← Back to SimplySocialAI

Privacy Policy

Last updated: April 16, 2026

1. Introduction

SimplySocialAI (“we”, “us”, “our”) is an AI-powered social media management platform for small businesses. This Privacy Policy explains what information we collect, how we use it, how we store it, and what rights you have regarding your data.

By creating an account or using SimplySocialAI, you agree to the practices described in this policy.

2. Information we collect

We collect the following categories of information:

  • Account information — name, email address, and authentication credentials provided through our identity provider (Clerk).
  • Brand profile data — business name, industry, target audience, brand voice, and preferred social media platforms that you provide during onboarding.
  • Content data — post ideas, AI-generated drafts, edits you make to drafts, and scheduling preferences.
  • Social media tokens — OAuth access tokens and refresh tokens for the social media platforms you connect (see Section 4 for how these are stored).
  • Analytics data — post performance metrics (impressions, reach, likes, comments, shares, clicks) collected from connected platforms after publishing.
  • Billing information — payment details are processed and stored by Stripe. We store only your Stripe customer ID and subscription ID, not card numbers or bank details.
  • Usage data — draft counts, feature usage, and error logs used to operate and improve the service.

3. How we use your information

  • Generate AI-powered content tailored to your brand profile using the Anthropic Claude API. Your brand profile and post ideas are sent to Anthropic for content generation. Anthropic does not use API inputs to train their models.
  • Research trending topics in your industry using the Serper search API.
  • Publish approved posts to your connected social media accounts through direct platform APIs (Instagram, Facebook, LinkedIn, TikTok).
  • Collect and display post performance analytics from connected platforms.
  • Process subscription payments through Stripe.
  • Send transactional emails (draft notifications, account updates) through Resend.
  • Monitor errors and service health through Sentry.

4. Social media token storage and security

When you connect a social media platform, we receive OAuth access tokens and refresh tokens that allow SimplySocialAI to publish posts on your behalf. These tokens are treated as highly sensitive data:

  • All OAuth tokens are encrypted at rest using AES-256 encryption before being stored in our database.
  • Encryption keys are stored separately from the database and are never exposed to client-side code.
  • Tokens are only decrypted server-side at the moment of publishing or refreshing, and are never sent to the browser.
  • Our database enforces row-level security (RLS) so that each user's tokens are isolated and accessible only by their own authenticated sessions.
  • You can revoke access at any time by disconnecting a platform in Settings, which deletes the stored tokens.

5. Data storage and infrastructure

  • Application data is stored in Supabase (PostgreSQL) with row-level security enabled on every table.
  • Media files are stored in Cloudflare R2 and served through a CDN.
  • The application is hosted on Vercel.
  • All data is transmitted over HTTPS/TLS.

6. Third-party services

SimplySocialAI integrates with the following third-party services, each governed by their own privacy policies:

  • Clerk — authentication and user management
  • Supabase — database hosting
  • Stripe — payment processing
  • Anthropic (Claude API) — AI content generation
  • Serper — search and trend research
  • Meta (Instagram, Facebook), LinkedIn, and TikTok — direct platform publishing via OAuth
  • Cloudflare R2 — media storage
  • Resend — transactional email
  • Sentry — error monitoring
  • Vercel — application hosting

7. Data retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems, including:

  • Brand profiles and content strategies
  • Post ideas, drafts, and scheduled posts
  • Analytics records and monthly reports
  • Platform connections and encrypted tokens
  • Your Clerk user account
  • Your Stripe subscription (cancelled immediately)

Deletion is permanent and cannot be reversed. Backups that may contain your data are purged within 30 days.

8. Your rights

You have the right to:

  • Access — view all data we hold about you in your dashboard and settings.
  • Edit — update your brand profile, drafts, and account settings at any time.
  • Delete — permanently delete your account and all associated data from Settings > Danger Zone.
  • Revoke access — disconnect any social media platform at any time, which deletes the stored tokens.
  • Export — request a copy of your data by contacting us.
  • Withdraw consent — stop using the service at any time. No content is ever published without your explicit approval.

9. Content approval and publishing

SimplySocialAI never publishes content without your explicit approval. All AI-generated drafts are presented for your review, and only drafts you have manually approved and scheduled will be published to your connected platforms.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the application. Continued use of SimplySocialAI after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at privacy@simplysocialai.com.