Xocial Privacy Policy

1. Information We Collect

The information we collect depends on how you interact with Xocial and the permissions you grant. We limit data collection to what is needed to deliver our services.

• Account Information: Name, email address, password (hashed), workspace and team details created during sign-up or provided via OAuth providers such as Google.
• Connected Social Accounts: When you authorize Facebook or Instagram via Meta, we receive access tokens and the associated Page or Business Account IDs, Page names, profile pictures, and permissions you grant. We do not store personal login credentials.
• Content & Scheduling Data: Posts, captions, media files, drafts, scheduled times, comments, and brand assets you upload to Xocial.
• Engagement & Analytics Data: Metrics and insights (impressions, reach, reactions, comments, mentions, and other performance statistics) retrieved from authorized social platforms for your connected accounts.
• Usage Data: Log data, device/browser characteristics, IP address, and feature usage necessary for security, debugging, and service improvement.
• Support Communications: Information you provide when contacting us for assistance or feedback.

2. How We Use Information

We process personal information only for legitimate business purposes, including:

• Authenticating users and securing accounts.
• Connecting and managing social media Pages/Accounts you authorize.
• Scheduling, publishing, and monitoring social media content on your behalf according to the permissions you have granted.
• Providing engagement insights, analytics dashboards, and reports.
• Facilitating collaboration within your workspace (e.g., team roles, approvals, shared assets).
• Offering AI-assisted captions, recommendations, and content ideas.
• Sending service-related communications, security alerts, and support messages.
• Improving and personalizing the platform experience.
• Complying with legal, regulatory, or enforcement obligations.

3. Legal Bases for Processing

We rely on one or more of the following legal grounds when processing personal information:

• Your consent, which you may withdraw at any time.
• Performance of a contract, such as delivering the Xocial services to you and your organization.
• Legitimate interests, including securing our platform, preventing misuse, and improving core functionality.
• Compliance with applicable laws and platform policies.

4. How We Share Information

We do not sell personal information. We may share data with:

• Authorized Team Members: Workspace collaborators can access shared content, analytics, and connected account data as controlled by workspace roles.
• Service Providers: Third-party vendors that help us operate Xocial, such as Supabase (database and authentication), Vercel (hosting and AI Gateway), and AI model providers accessed through Vercel AI Gateway (AI-assisted content generation). These providers are contractually obligated to handle data securely and only for the purpose of delivering the contracted service.
• Integrated Platforms: Social networks you connect (Meta/Facebook, Instagram) receive the content you publish and may return analytics data per their APIs and your permissions.
• Legal Disclosures: We may disclose information if required to comply with applicable law, regulation, legal process, or enforceable governmental request.

5. Data Retention & Deletion

We retain information for as long as your account is active or as needed to deliver services, comply with legal obligations, resolve disputes, and enforce agreements. Access tokens are stored securely and rotated according to Meta’s requirements. You may request deletion of your account or specific content at any time by contactingsupport@xocial.world. Disconnecting a social account inside Xocial or revoking permissions directly atFacebook’s Business Integrationswill remove our ability to access future data from that account.

6. Data Security

We implement industry-standard safeguards to protect personal information, including encryption in transit, secure credential storage, access controls, monitoring, and regular security reviews. Despite these efforts, no online service can guarantee perfect security, so please use strong passwords and enable additional safeguards where available.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the right to access, correct, update, export, or delete your personal information, as well as object to or restrict certain processing. You may exercise these rights by contacting us atprivacy@xocial.world. We will respond within the timeframe required by applicable law. You can also manage many permissions directly:

• Disconnect social profiles within Xocial’s account settings.
• Remove Xocial’s access from Meta atfacebook.com/settings?tab=business_tools.
• Adjust email notification preferences inside your workspace.

8. Children’s Privacy

Xocial is intended for businesses and professionals. We do not knowingly collect or solicit personal data from anyone under the age of 13 (or the minimum age required in your jurisdiction). If you believe a minor has provided us with personal information, please contact us and we will take appropriate action to remove the data.

9. International Data Transfers

Xocial operates globally. Your information may be stored and processed in the United States or other countries where our service providers are located. We rely on appropriate safeguards, such as Standard Contractual Clauses, when transferring personal data across borders.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, and analyze platform usage. You can control cookies through your browser settings; however, disabling cookies may affect certain features. We do not use third-party advertising cookies within the Xocial app.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by email or through in-app notices, and the updated policy will be posted athttps://www.xocial.world/privacywith a revised effective date.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us at: