← Back to home

Privacy Policy

Last updated: March 2026

1. Introduction

Author Automations Social ("we," "our," or "us") operates the social media scheduling platform available at authorautomations.social. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our web application, REST API, and Claude Code/Cowork plugin.

2. Information We Collect

We collect information you provide directly:

  • Account information: email address and authentication credentials when you create an account
  • Social media account tokens: OAuth access tokens for the social media platforms you connect (Instagram, TikTok, Facebook, LinkedIn, Twitter/X, YouTube, Pinterest, Threads, Bluesky, Snapchat, Google Business, Reddit, Telegram)
  • Content: posts, captions, images, videos, and scheduling data you create through our service
  • Payment information: billing details processed securely through Stripe (we do not store your full credit card number)
  • Third-party API keys: if you use AI features, you may provide API keys for OpenAI, Anthropic, Google Gemini, and/or FreePik. These keys are encrypted the moment you save them using strong industry-standard encryption, and are never exposed to other users or transmitted in plaintext
  • Content guides: prose style, brand voice, copywriting, and social media strategy guides you create to inform AI-generated content
  • Campaign data: campaign objectives, content plans, and generated media associated with AI campaign features
  • Support requests: information you provide when contacting our support team

We automatically collect certain information:

  • Usage data: features used, scheduling patterns, and interaction data
  • Device information: browser type, operating system, and device identifiers
  • Log data: IP address, access times, and pages viewed

3. How We Use Your Information

  • To provide, maintain, and improve our social media scheduling service
  • To publish and schedule content to your connected social media accounts
  • To generate AI-powered content (captions, images, videos, and music) using the third-party AI services you have configured
  • To process payments and manage your subscription
  • To send service-related communications (account verification, billing, support ticket updates)
  • To detect and prevent fraud, abuse, and security issues
  • To comply with legal obligations

4. Third-Party AI Services

When you enable AI features and provide your own API keys, we use those keys to call the following third-party services on your behalf:

  • OpenAI, Anthropic, or Google Gemini: to generate social media captions and campaign content plans. Your campaign objective, content guides, and platform preferences are sent to the AI provider you select. We do not send your personal information or account credentials to these services.
  • FreePik: to generate AI images, videos, and music for your social media posts. Image prompts and style preferences are sent to FreePik. Generated media is stored temporarily on FreePik's CDN.

Your API keys for these services are encrypted the moment you save them, using strong industry-standard encryption. They are decrypted only at the moment of use on our server and are never logged, cached, or exposed to other users. You may revoke your keys at any time by removing them from your settings.

Each third-party service has its own privacy policy and data handling practices. We encourage you to review their policies. We are not responsible for how these services process the data sent to them on your behalf.

5. API Access and Integrations

We provide a REST API and a Claude Code/Cowork plugin that allow you to access your account programmatically. When you generate an API key:

  • Your API key is hashed before storage. We do not store the plaintext key after initial generation — once you leave the page, it cannot be retrieved, only regenerated.
  • API access is scoped to your account only. You cannot access other users' data, accounts, or content through the API.
  • API requests are rate-limited to 100 requests per hour per key.
  • The Claude Code/Cowork plugin stores your API key locally on your device. It is not transmitted to Anthropic or any party other than our API server.

6. Data Sharing

We do not sell your personal information. We share data only with:

  • Social media platforms: to publish your content as directed by you
  • AI service providers: to generate content using your API keys, as described in Section 4
  • Payment processors: Stripe, for subscription billing
  • Service providers: US-based hosting, database, and email providers who assist in operating our service under standard data-processing agreements
  • Legal authorities: when required by law or to protect our rights

7. Data Security

We implement industry-standard security measures to protect your data:

  • All authentication with social media platforms is handled through OAuth — we never store your social media passwords
  • Data is encrypted in transit using TLS
  • Third-party API keys are encrypted the moment you save them using strong industry-standard encryption
  • Your account API key is hashed before storage and compared in constant time so an attacker cannot probe for matches
  • Every account is walled off at the database level — you can only access your own data
  • Your social accounts, posts, and campaigns are never visible to other users

8. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. This includes:

  • Social media access tokens are revoked upon account disconnection
  • Encrypted API keys are deleted when removed from settings or upon account deletion
  • Campaign data and generated media URLs are deleted with your account
  • Content guides are deleted with your account

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Disconnect any social media account at any time
  • Revoke your API key at any time
  • Remove your third-party AI keys at any time

10. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our service.

12. Contact Us

If you have questions about this Privacy Policy, contact us at [email protected].