Privacy Policy

How we protect and handle your data

Last Updated: April 22, 2026

Introduction

Publish Console ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-platform social media management service (the "Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using Publish Console, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

Information We Collect

1. Information You Provide Directly

  • Account Registration Data: When you create a Publish Console account, we collect your name, email address, and password (securely hashed).
  • OAuth Social Login: If you sign up via Google or Apple ID, we receive your email address and display name from those providers.
  • Profile Information: Any information you add to your Publish Console profile, including company name, website, and profile picture.
  • Content Data: Captions, hashtags, media files, and any other content you create or upload through our Service.

2. Social Media Platform Data

  • OAuth Tokens: When you authorize Publish Console to connect to your social media accounts (Facebook, Instagram, TikTok, LinkedIn, X/Twitter), we securely store your access tokens and refresh tokens. We do not store your social media passwords.
  • Profile Information: Your display name, profile picture, follower count, following count, and bio from each connected platform.
  • Account Metadata: Platform-specific account IDs and account handles (@username).
  • Comments Data: When comments are retrieved via platform APIs and webhooks, we temporarily store comment text and metadata for inbox management.
  • Analytics Data: Video/post views, likes, shares, and other engagement metrics retrieved from platform APIs.

3. Automatically Collected Information

  • Device Information: Device type, operating system, browser type, and unique device identifiers.
  • Usage Data: Pages visited, features used, time spent in the application, and actions performed.
  • IP Address & Location: Your IP address and approximate geographic location (inferred from IP).
  • Cookies & Tracking: Information collected through cookies, web beacons, and similar tracking technologies.

4. Communication Data

  • If you contact our support team, we collect and retain your support messages, attachments, and correspondence.

How We Use Your Information

We use the information we collect for the following purposes:

Core Service Delivery

  • Create and manage your Publish Console account
  • Enable OAuth authentication and maintain secure connections to your social media accounts
  • Publish, schedule, and manage your content across connected platforms
  • Retrieve comments, mentions, and analytics from your social media accounts
  • Display your content, metrics, and account information in your dashboard

Product Improvement

  • Analyze usage patterns to improve Service features and user experience
  • Troubleshoot technical issues and maintain system performance
  • Conduct research and analytics on how users interact with our Service

Communication

  • Send you service-related notifications (e.g., account updates, scheduled posts published)
  • Respond to your support requests
  • Send product updates and newsletters (with your consent)

Security & Compliance

  • Prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations and law enforcement requests
  • Enforce our Terms of Service and other agreements

Marketing (with Consent)

  • Send promotional emails and product announcements (only if you opt-in)
  • Conduct targeted marketing campaigns

Important: We do not use your social media content to train machine learning models. All AI-powered features (if any) process your data anonymously and separately from your personal identity.

Data Security

Encryption & Protection

  • Access Tokens & Refresh Tokens: All OAuth tokens from social platforms are encrypted using AES-256 before storage in our database.
  • Data in Transit: All communication between your device and our servers uses TLS 1.2+ encryption (HTTPS).
  • Password Security: User passwords are hashed using bcrypt with a strong salt, not stored in plain text.

Access Controls

  • Only authorized Publish Console employees with legitimate business need have access to encrypted user data.
  • We use role-based access control (RBAC) to limit data exposure.
  • All data access is logged and monitored for suspicious activity.

Limitations

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.

Social Media Platform Integration

OAuth Authorization

When you connect your social media accounts (Facebook, Instagram, TikTok, LinkedIn, X/Twitter) to Publish Console:

  • You are redirected to the official login page of each platform (never shared with Publish Console)
  • You approve specific permissions for Publish Console to perform actions on your account
  • Only access tokens and refresh tokens are returned to Publish Console—never your passwords
  • You can revoke these permissions at any time by disconnecting your account in Publish Console or through your social platform's settings

Data We Access

Depending on the platform and permissions you grant, we may access:

  • Your profile information (name, bio, profile picture, follower count)
  • Your published posts and videos
  • Comments on your content (and the ability to reply)
  • Engagement metrics (views, likes, shares)

What We Do NOT Access

  • Direct messages or private conversations
  • Content you haven't published (drafts remain on their platforms)
  • Other users' private data (we only access data on your own accounts)
  • Your social platform password

Platform-Specific Notes

TikTok: Due to TikTok's API limitations, we cannot access or manage direct messages. You must use the native TikTok app for messaging.

