Privacy Policy

Last updated: April 14, 2026

1. Acceptance of Privacy Policy

Welcome to SoSocial (https://so-social.co), an AI-powered social media management platform. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use our website, applications, and services (collectively, the "Services").

By creating an account, accessing, or using any part of the SoSocial Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must not use our Services. Your continued use of the Services after any modifications to this Privacy Policy constitutes your acceptance of those changes.

This Privacy Policy applies to all users of SoSocial, including individuals, businesses, and organisations that register for or use our platform to manage their social media presence. It covers information collected through our website, web application, APIs, and any related services or communications.

2. Information We Collect

We collect various types of information in connection with the Services, including information you provide directly, information collected automatically, and information received from third-party platforms you connect to SoSocial.

2.1 Personal Information We Collect Directly

When you register for an account, use our Services, or communicate with us, you may provide us with the following personal information:

• Account Information: Your name, email address, and password when you create a SoSocial account.
• Profile Information: Organisation or company name, job title, website URL, and other professional details you choose to provide.
• Brand Settings: Brand name, description, tone of voice, content themes, and other configuration data you enter to personalise AI-generated content.
• Content Data: Social media posts, captions, images, videos, and other content you create, upload, schedule, or publish through our platform.
• Payment Information: If applicable, billing details processed through our third-party payment provider. We do not directly store full credit card numbers on our servers.
• Communications: Messages, feedback, support requests, and other correspondence you send to us.

2.2 Information We Automatically Collect

When you access or use our Services, we automatically collect certain technical and usage information, including:

• Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers.
• Log Data: IP address, access times, pages viewed, referring URL, and actions taken within the platform.
• Traffic Data: Information about your interactions with our Services, including features used, buttons clicked, and navigation patterns.
• Performance Data: Page load times, error logs, and other diagnostic information to help us maintain and improve the Services.
• Location Data: Approximate geographic location derived from your IP address. We do not collect precise geolocation data.

3. How We Collect Information

We collect information through the following methods:

• Account Registration: When you sign up for SoSocial, we collect the personal information you provide during the registration process.
• Use of Services: As you interact with our platform—scheduling posts, generating content with AI, viewing analytics, or managing your social accounts—we collect data about your usage patterns and the content you create.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity. See Section 4 for details.
• Third-Party Platform Integrations: When you connect your social media accounts (Facebook, Instagram, X/Twitter) via OAuth, we receive access tokens and profile information as authorised by you and the respective platform. See Section 8 for details.
• Communications: When you contact us via email or through in-app support, we collect the information contained in your messages.
• Third-Party Sources: We may receive information from analytics providers, advertising partners, and other third-party sources, which we may combine with information we collect directly.

4. Cookies and Tracking Technologies

SoSocial uses cookies and similar technologies to enhance your experience, analyse usage, and deliver relevant content. This section explains what these technologies are and how we use them.

4.1 Cookies

Cookies are small text files stored on your device when you visit our website or use our application. We use the following types of cookies:

• Strictly Necessary Cookies: These are essential for the operation of our Services. They include authentication cookies (JWT tokens) that keep you signed in, session cookies, and security cookies that protect against cross-site request forgery. Without these cookies, the Services cannot function properly.
• Performance and Analytics Cookies: These cookies help us understand how visitors interact with our Services by collecting information about pages visited, time spent on pages, and any errors encountered. This data is aggregated and anonymised where possible.
• Functionality Cookies: These cookies remember your preferences and settings, such as language preferences, display configurations, and customisation choices, so you do not need to re-enter them each time you visit.

4.2 Web Beacons and Analytics

We may use web beacons (also known as pixel tags or clear GIFs) in conjunction with cookies to track user activity and gather statistics about how our Services are used. Web beacons are tiny, invisible images embedded in web pages or emails that allow us to count visitors, track email open rates, and measure the effectiveness of our communications.

We may use third-party analytics services to help us analyse how users interact with our platform. These services may use cookies and similar technologies to collect and analyse usage data, and they may provide us with reports and insights to help us improve our Services.

4.3 Your Cookie Choices

You can manage your cookie preferences in the following ways:

• Browser Settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set. Please note that disabling strictly necessary cookies may prevent you from using certain features of our Services.
• Opt-Out Links: Some third-party analytics providers offer opt-out mechanisms. For example, you can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Do Not Track: Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals, but we respect your other cookie choices as described above.

5. Artificial Intelligence and Automated Processing

SoSocial integrates artificial intelligence capabilities powered by Anthropic's Claude language models to help you create, manage, and optimise your social media content. This section explains how AI is used within our Services and how your data is processed in connection with these features.

5.1 AI-Powered Features

Our AI features include, but are not limited to:

• Caption Generation: AI generates platform-specific captions for Facebook, Instagram, and X/Twitter based on your input, brand settings, and top-performing past content.
• Hashtag Suggestions: AI analyses your content to recommend relevant hashtags that may improve discoverability.
• Engagement Scoring: AI evaluates your draft content and provides an estimated engagement score (1–10) to help you assess potential performance before publishing.
• Content Calendar Generation: AI creates weekly content plans tailored to your brand voice, content themes, and historical performance data.
• Topic Research: AI researches topics using real-time web search data to produce summaries, key insights, social media captions, and blog post drafts.
• Performance Insights: AI analyses your analytics data to identify trends, recommend posting strategies, and surface actionable insights.
• Inbox Reply Suggestions: AI suggests responses to incoming messages, comments, and mentions based on context and your brand voice.

5.2 Data Used for AI Processing

When you use AI features, the following data may be sent to our AI service provider (Anthropic) for processing:

• Your brand settings (brand name, description, tone of voice, content themes)
• Content you input for caption generation, scoring, or enhancement
• Aggregated analytics data (e.g., top-performing post content and engagement metrics) used to inform AI recommendations
• Topic research queries and associated web search results
• Inbox messages and comments for which you request AI reply suggestions

We do not send your OAuth tokens, passwords, payment information, or other sensitive credentials to AI service providers. Our AI provider (Anthropic) processes data according to their own privacy policy and does not use your data to train their models.

5.3 Opting Out of AI Features

All AI features in SoSocial are opt-in. You are never required to use AI-generated content—you may compose, schedule, and publish content entirely manually. If you wish to avoid AI processing entirely, simply refrain from using AI-powered features such as caption generation, hashtag suggestions, engagement scoring, content calendar generation, topic research, and inbox reply suggestions.

If you have previously used AI features and wish to request deletion of data processed through those features, please contact us at privacy@so-social.co.

6. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Operating the Services: To create and manage your account, authenticate your identity, schedule and publish social media content on your behalf, deliver AI-powered features, display analytics, and otherwise operate the SoSocial platform.
• Improving and Developing the Services: To understand how users interact with our platform, identify areas for improvement, develop new features, and optimise performance and user experience.
• Communication: To send you service-related notices (e.g., account verification, security alerts, system updates), respond to your inquiries and support requests, and, with your consent, send marketing communications about new features or offers.
• Personalisation: To tailor your experience, including customising AI-generated content based on your brand settings and usage history, and remembering your preferences.
• Analytics and Reporting: To generate aggregated, anonymised analytics about platform usage, track the performance of your published social media content, and provide you with engagement insights.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorised, or illegal activity, protect the security of our platform and users, and enforce our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, and to establish, exercise, or defend legal claims.

We process your personal information based on the following legal grounds under applicable data protection laws: (a) performance of our contract with you (providing the Services); (b) our legitimate interests (improving and securing the Services); (c) your consent (where required, e.g., for marketing emails or AI features); and (d) compliance with legal obligations.

7. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

• Service Providers: We share information with trusted third-party vendors who perform services on our behalf, such as cloud hosting and infrastructure (e.g., DigitalOcean), AI processing (Anthropic), web search services (Serper.dev), image sourcing (Unsplash), analytics, email delivery, and payment processing. These providers are contractually obligated to use your information only for the purposes of providing their services to us and in accordance with this Privacy Policy.
• Social Media Platforms: When you connect your social media accounts and schedule or publish content through SoSocial, we transmit your content (posts, images, videos, captions) to the relevant platforms (Facebook, Instagram, X/Twitter) on your behalf using the access tokens you have authorised. These platforms process your data according to their own privacy policies.
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a law enforcement request.
• Business Transfers: If SoSocial is involved in a merger, acquisition, reorganisation, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
• With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.
• Aggregated or Anonymised Data: We may share aggregated, de-identified, or anonymised information that cannot reasonably be used to identify you for any purpose, including research, analytics, and improving our Services.

8. Social Media Platform Data

A core function of SoSocial is enabling you to manage your social media presence across multiple platforms. This section explains how we handle data related to your connected social media accounts.

8.1 Account Connection via OAuth

When you connect a social media account (Facebook, Instagram, or X/Twitter) to SoSocial, you are redirected to that platform's authorisation page where you grant SoSocial specific permissions. We use the industry-standard OAuth 2.0 protocol (with PKCE for X/Twitter) to establish these connections. We only request the minimum permissions necessary to provide our Services.

8.2 Data We Access and Store

Through your authorised connections, we may access and store the following data:

• OAuth Access Tokens: Encrypted and stored using AES-256-GCM encryption at rest. These tokens allow us to perform actions on your behalf, such as publishing posts and retrieving analytics.
• Profile Information: Platform user ID, page or account name, and profile picture URL as provided by the platform.
• Engagement Metrics: Likes, comments, shares, impressions, reach, and other analytics data for posts published through SoSocial, retrieved periodically to populate your analytics dashboard.
• Inbox Data: Direct messages, comments, and mentions received on your connected accounts, displayed in the SoSocial inbox for unified management.

8.3 Publishing on Your Behalf

When you schedule or publish content through SoSocial, we use your authorised access tokens to submit that content to the designated social media platforms at the times you specify. You retain full control over what content is published and when. We do not publish content to your accounts without your explicit instruction.

8.4 Revoking Access

You may disconnect any social media account from SoSocial at any time through the Settings page. Upon disconnection, we delete the stored access tokens for that account. You may also revoke SoSocial's access directly through the connected platform's settings. Please note that content already published to a platform will remain on that platform and is subject to that platform's own terms and policies.

9. Data Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption at Rest: All OAuth access tokens and refresh tokens are encrypted using AES-256-GCM before being stored in our database, ensuring that even in the event of a data breach, these credentials remain protected.
• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2 or higher).
• Authentication: User sessions are managed using JSON Web Tokens (JWT) with secure secret keys. Passwords are hashed using industry-standard algorithms before storage.
• Access Controls: We restrict access to personal information to authorised personnel who require it to perform their duties and are bound by confidentiality obligations.
• Infrastructure Security: Our servers are hosted on reputable cloud infrastructure with firewalls, intrusion detection, and regular security updates.
• Regular Reviews: We periodically review our security practices and update them as necessary to address emerging threats and vulnerabilities.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. If you become aware of any unauthorised access to your account, please contact us immediately at privacy@so-social.co.

10. Data Retention

We retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Specifically:

• Active Accounts: We retain your account information, content, and associated data for as long as your account remains active and you continue to use our Services.
• Deleted Accounts: If you request account deletion, we will delete or anonymise your personal information within 30 days of your request, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing our agreements, or complying with legal obligations).
• Analytics Data: Engagement metrics and analytics data for published posts are retained for the duration of your account to provide historical performance insights.
• Usage Logs: API usage logs and server logs may be retained for up to 12 months for security, debugging, and billing purposes, after which they are automatically deleted or anonymised.
• Legal Obligations: Certain information may be retained for longer periods as required by applicable tax, accounting, or other legal requirements.

To request deletion of your account and associated personal data, please contact us at privacy@so-social.co. We will process your request promptly and confirm deletion once complete.

