Privacy Policy

Last updated: 9 June 2026

1. Introduction

Fast Social Media Manager ("the Service", "we", "us", "our") is operated by Fast Social LLC, a limited liability company organised under the laws of the State of New Mexico, United States. We are committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, how long we retain it, and what rights you have regarding your data. It applies to all users of the Service, whether accessed via web browser or API.

2. Data Controller

The entity responsible for your personal data is:

If you are located in the European Economic Area (EEA) or United Kingdom and have questions about our data practices under GDPR or UK GDPR, please contact us at the email address above.

3. Information We Collect

We collect and process the following categories of personal data:

Data Category	Examples	Source
Account credentials	Username, hashed password, email address	Provided by you at sign-up
Social media profile data	Username, display name, profile picture URL, account/user ID	Provided by TikTok, Instagram, YouTube, Facebook, or LinkedIn during OAuth authorisation
Authentication tokens	OAuth access tokens, refresh tokens	Issued by each platform's API after you grant permission
User-created content	Video files, captions, descriptions, hashtags, scheduling preferences	Provided directly by you through the Service
Post metadata	Posting timestamps, platform destinations, publish status, engagement metrics	Generated by the Service during normal operation
Comments	Text of comments on your posts, commenter usernames	Retrieved from connected platforms via their APIs
Media files	Videos and images uploaded via Google Drive	Your Google Drive folder, accessed with your permission
Billing data	Subscription tier, billing period, transaction IDs	Generated during checkout; payment card data is held by Stripe, not by us
Usage data	API call counts, AI generation counts, storage usage	Generated by the Service during normal operation
Referral & affiliate data	Your referral code, which account referred you, referral/affiliate status, accrued and paid commission, payout status	Generated by the Service when you sign up via a referral link or participate in the affiliate programme
Beta feedback	Feedback text you submit, category, automated quality score and rationale, and any trial extension granted	Provided directly by you through the beta-tester feedback page

We do not collect government-issued identification, health data, or any special categories of sensitive personal data as defined under GDPR Article 9.

4. How We Use Your Information

We use your personal data exclusively to provide and improve the Service. Specifically:

• Content publishing: To upload, schedule, and publish your content to connected social media platforms on your behalf.
• AI-assisted content generation: To generate suggested captions, descriptions, and hashtags using the Anthropic Claude API. Your video metadata (filename, duration, detected content) is sent to Claude for this purpose; video files themselves are not sent to Claude.
• Comment management: To retrieve comments from your connected accounts and display them for your review and response.
• Background music: To add royalty-free audio tracks to your videos before publishing.
• Billing and subscription management: To process payments, manage your subscription tier, and enforce fair-use limits.
• Referral and affiliate programmes: To attribute referred sign-ups, calculate referral credit or affiliate commission, and process payouts.
• Beta feedback: To review your feedback (including automated quality scoring via the Anthropic Claude API), improve the Service, and apply any trial extension you earn.
• Service communications: To send transactional and lifecycle emails to the address on your account - for example trial-ending notices and, if the beta programme ends, the beta-termination notices describing your free grace window and options to continue. These are service messages, not marketing, and stop once you act or close your account.
• Service operation and improvement: To maintain, monitor, and improve the Service's functionality and security.
• Legal compliance: To comply with applicable laws and regulations.

We do not sell, rent, trade, or share your personal data with any third party for marketing, advertising, or data-brokering purposes.

5. Legal Bases for Processing (EEA / UK Users)

If you are located in the EEA or UK, we rely on the following legal bases under GDPR / UK GDPR:

• Contract performance (Article 6(1)(b)): Processing necessary to deliver the Service you subscribed to (content publishing, account management, billing).
• Legitimate interests (Article 6(1)(f)): Service security, fraud prevention, abuse detection, and product improvement - where these interests are not overridden by your rights.
• Legal obligation (Article 6(1)(c)): Where processing is required to comply with applicable law.
• Consent (Article 6(1)(a)): Where you have given specific consent (e.g. optional communications). You may withdraw consent at any time without affecting prior processing.

6. TikTok Data Usage

When you connect your TikTok account via TikTok Login Kit, we request the following permissions (scopes):

• user.info.basic - to read your basic profile information (display name, avatar, open ID).
• video.upload - to upload video content to your TikTok account as a draft.
• video.publish - to directly publish video content to your TikTok profile.

We access only the data necessary to post content on your behalf. We do not access your TikTok browsing history, private messages, follower or following lists, liked videos, or any data beyond what is strictly required for content posting. Your TikTok access token is stored securely on our server and is used only to authenticate API requests on your behalf. You may revoke access at any time by disconnecting TikTok in Settings or by revoking the application in your TikTok account settings.

7. Instagram Data Usage

When you connect your Instagram account, we access your basic profile information and the ability to publish media to your account via the Instagram Login API. We do not access your direct messages, follower data, or story viewers. You may disconnect at any time via Settings.

8. YouTube Data Usage

When you authorise YouTube access, the Service uses the YouTube Data API v3 to upload videos to your channel. We request only the minimum permissions necessary for video uploading. Our use of YouTube API Services is subject to YouTube's Terms of Service and Google's Privacy Policy. You can revoke access via your Google security settings.

9. Facebook Data Usage

The Service can post content to Facebook profiles and Pages. Depending on account configuration, this may use the Facebook Graph API or authorised browser automation. We access only the permissions required to create posts and retrieve comments. We do not access your private messages, friend lists, or personal timeline data beyond posted content.

10. LinkedIn Data Usage

When you connect your LinkedIn account via the LinkedIn OAuth flow, we access the minimum permissions required to publish posts to your profile or company page. We do not access your private messages, connection list, or profile data beyond what is required for content publishing. You may revoke access at any time from your LinkedIn account's app permissions settings.

