Privacy Policy

This policy describes the data flows SocialCRM currently exposes through its public website, product, and related support channels.

Last updated: March 12, 2026Effective date: March 12, 2026

On this page

ScopeWhat we collectHow we use itProvidersYour choicesContact

How to read this page

This is a product-specific privacy summary grounded in the current SocialCRM application and repository. If you have a separate contract or a signed DPA with SocialCRM, that document may add terms for your account or organization.

Who this policy covers

This policy applies to the public site at socialcrm.com, public forms and developer pages, authenticated product use, and direct communications with SocialCRM.

For purposes of this policy, the controller is SocialCRM, an initiative of Social Protocol Labs LLC. Privacy questions can be sent to privacy@socialcrm.com.

What we collect

CategoryExamples from the current product
Account and organization dataName, email, company details, account role, hashed password, and subscription or billing identifiers tied to your workspace.
Customer-submitted contentBrand profiles, repository items, prompts, uploaded text, form submissions, support messages, and other content you ask SocialCRM to store or process.
Authentication and session dataSession tokens, sign-in state, company scoping data, and security checks used to keep accounts working and reduce abuse.
Usage and technical signalsRequest metadata, browser details, IP-address-derived security signals, rate-limit checks, and audit-style records generated by public forms or AI-content endpoints.
Cookie and preference dataConsent choices, language preference, Google Analytics identifiers when enabled, and browser-side state stored for product or site behavior.

Payment card details are handled by Stripe rather than stored directly in the public application code.

How we use personal data

  • Provide the website, application, and authenticated account access
  • Operate workflows and AI-assisted features you explicitly use
  • Respond to demos, support requests, onboarding questions, and legal inquiries
  • Process payments and account administration
  • Prevent abuse, investigate incidents, and enforce product limits
  • Measure site usage when analytics cookies are enabled
  • Comply with legal obligations and resolve disputes

Providers and recipients

SocialCRM relies on third-party infrastructure and software vendors. The table below lists the providers that are directly visible in this codebase or the current public site.

ProviderRoleWhen involved
SupabaseApplication database and authentication data layerUsed for core product data and account operations
VercelHosting and application deliveryUsed to serve the public site and Next.js application
Google Cloud servicesCloud infrastructure, hosted assets, and related managed servicesUsed for public media delivery and other Google Cloud-backed application services
StripePayments and billingUsed when subscriptions or payment methods are processed
ResendTransactional email deliveryUsed for product and contact-email workflows
OpenAI, Anthropic, and GoogleAI model providersUsed only when you run product features that depend on those providers
Google AnalyticsSite analyticsLoaded only if analytics consent is granted and the GA ID is configured

We may also disclose information if required by law, to respond to a valid legal request, or as part of a merger, financing, or acquisition involving the business.

Cookies and browser storage

SocialCRM uses consent cookies, session cookies, optional language-preference cookies, analytics cookies where allowed, and additional browser storage for some client-side features.

The cookie-specific breakdown lives on our Cookie Policy page, which also includes the live preference controls used by the site.

Retention

We keep data for as long as it is needed to provide the service, maintain account history, comply with legal obligations, and protect the product from abuse.

  • Consent cookies created by the public preference tools are written for up to 365 days.
  • Language-preference cookies are written for up to one year when that feature is used.
  • NextAuth session settings in the current application use a 30-day maximum session age.
  • Other operational, account, billing, and support records are retained according to business need, contract obligations, or applicable law.

International transfers

SocialCRM and several of the providers listed above operate from the United States. Using the product may involve processing in the United States or other locations where those providers run their services.

Your choices and rights

Depending on your relationship with SocialCRM and the laws that apply to you, you may be able to request access, correction, deletion, export, or restriction of certain personal data.

  • Manage cookies through the preference center or your browser settings
  • Update profile and workspace information inside the product where available
  • Request privacy help or deletion review by emailing privacy@socialcrm.com
  • Use a signed DPA if your organization needs contractual privacy terms

We review requests in accordance with applicable law and may need to verify identity or account ownership before making account-level changes.

Children's privacy

SocialCRM is built for business use and is not directed to children. If you believe a child has provided personal data through the site or product, contact privacy@socialcrm.com.

Changes to this policy

We may update this page as the product, providers, or legal posture changes. The "Last updated" date at the top of the page reflects the current public version.

Contact

Privacy contacts

Privacy
privacy@socialcrm.com
Legal
legal@socialcrm.com
Support
support@socialcrm.com
DPA
Review the Data Processing Agreement
Cookie PolicySecurity OverviewTerms of ServiceData Processing Agreement
← Back to Home
Cookie PolicySecurity