Privacy Policy

Effective Date: April 1, 2026

Last Updated: April 1, 2026

Social Butterfly is a product of Kash India (Proprietorship), operating the website www.thesocialbutterfly.ai and the Social Butterfly application (collectively, the "Service"). In this Privacy Policy, "we," "us," or "our" refers to Kash India, doing business as Social Butterfly. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Service.

Social Butterfly is a social media management platform that enables users to schedule and publish content to multiple social media platforms, including YouTube, Facebook, Instagram, and LinkedIn, from a single unified dashboard. Our Service also provides AI-powered caption generation, smart hashtag suggestions, and basic analytics.

By accessing or using our Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you create a Social Butterfly account, we collect your name, email address, phone number, and any optional information you provide (such as your use case description).

1.2 Social Media Account Data (via OAuth)

When you connect your social media accounts to Social Butterfly, we request access to specific data through each platform's official OAuth 2.0 authorization process. You must explicitly grant consent before we access any data. The specific data we access varies by platform:

Google / YouTube:

We request the following OAuth scopes:

• https://www.googleapis.com/auth/youtube.upload — To upload and publish videos to your YouTube channel on your behalf at your scheduled time.
• https://www.googleapis.com/auth/youtube.readonly — To retrieve your channel name, channel ID, and profile picture so you can identify your connected account within our dashboard.

These are the only YouTube API scopes we request. We do not request or access your YouTube watch history, subscriptions, playlists, comments, liked videos, or any data beyond what is listed above.

Meta (Facebook and Instagram):

We request the following permissions:

• public_profile — Used to identify your account and personalize your dashboard experience with your name and profile picture.
• pages_show_list — To display a list of Facebook Pages you manage so you can select which Page(s) to connect.
• pages_manage_posts — To create, schedule, and publish posts on your connected Facebook Pages on your behalf.
• pages_read_engagement — To retrieve basic engagement metrics (such as "Like" counts) for posts published through our Service.
• instagram_business_basic — To retrieve your Instagram professional account profile information (username, profile picture) for display in our dashboard.
• instagram_business_content_publish — To publish posts, stories, and reels to your connected Instagram professional account on your behalf.

We do not request or access your private messages, friend lists, ad account data, or any data beyond what is listed above.

LinkedIn:

We use LinkedIn's OpenID Connect authentication and request the following scopes:

• openid — To authenticate your identity via LinkedIn's OpenID Connect flow.
• profile — To retrieve your name, profile picture, and LinkedIn profile identifier for display in our dashboard.
• w_member_social — To create and publish posts on your LinkedIn profile on your behalf.
• email — To Identify users uniquely and Manage authentication.

We do not request or access your LinkedIn connections, private messages, job applications, company page admin data, or any data beyond what is listed above.

Note: We are actively developing support for LinkedIn Company Page posting. If and when this feature becomes available, we will update this policy to include the additional scope (w_organization_social) and notify you before requesting any new permissions.

1.3 Content You Provide

When you use our Service to compose and schedule posts, we temporarily process the text, images, and videos you upload. This content is stored only as long as necessary to complete the publishing task you have initiated (see Section 4 for retention details).

1.4 Usage and Analytics Data

We collect standard usage data to improve our Service, including pages visited within our application, features used, scheduling activity, error logs, browser type and version, device type, operating system, and IP address. This data is collected through Google Analytics (measurement ID: G-DVQ5KFNBFP).

1.5 Cookies and Tracking Technologies

Our Service uses the following cookies and tracking technologies:

• Essential Cookies: Required for authentication, session management, and core Service functionality. These cannot be disabled.
• Google Analytics: We use Google Analytics to collect anonymized usage statistics such as page views, session duration, and feature engagement. Google Analytics may set cookies (e.g., _ga, _gid) on your device. You can learn more about how Google uses data at https://policies.google.com/technologies/partner-sites.
• Meta Pixel: We use the Meta Pixel (ID: 1866056223577326) on our marketing website to measure the effectiveness of our advertising campaigns on Facebook and Instagram. The Meta Pixel may collect data such as page views and button clicks on our website. You can learn more about the Meta Pixel and opt out at https://www.facebook.com/privacy/policies/cookies.

