Privacy Policy

When you use SocialProX we collect the following information:

• Account information: Your name, email address, and profile image from Google OAuth when you sign in.
• Facebook credentials: Session cookies, auth tokens (fb_dtsg, lsd, user ID), and optional TOTP secrets you import via pairing code or extension sync. These are stored encrypted (AES-256).
• Facebook page data: Page IDs, page names, payout source IDs, and monetization tool approval statuses — fetched on demand when you run operations.
• Operation logs: Records of every operation performed (type, page, payout ID, success/failure, timestamp) for your activity history.
• Credit transactions: Records of credit purchases and deductions.
• Usage data: Basic server-side logs including request timestamps and error messages. No IP addresses are stored permanently.

We use your data solely to provide and improve the Service:

• Facebook credentials are used exclusively to execute the operations you request — we replay your authenticated sessions to Facebook's API on your behalf.
• Page and operation data is used to display your activity history, cross-check results, and job statuses in the dashboard.
• Email is used for account identification and may be used to send important service announcements (never marketing without consent).

When you connect a social media account (Instagram, Facebook, TikTok, YouTube) via OAuth, we store:

• Your account name, handle, and profile image (from the platform's API).
• OAuth access tokens and refresh tokens, encrypted at rest.
• Linked pages or channels associated with the account.

These tokens are used solely to perform upload and automation operations you configure. We do not access any content from your accounts beyond what is required to execute your configured automations.

We do not monitor, review, or take responsibility for any content uploaded through these connected accounts. Content upload history is logged for your own reference only.

• Your Facebook passwords — we use session cookies, not passwords.
• Payment card numbers — payments are handled manually via Binance/WhatsApp.
• Your Facebook messages, posts, or personal content.

We do not sell, rent, or share your data with third parties for marketing or any commercial purpose.

We may share data only in these limited circumstances:

• Infrastructure providers: Neon (database), Upstash (Redis cache), Vercel (hosting), and ProxyJet (residential proxy for Facebook requests). Each is bound by their own privacy terms and receives only the minimum data needed.
• Legal requirements: If required by law, court order, or to protect the rights and safety of users and the public.

• All Facebook credentials are encrypted at rest with AES-256.
• All connections use TLS in transit.
• Access to the database is restricted to server-side code only.
• Admin access is restricted by email allowlist verified via Google OAuth.
• We do not log your credentials or display them in plaintext anywhere.

• Account & credentials: Retained until you delete your account or disconnect an FB account.
• Operation logs: Retained for 90 days by default, then automatically purged.
• Credit transactions: Retained indefinitely for financial record keeping.
• After account deletion: All personal data including credentials and logs are deleted within 30 days.

You have the right to:

• Access: Request a copy of all data we hold about you.
• Deletion: Request deletion of your account and all associated data.
• Portability: Request your operation history in a machine-readable format.
• Correction: Update inaccurate profile information via the dashboard.

To exercise these rights, contact us via WhatsApp or through the support channel.

SocialProX uses only session-essential cookies for authentication (NextAuth.js session token). We do not use tracking cookies, analytics cookies, or advertising cookies.

The Service integrates with third-party social media platforms on your behalf. Your use of each platform is governed by that platform's own terms and privacy policy. We are not affiliated with, endorsed by, or sponsored by any of the following:

• Meta Platforms, Inc. (Facebook, Instagram)
• Google LLC / YouTube
• TikTok Ltd. / ByteDance

We are not responsible for how these platforms handle your data or how they respond to content uploaded through the Service.

We may update this Privacy Policy. Material changes will be communicated via the dashboard. Continued use of the Service after changes constitutes acceptance.

For any privacy-related questions or requests, contact us via WhatsApp (see the Credits page) or through the support channel in your dashboard.