11. Children's Privacy

SoSocial is not intended for use by individuals under the age of 18. We do not knowingly collect, solicit, or maintain personal information from anyone under 18 years of age. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at privacy@so-social.co so that we can take appropriate action.

12. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information. We are committed to honouring these rights and making it easy for you to exercise them.

12.1 Rights Under the GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: You have the right to request a copy of the personal information we hold about you and to obtain information about how we process it.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request that we delete your personal information where there is no compelling reason for its continued processing.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest its accuracy or object to processing.
• Right to Data Portability: You have the right to receive the personal information you have provided to us in a structured, commonly used, machine-readable format and to transmit that information to another controller.
• Right to Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
• Right to Object: You have the right to object to the processing of your personal information where we rely on legitimate interests as a legal basis, including profiling based on legitimate interests.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

As SoSocial operates from Dublin, Ireland, the lead supervisory authority for GDPR purposes is the Irish Data Protection Commission (DPC). You can contact the DPC at www.dataprotection.ie.

12.2 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. Should this change, you will be notified and provided with an opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.
• Right to Limit Use of Sensitive Information: If we collect sensitive personal information, you have the right to limit its use and disclosure to what is necessary to perform our Services.

To exercise any of these rights, please contact us at privacy@so-social.co. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

12.3 Rights Under PIPEDA (Canadian Residents)

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with the following rights:

• Right to Access: You have the right to request access to the personal information we hold about you and to be informed of its use and disclosure.
• Right to Correction: You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.
• Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.
• Right to Complain: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not handled your personal information in accordance with PIPEDA.

To exercise any of these rights, please contact us using the details provided in Section 16 below.

13. International Data Transfers

SoSocial is operated from Dublin, Ireland, and our primary servers are located in the European Union. However, your personal information may be transferred to, stored in, and processed in countries outside of your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

Specifically, your data may be processed outside the EU/EEA when:

• We use third-party service providers whose servers are located in the United States or other jurisdictions (e.g., Anthropic for AI processing, social media platform APIs).
• You connect social media accounts that are managed by companies headquartered outside the EU/EEA (e.g., Meta, X Corp.).

Where we transfer personal data outside the EU/EEA, we ensure that adequate safeguards are in place in accordance with GDPR requirements. These safeguards may include:

• Transfers to countries that the European Commission has recognised as providing an adequate level of data protection.
• Use of Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers.
• Reliance on the recipient's binding corporate rules or other approved transfer mechanisms.

By using our Services, you acknowledge and consent to the transfer of your information to jurisdictions outside your country of residence. If you have questions about our international data transfers, please contact us at privacy@so-social.co.

14. Third-Party Services

Our Services may contain links to, or integrations with, third-party websites, platforms, and services that are not owned or controlled by SoSocial. This Privacy Policy applies only to information collected by SoSocial through our own Services.

When you interact with third-party services through SoSocial—such as connecting your Facebook, Instagram, or X/Twitter accounts—those platforms collect and process data according to their own privacy policies. We encourage you to review the privacy policies of any third-party services you access through our platform:

• Meta (Facebook & Instagram): https://www.facebook.com/privacy/policy/
• X (formerly Twitter): https://x.com/en/privacy
• Anthropic (AI Provider): https://www.anthropic.com/privacy
• WordPress: https://automattic.com/privacy/

We are not responsible for the privacy practices, content, or security of any third-party websites or services. Any information you provide directly to a third party is subject to that party's privacy policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this page.

If we make material changes that significantly affect how we collect, use, or share your personal information, we will provide prominent notice through one or more of the following methods:

• Posting a prominent notice on our website or within the SoSocial application.
• Sending an email notification to the address associated with your account.
• Displaying an in-app notification the next time you log in.

Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the revised policy, you should discontinue your use of the Services and contact us to delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@so-social.co
• Company: SoSocial
• Address: Dublin, Ireland

We aim to respond to all privacy-related inquiries within 30 days. For requests made under the GDPR, CCPA/CPRA, or PIPEDA, we will respond within the timeframes required by applicable law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For EU/EEA residents, you may contact the Irish Data Protection Commission at www.dataprotection.ie.