Privacy Policy

Last Updated: March 05, 2026

SocialFuse LTD ("SocialFuse," "we," "us," or "our") respects your privacy and is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

---

1. Data Controller

Entity: SocialFuse LTD
Address: Spartis 4, Limassol, Cyprus
Contact: privacy@socialfuse.net
Data Protection Officer (DPO): dpo@socialfuse.net

2. Data We Collect

We collect data through direct interaction and through third-party platform APIs.

2.1. Directly Provided Data

• Account Info: Name, email, password, profile settings.
• Billing Info: Payment details (processed securely via Stripe/PayPal; we do not store full credit card numbers).
• Customer Support: Communications sent to our support teams.

2.2. Data from Third-Party APIs (Meta, Google, LinkedIn, TikTok)

• Profile Info: Username, profile picture, account ID.
• Content: Posts, comments, messages (for the Inbox feature).
• Metrics: Likes, shares, reach, impressions, and engagement data.
• OAuth Tokens: Encrypted access and refresh tokens to facilitate API communication.

3. Legal Basis for Processing (GDPR Art. 6)

We process data under the following legal bases:

• Performance of a Contract: To provide the Service you have registered for.
• Legitimate Interests: To improve our Service and ensure its security.
• Consent: Where you have explicitly granted permission (e.g., connecting a social account).
• Legal Obligation: To comply with regulatory or legal requirements.

4. Third-Party API Compliance

4.1. Meta (Facebook & Instagram)

• Access: We access data per the permissions (scopes) you grant during the OAuth flow.
• Usage: Meta data is used to provide the full range of SocialFuse features, including: composing and publishing posts (including Reels, Stories, and other content formats), managing your inbox and responding to messages and comments, tracking engagement metrics and analytics, and facilitating all social interactions and content management across Facebook and Instagram.
• Revocation: You can revoke our access at any time through the Settings menu in SocialFuse or directly via Facebook/Instagram App Settings.

4.2. Google, LinkedIn, TikTok

Access: We access data per the permissions (scopes) you grant during the OAuth flow for each platform.

Usage: Data from these platforms is used similarly to Meta — for publishing content, managing messages and interactions, tracking performance metrics, and providing the complete social media management experience across all connected channels.

Security: Data retrieved from these platforms is encrypted and protected with the same security standards as Meta data.

5. Cookies and Analytics

• Internal Cookies: Used solely for authentication and session management.
• Google Analytics: Used for internal performance tracking and improving User Experience. You may opt-out through browser settings.

6. Data Sharing (No Third-Party Sales)

We DO NOT sell your data to third parties. We only share data with:

• Service Processors: Trusted providers like DigitalOcean (hosting) and Stripe/PayPal (payment processing).
• API Providers: Transmitting data to Meta, Google, etc., to perform actions you initiate (e.g., publishing a post).

7. Data Retention

7.1. Account and Service Data

We retain your account information, content, and usage data for as long as your account is active and necessary to provide the Service. Upon voluntary account deletion, we delete active copies within thirty (30) days.

7.2. Billing and Transaction Data

Payment records are retained for seven (7) years to comply with Cyprus tax law and financial regulations. Payment processor data (Stripe/PayPal) is retained per their respective retention policies.

7.3. Backups and Archives

Deleted data may remain in backup systems for up to ninety (90) days as part of our disaster recovery procedures. After 90 days, all copies are purged through cryptographic deletion or physical destruction.

7.4. Logs and Analytics

Server logs and analytics data are retained for twelve (12) months for security, performance, and service improvement purposes. Personal data within logs is anonymized after ninety (90) days.

7.5. Right to Erasure

You can request deletion of your data at any time per GDPR Article 17, except where legal obligations require longer retention (e.g., tax records, transaction histories, or regulatory compliance requirements).

8. Data Storage and Security

• Location: Data is hosted on DigitalOcean EU servers (compliant with GDPR data transfer rules).
• Encryption: All API tokens and sensitive communications are encrypted at rest and in transit (SSL/TLS).
• Access Control: Access is restricted to essential personnel under strict confidentiality agreements.

9. Your GDPR Rights

You have the following rights:

• Right of Access: Request a copy of your data.
• Right to Erasure: Request deletion of your data.
• Right to Portability: Request data in a structured, machine-readable format.
• Right to Object/Restrict: Object to specific processing activities.
• Right to Rectification: Correct inaccurate data.

To exercise these rights, email dpo@socialfuse.net.

10. International Data Transfers

While our servers are in the EU, some processors (e.g., Google Analytics, Stripe) may process data in the US. We ensure these transfers are protected by standard contractual clauses or equivalent legal frameworks.

11. Contact

For privacy-related concerns:

Email: dpo@socialfuse.net
Address: Spartis 4, Limassol, Cyprus