Privacy Policy

1. About This Policy

Media Console ("the Service", "we", "us") is an internal social media management tool used by authorized staff to schedule and publish content to connected social media accounts. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

• Account information — first name, last name, and email address of staff members added to the Service.
• Social media credentials — OAuth access tokens for connected Facebook, Instagram, and TikTok accounts. Tokens are encrypted at rest using AES-256.
• Uploaded media — images and video files uploaded through the Service for the purpose of social media publishing. Files are stored in AWS S3.
• Post and engagement data — metadata about published posts (captions, scheduled times, platform IDs) and publicly available engagement metrics (likes, comments, views) fetched from social platforms.
• Usage logs — server-side request logs for debugging and operational purposes. Logs do not include passwords or full token values.

3. How We Use Your Data

• To authenticate staff members and enforce role-based access control.
• To publish scheduled posts to connected social media accounts on your behalf.
• To display engagement analytics for published content.
• To perform AI-assisted content analysis (caption generation, video review) via the OpenAI API. Media files are sent to OpenAI solely for this purpose and are not used to train models.
• To maintain the security and stability of the Service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

The Service integrates with the following third-party providers. Their privacy policies govern how they handle data:

• Meta (Facebook & Instagram) — Meta Privacy Policy
• TikTok — TikTok Privacy Policy
• OpenAI — OpenAI Privacy Policy
• Amazon Web Services (S3) — media file storage. AWS Privacy Notice
• Neon / Railway / Vercel — infrastructure providers for database, backend, and frontend hosting respectively.

5. Data Retention

Personal data and uploaded media are retained for as long as the user account is active. Upon account removal, associated personal data is deleted from our database. Media files stored in AWS S3 are removed as part of the account offboarding process. Engagement snapshots and post history may be retained in anonymized form for analytics.

6. Security

We take reasonable technical and organizational measures to protect your data, including encryption of OAuth tokens at rest, HTTPS in transit, and role-based access controls. No system is completely secure; if you discover a vulnerability, please contact us immediately.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us at the address below. We will respond within 30 days.

8. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page will reflect the date of the most recent revision. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or data requests, contact us at: s.litvin.work@gmail.com