Draft

This document is a starter template. Lawyer review required before SocialRouter accepts payments or launches publicly. Generated for engineering placeholder; not yet legal advice or a binding agreement.

Privacy Policy

Last updated: April 25, 2026

This Privacy Policy explains how SocialRouter Inc. ("we", "us") collects, uses, and shares information when you use SocialRouter (the "Service").

Information we collect

Account information

When you sign up, we collect: email address, name (if provided via OAuth), and OAuth provider identifier (GitHub or Google). We do not store your OAuth password.

Payment information

Credit card details are processed by Stripe and never touch our servers. We store: Stripe customer ID, payment status, transaction amount, and timestamps.

Usage data

We log every API request you make: endpoint, platform, status code, latency, and cost. We do not store request bodies, response bodies, or the content you send through the API. Usage logs are retained for 30 days for billing and abuse prevention, then deleted.

Analytics

We use Plausible Analytics, a privacy-friendly analytics provider that does not use cookies and does not collect personal information. We do not use Google Analytics, Facebook Pixel, or any other PII-collecting analytics.

How we use information

  • To provide, maintain, and improve the Service
  • To process payments and send transaction receipts
  • To detect and prevent abuse, fraud, or illegal activity
  • To respond to your support requests
  • To send essential service notifications (security updates, downtime, billing). We do not send marketing emails without explicit opt-in.

Sharing

We share information only with the following:

  • Stripe — for payment processing
  • Supabase — for database and authentication infrastructure
  • Vercel — for hosting
  • Plausible Analytics — for aggregate, anonymous traffic stats
  • Platforms — when you use our API, request metadata may be visible to the underlying platform (e.g., Reddit) as part of normal API operation
  • Law enforcement — only in response to valid legal process

Your rights (GDPR / CCPA)

If you are in the EU, EEA, UK, or California, you have the right to: access your data, request correction, request deletion, request portability, and object to processing. To exercise these rights, email privacy@socialrouter.ai.

Data retention

  • Account data: retained while your account is active. Deleted within 30 days of account closure.
  • Usage logs: 30 days, then deleted.
  • Payment records: 7 years (legal/tax requirement).
  • Waitlist emails: retained until you ask us to delete.

Security

See our Security page for technical details on how we protect your data.

International transfers

Our infrastructure is hosted in the United States. By using the Service, you consent to your data being transferred to and processed in the U.S.

Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us immediately.

Changes

We may update this Policy periodically. Material changes will be announced via email and the changelog.

Contact

Questions or requests? Email privacy@socialrouter.ai.