Your Privacy.
Our Commitment.

1. Who We Are

SocialAssist is operated by SocialAssist Technologies Private Limited, a company incorporated under the Companies Act, 2013, with its registered office at 4th Floor, DLF Cyber City, Block A, Gurugram, Haryana — 122002, India.

For all privacy-related matters, our designated Grievance Officer is reachable at privacy@socialassist.in.

2. Data We Collect

2.1 Data You Provide Directly

• Account Information: Name, email address, password (hashed with bcrypt), phone number (optional), company name.
• Profile & Brand Data: Brand name, logo, tone-of-voice preferences, target audience description.
• Payment Information: We process payments via Razorpay. We do not store credit/debit card numbers or UPI IDs on our servers. Razorpay's privacy policy governs payment data.
• Content: Posts you create, AI prompts you enter, images you upload, captions you approve or reject.
• Communications: Support tickets, email exchanges, feature requests.

2.2 Data Collected Automatically

• Log Data: IP address, browser type, operating system, pages visited, time and date, referring URL.
• Device Data: Device type, screen resolution, language settings.
• Usage Data: Features used, posts generated, accounts connected, sessions, click patterns.
• Cookies & Local Storage: Session tokens, theme preferences, analytics cookies (see Section 6).

2.3 Data from Connected Social Platforms

When you connect a social media account (Instagram, Facebook, Twitter/X, LinkedIn, etc.), we receive OAuth tokens and the following data permitted by each platform's API:

• Account name, handle, profile picture, follower/following count.
• Post engagement data (likes, comments, reach, impressions).
• Basic audience demographics (age ranges, top locations — no PII).

We do not read your private messages, contacts, or any data not explicitly authorised via OAuth.

3. How We Use Your Data

• Provide the Service: Authenticate your account, generate AI content, schedule posts, display analytics.
• Improve the Product: Analyse aggregated, anonymised usage patterns to prioritise features and fix bugs.
• Personalisation: Tailor AI suggestions to your brand voice and historical performance.
• Communications: Send transactional emails (password reset, invoice, post failed), product updates (opt-out available), and promotional emails (opt-in only).
• Security: Detect fraud, abuse, and unauthorised access.
• Legal Obligations: Comply with Indian law, respond to lawful government requests, resolve disputes.

We do not: sell your data, share your data with advertisers, use your content to train third-party models without your explicit consent, or display ads within the platform.

4. Data Storage & Security

All data is stored on servers located within India (AWS Mumbai region, ap-south-1). We implement industry-standard security measures:

• AES-256 encryption at rest; TLS 1.3 in transit.
• Passwords hashed with bcrypt (cost factor 12+).
• OAuth tokens stored encrypted; rotated automatically on re-auth.
• Role-based access control for internal team members.
• Regular penetration testing and vulnerability assessments.
• Automated backups with 30-day retention.

Despite our best efforts, no method of internet transmission is 100% secure. We will notify affected users within 72 hours of any confirmed data breach, as required by the DPDP Act, 2023.

5. Third-Party Services

We use the following third-party services. Each has its own privacy policy:

• Razorpay — Payment processing. razorpay.com/privacy
• AWS — Cloud infrastructure. aws.amazon.com/privacy
• OpenAI — AI content generation (prompts sent; data not retained by OpenAI per enterprise agreement). openai.com/privacy
• Google Analytics 4 — Website analytics (anonymised; IP masking enabled). policies.google.com/privacy
• Postmark — Transactional email delivery.

We do not share personally identifiable information with these services beyond what is technically necessary to provide the feature.

6. Cookies & Tracking

We use the following types of cookies:

• Essential Cookies: Session authentication, CSRF protection, theme preferences. Cannot be disabled.
• Analytics Cookies: Google Analytics 4 with IP anonymisation. Track page views and feature usage. Can be disabled via our cookie banner.
• No Ad Cookies: We do not place advertising, retargeting, or tracking pixels from ad networks.

You can clear cookies anytime through your browser settings. Clearing essential cookies will log you out.

7. Your Rights (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023 and related laws, you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Erasure: Request deletion of your account and all associated personal data.
• Portability: Receive your data in a machine-readable format (JSON/CSV).
• Withdraw Consent: Opt out of non-essential data processing and marketing emails at any time.
• Grievance Redressal: Lodge a complaint with our Grievance Officer (see Section 11) or the Data Protection Board of India.

To exercise any right, email privacy@socialassist.in from your registered address. We will respond within 30 days.

8. Data Retention

• Active accounts: Data retained for the duration of the subscription + 90 days grace period.
• After deletion: All personal data permanently deleted within 30 days. Anonymised analytics data may be retained indefinitely.
• Payment records: Retained for 7 years as required by Indian tax law (GST compliance).
• Backups: Backup copies overwritten within 30 days of deletion request.

9. Children's Privacy

SocialAssist is not intended for children under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us their data, please email privacy@socialassist.in and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Send an email notification to all registered users at least 14 days before the change takes effect.
• Display an in-app banner for 30 days after the change.

Continued use of the platform after the effective date constitutes acceptance of the updated policy.

11. Contact & Grievance Officer

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once constituted, or file a complaint with the Ministry of Electronics and Information Technology (MeitY).