Legal

Privacy Policy

Last Updated: April 7, 2026 · Effective Date: April 7, 2026

Introduction

SocialPilot.Ai ("we," "our," or "us") operates socialpilot-ai.com and the SocialPilot AI platform — an AI-powered social media content creation and publishing service built for small and medium businesses.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. We are committed to being transparent and handling your information responsibly.

Information We Collect

We collect information that is necessary to deliver our service:

Account Information

Name and email address
Encrypted password (for portal access)

Business Information

Business name and industry
Brand guidelines, voice, and style preferences
Products, services, and offerings
Logos and imagery provided during onboarding

Social Media Credentials

OAuth access tokens for connected platforms (Instagram, Facebook, LinkedIn, TikTok, YouTube, X/Twitter)
Social media credentials are stored securely with encryption — we treat access to your accounts with the same care as any sensitive financial credential

Content Data

AI-generated posts, captions, images, videos, and carousels
Content drafts, schedules, and publishing history

Performance Data

Engagement metrics (likes, comments, shares, reach, impressions) pulled from connected social media platforms via their official APIs

Usage Data

Anonymous website analytics (page views, session data) via Vercel Analytics

Contact Form Submissions

Name, email, phone, business name, and message content

How We Use Your Information

We use your information to:

Generate and publish social media content on your behalf
Analyze content performance and improve the quality of content we generate for you over time
Manage your account and provide portal access
Communicate with you about your content, account, and our service
Improve our platform and AI content generation capabilities

We will never:

Sell your personal data to third parties
Use your data for advertising or targeting purposes

Third-Party Services & Data Sharing

To operate our service, we work with the following trusted third parties. We share only what is necessary to provide the service.

Meta (Facebook & Instagram)

We access Meta's APIs to publish content and retrieve performance metrics. We request only the permissions necessary for content publishing and analytics.

Data shared: Post content (images, videos, captions), access tokens. Data received: Engagement metrics, account info.

Anthropic (Claude AI)

We use Claude AI to generate captions, scripts, and content strategy. Your business context and brand information are sent to generate relevant content.

Anthropic does not retain data from API calls for model training.

Supabase

Our database provider. All client data is stored in Supabase's infrastructure with encryption at rest and Row Level Security policies enforced.

Vercel

Our hosting provider. Handles web traffic and file storage. We also use Vercel Analytics for anonymous website usage data — no personal identifiers are collected.

HeyGen

Used for AI avatar video creation when clients opt into avatar features. Only clients who enable avatars have data shared with HeyGen.

Resend

Used to send transactional emails such as account invitations and content notifications. Only the email address and relevant notification content are shared.

Blotato

Used for social media publishing and scheduling. Post content, captions, and connected account credentials are shared with Blotato solely to facilitate publishing on your behalf.

Data Security

We take reasonable steps to protect your data:

All data transmitted over HTTPS/TLS encryption
Access tokens stored encrypted in our database
Role-based access controls — clients only have access to their own data
Supabase Row Level Security (RLS) policies enforced at the database level
Regular security audits of our codebase and infrastructure

No system is completely immune to security risks. If you believe your account has been compromised, please contact us immediately at kevin@socialpilot-ai.com.

Data Retention & Deletion

We retain client data for the duration of the service agreement
Content and performance data is retained to improve the quality of content we generate for you
You can request deletion of all your data at any time by contacting us
Upon account termination, we delete client data within 30 days
Social media access tokens are revoked upon account termination

Your Rights

You have the following rights regarding your data:

Access: Request a copy of all data we hold about you
Correction: Update your information through the portal or by contacting us
Deletion: Request deletion of your data at any time
Revocation: Revoke social media platform access at any time through platform settings or by contacting us
Portability: Request your content and data in a standard format

To exercise any of these rights, contact us at kevin@socialpilot-ai.com.

Cookies & Tracking

We use essential cookies for authentication and session management
We use Vercel Analytics for anonymous website usage data — no personal identifiers are included
We do not use advertising cookies or tracking pixels
We do not engage in cross-site tracking

Children's Privacy

Our service is designed for businesses and professionals. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time and will post changes on this page with an updated date
Material changes will be communicated via email to active clients
Continued use of the service after changes take effect constitutes acceptance of the updated policy

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please reach out: