Privacy Policy

1. Introduction

Ai-Drop ("we", "our", or "us") operates https://aidrop.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered social media management platform.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

We are committed to complying with applicable data protection laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the data usage policies of all social media platforms we integrate with, including Meta (Facebook and Instagram), X (formerly Twitter), LinkedIn, TikTok, YouTube (Google), Pinterest, Threads, and others.

2. Information We Collect

2.1 Information You Provide Directly

• Account data: Name, email address, password (stored hashed), and billing details when you register.
• Profile data: Profile photo, company name, timezone, language preferences, and brand guidelines you upload.
• Content: Posts, captions, images, videos, and other media you create or upload through the Service.
• Communications: Messages, support requests, and feedback you send to us.
• Payment data: Billing address and payment method details, processed securely by our payment processor. We do not store full credit card numbers.

2.2 Social Media Data Accessed via OAuth

When you connect a social media account to Ai-Drop, you authorize us to access certain data from that platform via OAuth. The specific data we access depends on the permissions you grant and the platform's API policies. This may include:

• Basic profile information (name, profile picture, username, user ID)
• List of pages, groups, or accounts you manage
• Publishing permissions to post content on your behalf
• Analytics and insights data for posts you publish through our Service (reach, impressions, engagement)
• Scheduling and content management permissions

Important: We only request the minimum permissions necessary to provide the Service. We do not access your private messages, contacts, friend lists, or any data not needed for social media management.

2.3 Automatically Collected Data

• Usage data: Pages visited, features used, time spent, clicks, and navigation paths.
• Device & technical data: IP address, browser type, operating system, device identifiers, and referral URLs.
• Cookies: Session cookies (required for authentication), preference cookies, and analytics cookies. See Section 8 for details.
• Log data: Server logs including access times, error logs, and API call records.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Publish content to your connected social media accounts at your direction
• Generate AI-powered content suggestions based on your brand data and preferences
• Process transactions and send billing-related communications
• Send product updates, security alerts, and support messages (you can opt out of non-essential emails)
• Analyze usage patterns to improve features and fix bugs
• Train and improve AI models using anonymized and aggregated data only (we never use your personal social media content to train models without explicit consent)
• Detect, prevent, and respond to fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service

We do not sell your personal data or social media data to third parties. We do not use your data for advertising purposes on behalf of third parties.

4. Social Media Platform Data Policies

Ai-Drop integrates with third-party social media platforms. When you connect these platforms, you are also subject to their respective privacy policies and terms. Our use of data obtained from these platforms complies with each platform's developer policies:

• Meta (Facebook & Instagram): Data obtained via the Meta API is used solely to provide the posting, scheduling, and analytics features you request. We comply with Meta's Platform Terms and Developer Policies. We do not retain Meta user data beyond the period necessary to provide the Service. Users may revoke access at any time through their Facebook or Instagram settings.
• X (Twitter): We comply with X's Developer Agreement and Policy. Data obtained via the X API is used exclusively for publishing and scheduling posts on your behalf.
• LinkedIn: We comply with LinkedIn's API Terms of Use. Data is used solely for posting and analytics as authorized by you.
• Google (YouTube): Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
• TikTok: We comply with TikTok's Developer Terms. Data obtained via the TikTok API is used only for content management and analytics.
• Other platforms (Pinterest, Threads, Reddit, Telegram, and others): We comply with the respective API terms of each platform we support.

Key commitments for all platform integrations:

• We only access data that is necessary to provide the Service
• We do not transfer social media platform data to data brokers, advertising networks, or analytics providers without explicit platform permission
• We allow users to disconnect any platform account at any time, after which we delete the associated OAuth tokens and cease data access
• We do not use platform data to build user profiles beyond what is needed to provide the Service
• Platform data is not used for purposes beyond the user's intended use of the Service

5. How We Share Your Information

We may share your information only in the following limited circumstances:

• Service providers: We work with trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing, email delivery). These providers are contractually bound to handle your data securely and only for the specified purpose.
• Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you by email and/or a prominent notice on our website prior to your data becoming subject to a different privacy policy.
• Legal requirements: We may disclose your information if required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of Ai-Drop, our users, or the public.
• With your consent: We may share your data with third parties when you have explicitly authorized it.

We do not share your social media account content, private messages, or analytics data with any third party except as described above or as required to operate the Service.

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account:

• Your personal account data will be deleted within 30 days
• Social media OAuth tokens are revoked and deleted immediately
• Published post history and analytics data you created are deleted within 30 days
• Backups may retain data for up to 90 days before permanent deletion
• Financial transaction records are retained for 7 years as required by law

Social media data accessed via APIs is not retained longer than necessary to provide the requested feature. We do not cache or store social media platform data beyond session or operational requirements.

7. Data Security

We implement industry-standard security measures to protect your information:

• All data is transmitted over HTTPS/TLS encryption
• Passwords are hashed using bcrypt with a secure salt
• OAuth tokens are encrypted at rest using AES-256
• Access to production systems is restricted to authorized personnel only
• We conduct regular security audits and vulnerability assessments

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities as required by law.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential cookies: Required for authentication and core functionality (e.g., session management, security tokens). Cannot be disabled.
• Preference cookies: Remember your settings such as language, theme (dark/light), and UI preferences.
• Analytics cookies: Help us understand how users interact with the Service to improve it. We use privacy-respecting analytics that anonymize IP addresses.
• Translation cookies: Used by Google Translate if you select a non-English language. Subject to Google's Privacy Policy.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the Service. For more information on managing cookies, visit your browser's help documentation.

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Withdraw consent at any time where processing is based on consent.
• Disconnect social accounts: Revoke our access to any connected social media account at any time from your account settings or directly from the social media platform.

To exercise these rights, contact us at Support@aidrop.app. We will respond to verified requests within 30 days (or as required by applicable law).

California Residents (CCPA): You have the right to know what personal information we collect, disclose, or sell; to request deletion of your personal information; and to opt-out of the sale of your personal information. We do not sell personal information. To submit a request, email us at Support@aidrop.app.

10. Children's Privacy

The Service is not directed to individuals under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children under these ages. If we become aware that a child has provided us with personal information, we will take steps to delete such information. If you believe a child has provided us data, contact us immediately at Support@aidrop.app.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer personal data from the European Economic Area (EEA) or the United Kingdom to third countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Third-Party Links

The Service may contain links to third-party websites and social media platforms. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites. We encourage you to review the privacy policy of every website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, via email or a prominent notice on the Service. We encourage you to review this Privacy Policy periodically.