KontentReach Privacy Policy

Last updated: April 4, 2026

1. Introduction

KontentReach ("we", "our", "us"), operated by SOCLOSE PTE. LTD. (Singapore), provides a social media content management and automated publishing platform at kr.soclose.co. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

2. Information We Collect

Account Information: Username and hashed password for authentication.
OAuth Tokens: When you connect social media accounts (Facebook, YouTube, Instagram, TikTok, Twitter/X, LinkedIn, Telegram), we store OAuth access tokens and refresh tokens to publish content on your behalf.
Social Media Profile Data: Profile names, profile pictures, follower/subscriber counts from connected platforms, cached locally for display.
Content Metadata: File names, descriptions, hashtags, and scheduling information for content you publish through our platform.
Usage Data: Publication history, pipeline status, and analytics data related to your content distribution.

3. How We Use Your Information

To authenticate your identity and provide access to the platform.
To publish content to your connected social media accounts on your behalf.
To display analytics and performance data from your social media accounts.
To generate AI-powered content descriptions and hashtags for your publications.
To send notifications about publication status via Telegram (if configured).

4. Data Storage & Security

All data is stored on our self-hosted private VPS infrastructure. No third-party cloud databases.
OAuth access tokens are stored encrypted on the server with file permissions restricted to 0o600.
TLS 1.2+ is enforced on all endpoints. All connections use HTTPS encryption.
No tokens are logged, exposed client-side, or transmitted to any third party.
JWT tokens are used for session management with automatic expiration.
Passwords are hashed using bcrypt before storage.

5. Meta / Facebook Platform Data

Permissions requested: pages_show_list, pages_manage_posts, pages_read_engagement, pages_read_user_content, pages_manage_metadata, pages_manage_engagement, read_insights, business_management, public_profile

Data Accessed

Facebook Page information (name, ID, category, status), posts, comments, engagement metrics, Page insights, and list of Pages administered by the authenticated user.

Data Usage

Scheduling and publishing content to Facebook Pages, reading engagement data and Page insights to display analytics in the KontentReach dashboard, managing comments on Page posts, subscribing to Page webhooks.

Data Sharing

No Meta Platform Data is sold, shared, or transmitted to any third party. Access tokens are only transmitted to Meta's own OAuth and API endpoints.

Data Storage

Access tokens stored encrypted on private VPS. File permissions 0o600. TLS 1.2+ enforced on all endpoints. No tokens logged or exposed client-side.

Data Retention

Tokens retained while account is connected. Deleted within 7 days upon request. Users can disconnect in-app at any time. Compliant with Meta Platform Terms and Limited Use Policy.

6. Google / YouTube Data

Scopes: youtube.upload, youtube.readonly

Data Accessed

YouTube channel ID, channel name, channel statistics, OAuth access token and refresh token.

Data Usage

Uploading AI-generated videos to owned YouTube channels, displaying channel stats in the KontentReach dashboard.

Data Sharing

None. No Google user data is shared with any third party.

Storage & Retention

Same as Section 4. Compliant with Google API Services User Data Policy.

7. TikTok Data

Scopes: user.info.basic, video.publish, video.upload

Data Accessed

TikTok user open ID, display name, avatar, OAuth tokens.

Data Usage

Publishing videos directly to TikTok profiles, uploading video drafts on behalf of authenticated users.

Data Sharing & Retention

None. Same storage and retention policies as Section 4.

8. Other Third-Party Services

Twitter/X: OAuth tokens for social media publishing. No data shared.
LinkedIn: OAuth tokens for professional content publishing. No data shared.
Telegram: Bot tokens for channel publishing and notifications. No data shared.
Dropbox / Google Drive: File source access for content retrieval. No data shared.
Anthropic / OpenAI: AI-powered content generation (text only -- no personal data, OAuth tokens, or user data is shared with AI providers).

9. Data Retention

We retain your data for as long as your account is active. OAuth tokens are automatically refreshed and old tokens are overwritten. Social media profile cache expires after 6 hours. You can disconnect any platform at any time, which removes the stored credentials for that connection. Upon account deletion request, all data is removed within 7 days.

10. Your Rights

Right to access, correct, and delete your personal data.
You can disconnect any connected social media account at any time from the platform settings.
You can request complete deletion of your account and all associated data.
You can revoke OAuth access from each platform's settings directly:
- Facebook: facebook.com/settings
- Google: myaccount.google.com/permissions
- TikTok: TikTok app settings
Deletion requests are processed within 7 days.

11. Contact

For any privacy-related questions or data deletion requests, please contact us at enzo.day@soclose.co.

Legal entity: SOCLOSE PTE. LTD. (Singapore)
Website: soclose.co