11. Cloudinary Data Usage

The Service uses Cloudinary as part of its backup publishing path for media file processing, transformation (resizing, format conversion), and delivery. When media is routed through this backup path - for example if the primary publishing path is temporarily unavailable - files may be transmitted to and stored on Cloudinary's servers for processing. Cloudinary processes your media in accordance with their privacy policy. Processed media is deleted from Cloudinary storage once it has been delivered to the target social media platform, subject to Cloudinary's own retention policies.

12. Google Drive Data Usage

If configured, the Service monitors a specific Google Drive folder for new media files. We access only the designated folder and its contents. We do not access other files in your Drive, your email, or any other Google services.

13. AI Processing (Anthropic Claude)

The Service uses Anthropic's Claude API to generate content suggestions. When generating captions and descriptions, we send metadata about your content (such as filename, duration, and context) to the Claude API. Anthropic processes this data in accordance with their privacy policy. We do not send your video or image files to Anthropic. AI-generated suggestions are always presented for your review before publishing.

14. Payment Processing (Stripe)

Subscription payments are processed by Stripe. When you subscribe, you provide payment information directly to Stripe; we do not receive or store your full card number, CVV, or bank account details. We receive only a payment token, subscription status, and transaction metadata. Stripe's use of your data is governed by Stripe's Privacy Policy.

15. Publishing Infrastructure (Zernio)

We use Zernio (operated by ARBICHAT, S.L., a company incorporated in Spain) as our social media publishing backend. When you connect a social account or publish content through the Service, the following is processed by Zernio acting as our sub-processor on our behalf:

• Account connection: the OAuth authorisation to your social accounts is brokered by Zernio, and the resulting platform access tokens (TikTok, Instagram, Facebook, LinkedIn, YouTube, and other supported platforms) are held by Zernio so it can publish on your behalf.
• Media: images and videos you publish are uploaded to and temporarily hosted on Zernio's cloud storage (Google Cloud Storage) for delivery to the destination platform.
• Post data: captions, descriptions, hashtags, and scheduling details are transmitted to Zernio to create your posts.

Zernio acts as our data processor. Its Data Processing Addendum (DPA) governs Zernio's role as our processor, its security obligations, sub-processor controls, breach notification, and support for your data-subject rights. Zernio maintains SOC 2 Type 2 and GDPR compliance; its security and privacy programme - including its Privacy & Data-Subject Rights, Incident Response & Breach Notification, Data Retention & Destruction, and Backup, Business Continuity & Disaster Recovery policies - is published at its trust centre, trust.zernio.com. Media held on Zernio's storage is retained only as long as needed to deliver your post and is then deleted in line with Zernio's data retention and destruction policy.

16. Data Storage and Security

Your data is stored on a secured server with the following protections:

• HTTPS encryption for all data in transit (TLS 1.2+), enforced via Cloudflare.
• Session-based authentication with secure, HttpOnly cookies.
• OAuth tokens stored in files with restricted filesystem permissions on the server.
• The server is maintained with regular security updates.

While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

17. International Data Transfers

Fast Social LLC is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States. Additionally, your data may be transferred to and processed in other countries when interacting with third-party APIs (e.g. TikTok, Google, Meta, LinkedIn, Cloudinary, Anthropic, Stripe, Zernio).

For users in the EEA or UK: transfers of your personal data to the United States and other third countries are made on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission, or other lawful transfer mechanisms. By using the Service, you acknowledge that your data will be processed in the United States, which may have different data protection standards than those in your home country.

18. Data Retention

We retain your data as follows:

• Account credentials: Retained while your account is active. Deleted upon verified account deletion request.
• OAuth tokens: Retained while your account is connected. Deleted immediately upon disconnection.
• Post content and metadata: Retained while your account is active or until you request deletion.
• Media files: Temporarily stored during processing. Original files remain in your Google Drive.
• Billing records: Retained for 7 years as required by US tax and financial regulations.
• Application logs: Retained for up to 30 days for debugging and operational purposes, then automatically rotated.

19. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access - request a copy of the personal data we hold about you.
• Rectification - request correction of inaccurate or incomplete data.
• Erasure - request deletion of your personal data ("right to be forgotten").
• Restrict processing - request that we limit how we use your data.
• Data portability - receive your data in a structured, machine-readable format (available via Settings > Export My Data).
• Object - object to processing of your data for specific purposes.
• Withdraw consent - withdraw consent at any time by disconnecting your accounts in Settings.

To exercise any of these rights, please contact us at LEGAL@FASTSOCIAL.APP. We will respond within 30 days (or within the timeframe required by applicable law).

EEA/UK users: if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

20. California Privacy Rights (CCPA / CPRA)

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the following rights:

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioural advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to limit use of sensitive personal information: We do not use or disclose sensitive personal information beyond the purposes permitted by the CPRA.

To exercise your California privacy rights, contact us at LEGAL@FASTSOCIAL.APP with the subject line "California Privacy Request". We will verify your identity before processing your request. Authorised agents may submit requests on your behalf with written permission.

Categories of personal information collected in the preceding 12 months: identifiers (name, email, account IDs), internet or other electronic network activity information (usage data, log data), and commercial information (subscription and billing records). We do not sell any of these categories.

21. Cookies and Tracking

The Service uses session cookies solely for maintaining your authenticated session and for OAuth state management (CSRF protection). We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. No data is shared with advertising networks. You may disable cookies in your browser settings, but doing so will prevent you from logging in to the Service.

22. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly. If you believe we have inadvertently collected information from a child, please contact us at CONTACT@FASTSOCIAL.APP.

23. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page and, where required by law, by sending notice to the email address on your account. We encourage you to review this page periodically.

24. Contact and Complaints