Privacy Policy

Account Information: When you register, we collect your name, email address, and avatar from your chosen authentication provider (Google OAuth, email/password).

Connected Social Accounts: When you connect Facebook, Instagram, LinkedIn, YouTube, or Threads accounts via OAuth 2.0, we store encrypted access tokens, refresh tokens, and basic profile metadata (name, username, profile picture, page ID, account handle) in our connected_accounts table. We never store your social network passwords.

Content You Create: Posts, captions, media files (images, videos), hashtags, and scheduling preferences you create are stored in our database and Supabase Storage to facilitate publishing.

Engagement Data: Incoming DMs and comments from Instagram and Facebook are stored in our inbox_messages table to power the unified engagement dashboard. This includes message content, sender name, sender avatar, and timestamps.

AI Usage Data: When you use AI features (content scanning, caption generation, keyword generation, prompt optimization, general AI chat), we log the feature type, timestamp, and workspace in workspace_ai_usage for quota tracking and billing.

Images uploaded to SocialSuite may be automatically scanned using Groq Vision (AI-powered computer vision) to detect potentially sensitive or harmful content.

Scan results determine a risk level (LOW_RISK, MEDIUM_RISK, HIGH_RISK). HIGH_RISK content is blocked outright. MEDIUM_RISK content requires manual review by a workspace reviewer before it can be published.

Videos are never AI-scanned. They are automatically set to MEDIUM_RISK and require manual human review. A liability disclaimer dialog is shown to reviewers before approval.

AI scan results, flags, and risk levels are stored in the media_library table for audit purposes.

To publish content you create to your connected social media accounts at the scheduled time you specify.

To display analytics and insights about your published content across platforms.

To power the unified engagement inbox where you can read and reply to DMs and comments from Instagram and Facebook.

To moderate uploaded media for compliance with our content policies via AI scanning and human review workflows.

To process payments and manage subscription plans (PRO, Enterprise) through our billing system.

To improve our services, diagnose technical issues, and ensure platform security.

All data is stored on Supabase (PostgreSQL database) and Supabase Storage (for media files), hosted on secure cloud infrastructure.

Access tokens are encrypted at rest. We use Row-Level Security (RLS) policies to ensure data isolation between workspaces.

Service role API keys are used server-side only for privileged operations (e.g., AI usage logging, cron jobs). They are never exposed to the client.

We enforce HTTPS for all data in transit. OAuth callbacks use state parameters to prevent CSRF attacks.

Media files larger than 4MB are uploaded directly from your browser to Supabase Storage, bypassing our server to avoid request size limits.

Subscription payments are processed through third-party payment providers. We do not store full credit card numbers on our servers.

Payment history records (amount, date, plan, status) are stored in our payment_history table for billing reference.

Free plan users are limited to 3 connected social accounts. PRO plan upgrades are required for additional accounts.

We share data only with the social platforms you explicitly connect (Meta/Instagram, Facebook, LinkedIn, Google/YouTube, Threads) for the purpose of publishing content and reading engagement.

We do not sell your personal data to third parties. We do not use your data for advertising or training external AI models.

We may share anonymized, aggregated data for platform analytics and service improvement.

We will disclose data if required by law or valid legal process.

We use essential cookies for authentication session management and CSRF protection.

We may use analytics cookies to understand platform usage patterns. You can control cookie preferences through your browser settings.

We do not use tracking cookies for advertising or cross-site tracking purposes.

Your data is retained for as long as your account is active. You may disconnect individual social accounts at any time, which revokes our access tokens.

When you delete your account, all associated data is permanently removed: access tokens, posts, media files (from storage and database), AI usage logs, engagement messages, and workspace configuration.

REJECTED media files in the review queue are permanently deleted from both Supabase Storage and the database upon rejection.

AI usage logs beyond the 5 most recent entries per workspace are automatically pruned.

Backup snapshots may retain data temporarily but are automatically purged within 30 days.

You have the right to access, correct, or delete your personal data at any time through your account settings.

You have the right to data portability — you can export your content and analytics data.

You have the right to withdraw consent for OAuth-connected accounts by disconnecting them in your dashboard.

To exercise any of these rights, contact our Data Protection Officer at info@vooho.in.

We will respond to all legitimate requests within 30 days.

Data Protection Officer: info@vooho.in

Support: support@vooho.in

Mailing Address: SocialSuite, Hyderabad, Telangana, India 500036

For urgent privacy concerns, we aim to respond within 48 hours.