X (Twitter): API access may require approval from X's developer team.

Data Retention

Active Accounts

We retain your data for as long as your account is active and you use our Service.

Account Deletion

Upon your request to delete your account:

  • Your account, personal data, and stored content are permanently deleted from our systems within 30 days
  • Encrypted tokens are immediately destroyed and cannot be recovered
  • We retain anonymized usage analytics for aggregate reporting (these cannot be traced back to you)
  • We may retain data if required by law (e.g., tax obligations, legal disputes)

Backup & Recovery

Your data may exist in our automated backup systems for 90 days after deletion for disaster recovery purposes only. These backups are encrypted and inaccessible without full system restoration.

OAuth Token Expiration

Social media access tokens are automatically refreshed or expire per each platform's policy (typically 24 hours to 1 year depending on the platform). Expired tokens are securely deleted and not renewed without your active authorization.

Your Privacy Rights

Right to Access

You have the right to request a copy of all personal data we hold about you. Contact us at privacy@publishconsole.com, and we will provide your data within 30 days in a portable format.

Right to Correction

You can correct or update your personal information directly in your Publish Console account settings.

Right to Deletion

You can request deletion of your account and all associated data. We will comply within 30 days, except where data retention is required by law.

Right to Data Portability

You can request your data in a portable, machine-readable format (e.g., JSON, CSV) for transfer to another service.

Right to Opt-Out

  • You can unsubscribe from marketing emails at any time using the unsubscribe link in each email
  • You can opt-out of analytics tracking through your account settings (note: some tracking is necessary for core functionality)

GDPR & Regional Rights

If you are located in the European Union, UAE, Saudi Arabia, or other regions with data protection regulations, you have additional rights including the right to lodge a complaint with your regional data protection authority.

Cookies & Tracking

What Are Cookies?

Cookies are small text files stored on your device that help us remember your preferences and improve your user experience.

Types of Cookies We Use

  • Essential Cookies: Required for authentication, security, and core functionality
  • Performance Cookies: Help us analyze usage patterns and improve our Service
  • Preference Cookies: Remember your language and theme preferences
  • Marketing Cookies: Track campaign effectiveness (only if you consent)

Cookie Management

You can control cookies through your browser settings. Disabling essential cookies may impair core functionality of the Service.

Analytics Tools

We use analytics tools (e.g., Google Analytics) to understand usage patterns. These tools may collect anonymized data about your interactions with our Service. You can opt-out of analytics in your account settings.

Third-Party Services

Service Providers

We may share data with third-party service providers for:

  • Cloud Storage: Amazon AWS, Microsoft Azure (for encrypted data storage)
  • Payment Processing: Stripe, PayPal (for subscription payments)
  • Analytics: Google Analytics, Mixpanel (anonymized data only)
  • Email Services: SendGrid, Mailgun (for transactional emails)
  • Support Tools: Zendesk, Intercom (for customer support)

Social Media Platforms

When you authorize connections to Facebook, Instagram, TikTok, LinkedIn, or X, data flows directly between your account on those platforms and Publish Console. Those platforms have their own privacy policies that govern their use of your data.

Legal Obligations

We may disclose your data if required by law, court order, or government request. We will notify you of such requests unless legally prohibited.

Data Processing Agreements

All third-party service providers have signed Data Processing Agreements (DPAs) committing them to protect your data with the same standards we use.

International Data Transfers

Publish Console operates globally. Your data may be processed, stored, or transferred to servers in the United States, European Union, or other countries. By using our Service, you consent to international data transfers. We ensure adequate safeguards are in place, including:

  • Standard contractual clauses approved by applicable regulators
  • Data encryption during transit and at rest
  • Compliance with regional data protection laws (GDPR, PDPL, etc.)

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page with an updated "Last Updated" date
  • Sending you an email notification at your registered email address
  • Requesting explicit consent if the changes significantly increase our use or sharing of your data

Your continued use of the Service after changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:

Email: privacy@publishconsole.com

Support Portal: support.publishconsole.com

Mailing Address: Publish Console, Data Protection Office, Dubai, UAE

Response Time: We aim to respond to privacy inquiries within 5 business days.

If you are not satisfied with our response, you have the right to lodge a complaint with your regional data protection authority.