Legal
Privacy Policy
Last updated: April 14, 2026
1. Who we are
SocialCRM.org (“we”, “us”, or “our”) is a social media management platform that helps creators, brands, and agencies plan, schedule, and publish content across multiple social networks. This Privacy Policy explains how we collect, use, store, and share information when you use our service at socialcrm.org.
2. Information we collect
Account information
When you sign in via Google or X (Twitter), we receive your name, email address, profile picture, and a unique identifier from that provider. We do not receive or store your social login password.
Connected social accounts
When you connect a social media account (e.g. Instagram, LinkedIn, TikTok), we store OAuth access tokens issued by those platforms. These tokens allow us to publish content on your behalf. We store the account username, display name, avatar, and platform user ID. We do not store your social media passwords.
Content you create
We store the posts, captions, media files, and scheduling data you create within SocialCRM.org. This includes drafts, scheduled posts, and published post records.
Brand voice & persona
If you configure a brand persona (tone, audience, style notes, example posts), we store this to personalise AI-generated content for you.
Usage data
We may collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security monitoring and improving the service.
3. How we use your information
- To operate the platform: authenticate you, publish posts, and manage your content schedule
- To provide AI features: generate post ideas, rewrite content, and suggest hashtags using your persona and content as context
- To show analytics: retrieve engagement metrics from connected platforms via our publishing partner
- To communicate with you: send transactional emails (e.g. password reset, account alerts). No marketing emails without your consent
- To improve the service: analyse aggregated, anonymised usage patterns
- To comply with legal obligations and enforce our Terms of Service
4. Third-party services
Outstand
We use Outstand as our social publishing infrastructure. Your connected account OAuth tokens and post content are transmitted to Outstand to execute publishing. Outstand's own privacy policy governs their handling of this data.
Google & X (Twitter)
Used for social sign-in. We receive only the profile data described in Section 2 and do not share your data back to these providers beyond the standard OAuth flow.
AI providers
Post content and persona data may be sent to AI model providers (e.g. Google Gemini) to generate content. We do not use your content to train third-party AI models beyond what their standard API terms permit.
5. Data retention
We retain your account data for as long as your account is active. If you delete your workspace or account, your posts, media, and persona data are permanently deleted within 30 days. OAuth tokens for disconnected social accounts are revoked and deleted immediately.
6. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (“right to be forgotten”)
- Object to or restrict certain processing
- Data portability: receive your data in a machine-readable format
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
7. Security
All data is transmitted over HTTPS. OAuth tokens are stored encrypted at rest. We do not log or display full access tokens in our UI. We conduct periodic security reviews. Despite these measures, no system is completely secure. If you discover a vulnerability please report it to [email protected].
8. Cookies
We use cookies and local storage to maintain your session and preferences. See our Cookie Policy for full details.
9. Children
SocialCRM.org is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with data, contact us and we will delete it promptly.
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions: [email protected]
For general enquiries: Contact page