You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of our Service.

2. How We Use Your Information

We use the information we collect strictly to provide and improve the core functionality of Social Butterfly. Specifically:

• Publishing and Scheduling: To upload, schedule, and publish your content to your connected YouTube, Facebook, Instagram, and LinkedIn accounts at your request.
• Dashboard Display: To show you which social media accounts are connected and to display your profile names and pictures for easy identification.
• Analytics: To display basic engagement metrics (likes, views) for content you have published through our Service.
• AI Features: To generate suggested captions and hashtags based on your content and industry. AI caption generation is powered by Google Gemini and is processed in real time. When you use the AI caption feature, the text and context of your post may be sent to Google's Gemini API for processing. Google's use of this data is governed by the Google API Terms of Service and Google Privacy Policy. We do not store your content for AI model training purposes, and we do not send your images, videos, or OAuth credentials to the Gemini API.
• Service Improvement: To analyze aggregated, anonymized usage patterns to improve features, fix bugs, and enhance performance.
• Customer Support: To respond to your inquiries and resolve issues.
• Security: To detect and prevent fraud, abuse, and unauthorized access.

We do not use your data from Google, Meta, or LinkedIn APIs for any purpose other than providing and improving the user-facing features described above.

3. Google API Services User Data Policy Compliance

Social Butterfly's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In compliance with the Limited Use requirements, we confirm that Social Butterfly:

1. Only uses Google user data to provide or improve user-facing features that are prominent in our application's user interface, specifically the scheduling, publishing, and analytics features described in this policy.
2. Does not transfer Google user data to third parties unless (a) it is necessary to provide or improve user-facing features and only with the user's explicit consent, (b) it is necessary for security purposes (such as investigating abuse), or (c) it is required to comply with applicable law.
3. Does not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
4. Does not allow humans to read Google user data unless (a) you have given your affirmative agreement for specific data, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized and used for internal operations in accordance with applicable privacy and data protection law.

4. Data Storage and Retention

4.1 What We Store

• OAuth Access Tokens and Refresh Tokens: Stored in encrypted databases using AES-256 encryption at rest. These tokens are used solely to perform the publishing and data retrieval actions you initiate through our Service.
• Account Metadata: Platform-specific identifiers such as your YouTube Channel ID, Facebook Page ID, Instagram account ID, and LinkedIn profile ID, along with associated display names and profile pictures.
• Post History: A log of posts published through our Service, including the text, platform, and timestamp. This is retained to provide you with a history of your scheduled and published content.
• Uploaded Content (temporary): Images and videos you upload for scheduling are stored only until the publishing task is confirmed as completed, after which they are automatically deleted from our servers. The only exception is the Post History log, which may retain the text content of published posts.

4.2 What We Do Not Store

• Your social media passwords (we never see or have access to these).
• Your YouTube watch history, subscriptions, or playlists.
• Your Facebook or Instagram private messages, friend lists, or ad account data.
• Your LinkedIn connections, messages, or job application data.
• Copies of your published images or videos after the publishing task is completed.

4.3 Retention Period

• OAuth tokens are retained for as long as your social media account remains connected to Social Butterfly.
• Account metadata is retained for as long as you have an active Social Butterfly account.
• Post history logs are retained for the duration of your account and are deleted within 30 days of account deletion.
• Uploaded media files are deleted within 24 hours of successful publishing.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers, and between our servers and third-party APIs (including Google, Meta, and LinkedIn), is protected using HTTPS with TLS 1.2 or higher.
• Encryption at Rest: Sensitive credentials, including OAuth access tokens and refresh tokens, are stored using AES-256 encryption at rest.
• Access Controls: We employ strict role-based access controls (RBAC) and require multi-factor authentication (MFA) for all internal system access.
• No Human Access to API Data: Our policy prohibits employees or contractors from manually viewing, accessing, or analyzing your Google, Meta, or LinkedIn user data unless it is strictly required for: (a) responding to a support request you have initiated and with your explicit permission, (b) security auditing or investigating suspected abuse, (c) critical debugging necessary to maintain the Service, or (d) compliance with applicable law or legal process.
• Infrastructure: Our Service is hosted on Amazon Web Services (AWS) in the Asia Pacific (Mumbai) region (ap-south-1), with regular security patches, automated monitoring, and intrusion detection. AWS maintains SOC 1, SOC 2, and ISO 27001 certifications for its infrastructure.

6. Data Sharing and Disclosure

We do not sell, rent, trade, or share your Google, Meta, or LinkedIn user data with any third party for advertising, profiling, marketing, or any purpose unrelated to providing the Social Butterfly Service.

We may share limited data only in the following circumstances:

• Service Providers: We use the following categories of third-party service providers that process data on our behalf under strict contractual obligations to maintain confidentiality and security. These providers do not have independent rights to use your data:
  • Cloud Infrastructure: Amazon Web Services (AWS) — for hosting, database, and storage services.
  • AI Processing: Google Gemini API — for AI-powered caption and hashtag generation (receives only post text context; does not receive your images, videos, or OAuth credentials).
  • Analytics: Google Analytics — for anonymized website usage statistics.
  • Advertising Measurement: Meta Pixel — for measuring ad campaign effectiveness on our marketing website.
• Legal Requirements: We may disclose your information if required to do so by applicable law, regulation, legal process, or governmental request.
• Safety and Security: We may disclose information if we believe in good faith that it is necessary to prevent fraud, protect the safety of any person, address security or technical issues, or protect our legal rights.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections described in this policy. We will notify you via email or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.

Under no circumstances will Google, Meta, or LinkedIn user data be transferred to or used by any third party for advertising, retargeting, data brokering, or any purpose not directly related to providing the Social Butterfly Service.

7. Your Rights and Data Deletion

7.1 Your Rights

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may request correction of inaccurate or incomplete personal data.
• Deletion: You may request deletion of your personal data at any time (see Section 7.2).
• Revoke Access: You may disconnect any social media account from Social Butterfly at any time through our dashboard under "Linked Accounts," or directly through your Google, Meta, or LinkedIn security settings.
• Data Portability: You may request your data in a structured, machine-readable format.
• Withdraw Consent: You may withdraw your consent to data processing at any time by disconnecting your accounts or deleting your Social Butterfly account.
• Object: You may object to certain processing of your data, including processing for direct marketing purposes.

7.2 Disconnecting an Account

When you disconnect a social media account from Social Butterfly:

• The associated OAuth access tokens and refresh tokens are immediately and permanently deleted from our active databases.
• Account metadata (such as Page IDs and Channel IDs) associated with the disconnected account is deleted within 24 hours.
• Post history logs associated with the disconnected account are retained unless you separately request their deletion.

7.3 Deleting Your Social Butterfly Account

When you delete your Social Butterfly account:

• All OAuth tokens for all connected accounts are immediately revoked and deleted.
• All account metadata and personal information is deleted within 30 days.
• All post history logs are deleted within 30 days.
• Anonymized, aggregated analytics data that cannot be used to identify you may be retained for service improvement purposes.

7.4 Data Deletion Requests

You may request deletion of your data at any time through the following methods:

• In-app: Navigate to Settings and use the "Delete Account" or "Disconnect Account" functionality.
• Email: Send a request to help@thesocialbutterfly.ai with the subject line "Data Deletion Request." We will confirm receipt within 48 hours and complete the deletion within 30 days.
• Meta Data Deletion: If you connected your Facebook or Instagram account, you can initiate a data deletion request directly through Facebook. When you do, Facebook sends a signed data deletion request to our callback endpoint. We process this request by deleting all data associated with your Facebook/Instagram account and provide you with a confirmation code and a status tracking URL.

For all data deletion requests, we will confirm the deletion and provide a confirmation reference. If you wish to verify the status of your deletion request, you may contact us at help@thesocialbutterfly.ai with your confirmation reference.

8. Meta Platform Compliance

Social Butterfly complies with the Meta Platform Terms and Meta Developer Policies. Specifically:

• We only access Facebook and Instagram data that is necessary to provide the scheduling, publishing, and analytics features of our Service.
• We provide a functional Data Deletion Request callback and honor all user data deletion requests promptly.
• We do not use Facebook or Instagram data to build or augment user profiles for advertising or to sell data to third parties.
• We do not cache, store, or use Meta user data beyond what is necessary to provide the Service, and we comply with all applicable data retention requirements.

9. LinkedIn Platform Compliance

Social Butterfly complies with the LinkedIn API Terms of Use and LinkedIn Developer Program requirements. Specifically:

• We only access LinkedIn data that is necessary to provide the posting and scheduling features of our Service.
• We do not scrape, crawl, or collect LinkedIn data through any means other than the official LinkedIn API.
• We do not store LinkedIn data longer than necessary to provide the Service.
• We do not use LinkedIn data for advertising, profiling, or any purpose outside the scope of our Service.
• We honor all user requests for data deletion and provide clear mechanisms for revoking access.

10. Children's Privacy

Social Butterfly is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 (or the applicable age of digital consent in your jurisdiction). If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at help@thesocialbutterfly.ai. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information promptly.

11. International Data Transfers

Social Butterfly is operated by Kash India from Ahmedabad, India. Our primary data infrastructure is hosted on Amazon Web Services (AWS) in the Asia Pacific (Mumbai) region (ap-south-1), meaning your data is stored and processed in India.

Certain third-party services we use (such as Google Gemini for AI processing and Google Analytics) may process data in other jurisdictions. If you access our Service from outside India, please be aware that your data may be transferred to India for processing.

We take appropriate safeguards to ensure that your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed. Where required by applicable law (such as transfers from the European Economic Area), we implement appropriate legal mechanisms such as standard contractual clauses to ensure adequate data protection.

12. Compliance with Data Protection Laws

12.1 General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal basis for processing your personal data is your explicit consent (provided when you connect your social media accounts) and our legitimate interest in providing and improving the Service.

To exercise your GDPR rights, please contact us at help@thesocialbutterfly.ai. We will respond to your request within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.

12.2 California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to know what personal information is collected about you, the right to delete your personal information, the right to opt out of the sale of your personal information, and the right to non-discrimination for exercising your privacy rights.

We do not sell your personal information. To exercise your CCPA rights, please contact us at help@thesocialbutterfly.ai.

12.3 Digital Personal Data Protection Act, 2023 (India)

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), and the Digital Personal Data Protection Rules, 2025, as applicable to the collection and processing of personal data in India. In accordance with the DPDP Act:

• We process your personal data only with your explicit consent, provided when you create an account and connect your social media accounts.
• We collect and process only the personal data that is necessary to provide the Service (data minimization).
• We provide you with clear mechanisms to withdraw consent, request data deletion, and exercise your rights as a Data Principal.
• We maintain reasonable security safeguards to protect your personal data from unauthorized access, use, or disclosure.
• We have designated a Grievance Officer to address your concerns (see Section 16).

We also comply with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to the extent they remain applicable.

13. Third-Party Links and Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third-party services. We encourage you to read the privacy policies of any third-party service you interact with. Key third-party policies relevant to our Service include:

• Google Privacy Policy
• Google API Services User Data Policy
• YouTube Terms of Service
• Meta Privacy Policy
• Meta Platform Terms
• LinkedIn Privacy Policy
• LinkedIn API Terms of Use

14. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to interpret DNT signals, our Service does not currently respond to DNT signals. However, you may opt out of tracking technologies as described in Section 1.5 (Cookies and Tracking Technologies).

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Service, or applicable law. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy.
• Notify you via email (if you have an account) or through a prominent notice on our website or within our application at least 7 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please contact us at:

Kash India (doing business as Social Butterfly)
Email: help@thesocialbutterfly.ai
Phone: +91 96629 18458
Address: 610, Venus Atlantis Corporate Park, 100 Feet Road, near Shell Petrol Pump, Prahlad Nagar, Ahmedabad, Gujarat 380015, India

Grievance Officer (India — DPDP Act, 2023)

In accordance with the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, we have appointed the following Grievance Officer to address your concerns:

Name: Prakhar Dubey
Email: prakhar.d@hashtechy.com

If you have any grievances relating to the processing of your personal data, you may contact the Grievance Officer. We will acknowledge your grievance within 48 hours and endeavor to resolve it within 30 days.

We will respond to all privacy-related inquiries within 48 hours.