SoshFlow Privacy Policy

1. Data we collect

• Account identifiers (user IDs, channel IDs, page IDs) provided through authorized OAuth connections.
• Public and authorized content metadata (post/video IDs, captions, timestamps, engagement metrics).
• Analytics and insights (views, reach, impressions, audience demographics where permitted).
• Technical logs (IP, user agent, request IDs) for security and debugging.

2. How we use data

• To provide requested API services and power connected product features.
• To authenticate users and maintain secure access sessions.
• To improve reliability, performance, and developer tooling.
• To comply with platform policies and applicable laws.

3. Data sharing

We do not sell personal data. We share data only with the user's explicit authorization, service providers acting on our behalf (hosting, analytics), or when required by law.

4. Data retention

We retain connected account data for as long as the user keeps the integration active or as required by law. Users can revoke access at any time, which triggers deletion of stored tokens and associated data within 30 days.

5. Security

• OAuth tokens are encrypted at rest.
• Access is restricted by least privilege and audited regularly.
• We use HTTPS for all traffic and rotate secrets routinely.

6. User controls

• Users can disconnect accounts at any time.
• Users can request data deletion by contacting support.
• We honor platform-specific data deletion requirements.

7. Platform compliance

SoshFlow complies with Meta, TikTok, and Google API policies including data use limitations, permission requirements, and review processes. We only request the minimum scopes needed to deliver user-requested functionality.

8. Contact

For privacy questions or data requests, contact: privacy@soshflow.com