Privacy Policy

SocialPosts AI operates the SocialPosts AI platform at socialposts.donnaalxia.com. We provide AI-powered video generation and social media automation services.

For privacy inquiries, contact us at: [email protected]

ACCOUNT INFORMATION — When you register, we collect:

• Full name and email address
• Phone number (optional)
• Password — stored as a bcrypt hash, never in plain text

USAGE DATA — Activity within the platform:

• Videos generated, scheduled, and published
• Channels connected and platform integrations
• Dashboard activity and feature usage

TECHNICAL DATA — Automatically collected when you access the Service:

• IP address, browser type and version, operating system
• Device type (desktop / mobile / tablet)
• Country and city (derived from IP)
• Referring URL and landing page

MARKETING DATA — UTM source, medium, campaign parameters, referral source and affiliate tracking identifiers.

PAYMENT DATA — Payments are processed by Stripe. We do not store your full card number, CVV, or bank details. We receive only: last 4 digits of card, card type, expiry, and billing country.

CONNECTED PLATFORM DATA — When you connect social media accounts we receive:

• Platform access tokens (OAuth 2.0, stored encrypted)
• Channel names, IDs, and basic profile information
• Publishing permissions you explicitly grant

We use the data we collect to:

• Create and manage your account and authenticate login sessions
• Provide the Service — generate videos, schedule posts, publish content, and operate automation workflows
• Process payments — charge subscription fees and send payment receipts
• Send transactional emails — account confirmation, password reset, and billing notifications
• Improve the platform — analyze usage patterns to fix bugs and develop new features
• Detect fraud and abuse — identify suspicious activity and protect the platform
• Legal compliance — comply with applicable laws and regulations
• Marketing communications — send product updates (you may opt out at any time)
• Customer support — respond to support requests and troubleshoot issues

We process your personal data on the following legal bases:

• CONTRACT PERFORMANCE — processing necessary to provide the Service you signed up for
• LEGITIMATE INTERESTS — fraud detection, security, analytics, and service improvement
• LEGAL OBLIGATION — compliance with applicable laws and regulations
• CONSENT — marketing communications (you may withdraw consent at any time)

Where you have provided consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

We do not sell, rent, or trade your personal data. We share data only with trusted service providers necessary to operate the platform:

• STRIPE — Payment processing and subscription management
• KLING AI / FAL.AI — AI video generation (only content prompts shared, no personal user data)
• HETZNER CLOUD — Server infrastructure and hosting (EU-based data centers)
• GOOGLE (GMAIL API) — Transactional email delivery
• N8N — Workflow automation (self-hosted on our infrastructure)

All third-party providers are contractually bound to process data only as instructed by us. We may disclose your information if required by law or court order.

When you connect social media accounts (YouTube, Instagram, TikTok, Facebook, etc.):

• We use OAuth 2.0 — we receive an access token, not your password
• Access tokens are stored encrypted in our database
• We access only the permissions you explicitly grant
• We use access tokens solely to publish content on your behalf as configured
• We do not read your private messages, contacts, or unrelated data

You can revoke our access at any time from your SocialPosts AI dashboard or directly from the platform security settings. Revoking access does not trigger a refund but will stop scheduled publishing to that platform.

• ACTIVE ACCOUNTS — data retained for the duration of the account
• CANCELLED ACCOUNTS — personal data deleted or anonymized within 30 days of termination
• PAYMENT RECORDS — retained for 7 years for legal and tax compliance
• USAGE LOGS — retained for up to 12 months for security and debugging
• BACKUP COPIES — may persist for up to 90 days after deletion requests

You may request deletion of your account and data at any time by emailing [email protected].

Depending on your jurisdiction, you may have the following rights:

• ACCESS — request a copy of the personal data we hold about you
• RECTIFICATION — request correction of inaccurate or incomplete data
• ERASURE — request deletion of your personal data (right to be forgotten)
• RESTRICTION — request that we limit how we process your data
• PORTABILITY — receive your data in a structured, machine-readable format
• OBJECTION — object to processing based on legitimate interests
• WITHDRAW CONSENT — withdraw consent for marketing communications at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

• ESSENTIAL COOKIES — required for the platform to function (authentication sessions, security tokens). Cannot be disabled.
• ANALYTICS COOKIES — help us understand how users interact with the platform using anonymized usage data
• PREFERENCE COOKIES — remember your settings and preferences

We do not use third-party advertising cookies or social media tracking pixels. You can disable non-essential cookies in your browser settings, though some platform features may not function correctly.

• HTTPS ENCRYPTION — all data transmitted is encrypted via TLS
• PASSWORD HASHING — passwords hashed with bcrypt (cost factor 12), never stored in plain text
• DATABASE SECURITY — database access restricted by firewall rules and authentication
• ACCESS TOKENS — social media access tokens encrypted at rest
• REGULAR UPDATES — server software and dependencies are regularly updated
• ACCESS CONTROLS — employee access to user data restricted on a need-to-know basis

Despite these measures, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security.

The Service is intended for users 18 years of age and older. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided personal data, we will delete it promptly.

If you believe a minor has registered, please contact us at [email protected].

Our servers are located in the European Union (Hetzner Cloud, Germany). If you access the Service from outside the EU, your data will be transferred to and processed in the EU. By using the Service, you consent to this transfer.

We may update this Privacy Policy from time to time. When we make material changes, we will update the Last updated date at the top of this page and notify you by email if the changes significantly affect your rights.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

For any privacy-related questions, data requests, or concerns:

Email: [email protected]

Website: https://socialposts.donnaalxia.com

We aim to respond to all privacy inquiries within 5 business days.