Privacy Policy

Last updated: May 26, 2026

1. Who we are

SocialPilot AI ("we", "us") provides social media and messaging automation tooling. Contact: privacy@socialpilotapp.com.

2. Data we collect

  • Account data: name, business name, email, phone, password hash.
  • Connection data: linked-device session tokens, worker tokens, and metadata such as device labels and linked-device counts. WhatsApp session keys are stored on your worker host, not on our servers.
  • Content data: scheduled posts, media uploads, contact lists, AI prompts and outputs.
  • Usage & logs: dispatch logs, heartbeats, error logs, IP address, browser metadata.
  • Billing data: handled by our payment processor (Stripe). We do not store card numbers.

3. Why we process it

  • To provide and operate the Service (contract).
  • To prevent abuse and secure the platform (legitimate interest).
  • To comply with legal obligations.
  • To send transactional and, with consent, marketing emails.

4. Sharing

We share data with: hosting providers, the database backend (Lovable Cloud), the payment processor (Stripe), email providers, and AI model providers (only the prompt content you submit). We never sell personal data.

5. Third-party platforms

When you connect WhatsApp or another platform, that platform processes message content under its own privacy policy. We do not control or own those services.

6. Retention

Account data is retained while your account is active and for up to 12 months after deletion for legal/audit purposes. Dispatch logs are kept for 90 days by default.

7. Your rights (GDPR / CCPA)

You may request access, rectification, deletion, portability, or restriction of your data, and object to processing. Email privacy@socialpilotapp.com. You may also lodge a complaint with your local data protection authority.

8. Security

We use encryption in transit, row-level security on our database, and least-privilege service roles. No system is perfectly secure — report vulnerabilities to security@socialpilotapp.com.

9. Cookies

We use strictly necessary cookies for auth and a minimal analytics cookie. No third-party advertising cookies.

10. International transfers

Data may be processed outside your country, under appropriate safeguards (SCCs or equivalent).

11. Children

The Service is not directed to children under 16.

12. Changes

We will notify material changes by email or in-app at least 14 days in advance.