular security updates and monitoring

Your data is stored in secure PostgreSQL databases with Redis caching. Media files are stored using configurable storage providers (Cloudflare R2, S3-compatible, or local storage).

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete content, we use soft deletion which marks items as deleted but retains them for recovery purposes. You may request permanent deletion of your data by contacting support.

Platform-Specific Retention

For connected social media accounts:

  • TikTok OAuth Tokens: Access tokens are refreshed every 24 hours; refresh tokens are retained for up to 1 year or until revoked
  • Posted Content: Metadata retained for analytics purposes as long as account is active
  • Analytics Data: Retained for 2 years for performance tracking
  • Revoked Permissions: Token data deleted immediately upon revocation

You can disconnect any social media account at any time, which will immediately delete associated authentication tokens.

7. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Update or correct your information
  • Delete your account and associated data
  • Disconnect social media integrations
  • Export your data
  • Opt-out of email communications

8. International Data Transfers

Our service is available globally and supports 15 languages. Your data may be processed in different countries depending on the location of our servers and third-party services. We ensure appropriate safeguards are in place for international data transfers.

9. Children's Privacy

Social Forge is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@socialforge.ai

Website: https://socialforge.ai

← Back to Home