Privacy Policy

1. Introduction

ScoutSocial (“we”, “us”) is a B2B social media management platform operated by ScoutSocial. This policy explains how we collect, use, and protect personal data when you use our platform.

2. Information We Collect

• Account data: name, email, organization info (via Clerk authentication)
• Social accounts: connected platform credentials, profile data (LinkedIn, X, Facebook, Instagram, TikTok, YouTube)
• Content: posts, drafts, templates, AI-generated content, media files
• Usage data: feature interactions, page views, analytics (via PostHog/Google Analytics when consented)
• Device data: browser type, IP address, operating system
• Billing data: processed by Stripe (we do not store full payment details)

3. How We Use Your Information

• Operating the platform (scheduling, publishing, analytics)
• AI features via OpenAI, Anthropic, and Google Gemini (legal basis: contract performance).
• Providing insights, recommendations, and performance analytics
• Account administration and team collaboration
• Communication about the service
• Improving the platform and developing new features

4. Legal Bases for Processing (GDPR)

For EU/EEA/UK data subjects, we process personal data under GDPR/UK GDPR lawful bases described below.

Where we rely on legitimate interests, we document balancing tests in our internal compliance records.

We do not currently rely on public-interest or vital-interest lawful bases for normal ScoutSocial service operations.

5. Data Sharing and Third Parties

We share data only as necessary with:

• Clerk: authentication and session management
• Stripe: payment processing
• OpenAI
• Anthropic
• Google (Gemini)
• LangSmith (LangChain): optional LLM observability — technical traces may include prompts and tool outputs from agent workflows (configured per deployment)
• Amazon Web Services: cloud infrastructure and hosting
• PostHog / Google Analytics: usage analytics (with consent)
• Social platforms (LinkedIn, X, Meta, TikTok, YouTube, etc.): publishing, listening, and analytics via their APIs — each provider's terms and developer policies also apply to your use of their services through ScoutSocial

We do not sell personal data to third parties.

6. Google API Services & YouTube Data

ScoutSocial connects to the YouTube Data API to let you publish videos, manage channel settings, and retrieve performance analytics. This section describes how we handle data received from Google APIs.

• Data we access: YouTube channel metadata, video upload status, video and channel analytics, and comment threads — only for accounts you explicitly connect.
• How we use it: to publish content you create in ScoutSocial, display performance metrics in your dashboard, and generate scheduling recommendations.
• How we store it: OAuth tokens are stored encrypted at rest in our database. Analytics data is cached to reduce API calls and retained per Section 8 (Data Retention). We do not store raw YouTube video files after upload completes.
• Sharing: we do not share your Google user data with third parties. Data is only transmitted between your browser, our servers, and Google's APIs.

ScoutSocial uses YouTube API Services. By using ScoutSocial's YouTube features you agree to be bound by the YouTube Terms of Service. ScoutSocial's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. You may revoke ScoutSocial's access to your Google account at any time via Google's security settings.

For information on how Google collects, uses, and protects your data, please refer to the Google Privacy Policy.

7. International Data Transfers

Data may be transferred to and processed in countries outside your jurisdiction. We use Standard Contractual Clauses (SCCs) where required.

8. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account closure
• Content and posts: retained while your organization is active
• Analytics data: aggregated data retained for up to 24 months
• Logs and audit trails: retained for 12 months
• AI processing data: not retained by AI providers beyond processing
• Third-party social APIs: when you connect networks (for example LinkedIn, X, Meta, TikTok), those providers impose their own maximum retention and use rules on categories of data obtained through their developer programs. Where a platform's rules require shorter storage or caching than the periods above, we apply the stricter platform-specific limit for that data (even if our default analytics retention would otherwise be longer).

9. Your Rights

Depending on your jurisdiction:

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data
• Portability: export your data (available in Settings > Privacy & Cookies)
• Restriction: limit how we process your data
• Objection: object to processing based on legitimate interest
• Withdraw consent: for analytics cookies and marketing

For CCPA (California): you have the right to know, delete, and opt-out. We do not sell personal information. We will not discriminate against you for exercising these rights.

10. Children's Privacy

ScoutSocial is a B2B platform not directed at children under 18. We do not knowingly collect data from minors.

11. Security

We implement:

• Encryption at rest and in transit
• Access controls and role-based permissions
• Regular security reviews
• Secure OAuth token storage
• Audit logging of system activity

12. Updates to This Policy

We may update this policy when features, integrations, or legal requirements change. We will update the date and notify you where appropriate.

13. Contact

If you have questions about this Privacy Policy or how we handle your data:

Email: info@scoutsocial.ai