Privacy Policy

1.1 Information You Provide Directly

When you create an account, subscribe to a plan, or contact us, we collect:

•Account information: Name, email address, password (hashed), and profile photo.

•Billing information: Payment card details (processed securely by our payment processor — we never store raw card numbers), billing address, and VAT/tax ID where applicable.

•Business information: Company name, website URL, industry, and team size provided during onboarding.

•Communications: Messages sent to our support team, feedback submitted through the app, and responses to surveys.

1.2 Information Collected Automatically

When you use Social Maze, we automatically collect:

•Usage data: Features used, pages visited, actions taken within the app, and session duration.

•Device and browser data: IP address, browser type and version, operating system, screen resolution, and referring URL.

•Log data: Server logs, error reports, and performance diagnostics.

•Cookies and similar technologies: See our Cookie Policy for full details.

1.3 Information from Third-Party Integrations

When you connect social media accounts (Facebook, Instagram, LinkedIn, TikTok, etc.) or third-party services (Canva, analytics tools, etc.), we access only the data you authorise. This may include:

•Social media profile data, follower counts, and post metrics.

•OAuth tokens required to publish content and retrieve analytics on your behalf.

•We never post content, follow accounts, or take any action you have not explicitly requested.

1.4 Information from Other Sources

We may supplement the information we hold with data from:

•Partners and resellers who refer you to Social Maze.

•Publicly available sources such as company websites or professional directories, solely to personalise your onboarding experience.

2.1 Providing and Improving the Service

We use your data to:

•Operate, maintain, and improve Social Maze and its features.

•Process transactions, send receipts, and manage your subscription.

•Authenticate your identity and keep your account secure.

•Provide customer support and respond to your requests.

•Conduct research and analyse usage patterns to enhance the product.

2.2 Communications

With your consent where required by law, we may send:

•Transactional emails: Account confirmations, password resets, billing receipts, and security alerts. These cannot be opted out of while you maintain an account.

•Product updates: Notifications about new features, changes to the platform, and scheduled maintenance.

•Marketing communications: Newsletters, webinar invitations, and promotional offers. You may unsubscribe at any time using the link in any email.

2.3 Legal and Safety Purposes

We process data where necessary to:

•Comply with applicable laws, regulations, and legal processes.

•Enforce our Terms of Service and other agreements.

•Detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.

•Protect the rights, property, and safety of Social Maze, our users, and the public.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

•Contract performance: Processing necessary to provide the services you have subscribed to (account management, billing, feature delivery).

•Legitimate interests: Analytics, security monitoring, fraud prevention, and direct marketing to existing customers — provided these interests are not overridden by your rights.

•Consent: Marketing emails to prospective customers and the use of non-essential cookies. You may withdraw consent at any time.

•Legal obligation: Processing required to comply with applicable law (e.g. tax record retention, responding to lawful requests from authorities).

4.1 Service Providers

We share data with vetted third-party providers who process it on our behalf, under strict data processing agreements. Current providers include:

•Cloud infrastructure: Vercel / AWS (hosting, storage, CDN)

•Email delivery: Resend (transactional emails such as contact confirmations and newsletters)

•Analytics: PostHog (product analytics — only activated when you consent to analytics cookies)

•Content management: Sanity (headless CMS for website content)

We will update this list whenever we add a new sub-processor.

4.2 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or a portion of our business, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

4.3 Legal Disclosures

We may disclose your information if required to do so by law or in good-faith belief that such disclosure is necessary to comply with a legal obligation, protect our rights, prevent fraud, or protect the safety of our users.

4.4 What We Never Do

We will never:

•Sell your personal data to third parties for their own marketing purposes.

•Share your social media credentials or OAuth tokens with any party other than the relevant platform.

•Use your content for AI training without your explicit, informed consent.

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

•Account data: Retained for the duration of your subscription plus 90 days after cancellation (to facilitate reactivation), then deleted or anonymised.

•Billing records: Retained for 7 years to comply with financial and tax regulations.

•Support communications: Retained for 3 years after resolution.

•Log data: Retained for 90 days for security and debugging purposes.

•Anonymised analytics data: May be retained indefinitely as it cannot be linked back to any individual.

You may request earlier deletion of your data at any time (see Section 7).

Social Maze operates globally and may transfer your data to countries outside your own, including countries that may not offer the same level of data protection as your home country.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on:

•Standard Contractual Clauses (SCCs) approved by the European Commission.

•UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom.

•Swiss Federal Act on Data Protection (nFADP) mechanisms for Switzerland.

A copy of our data transfer mechanisms is available on request.

Depending on your location, you may have the following rights regarding your personal data:

•Access: Request a copy of the personal data we hold about you.

•Correction: Ask us to correct inaccurate or incomplete data.

•Erasure ("right to be forgotten"): Request deletion of your personal data, subject to our legal obligations.

•Restriction: Ask us to stop processing your data in certain circumstances.

•Portability: Receive your data in a structured, machine-readable format.

•Objection: Object to processing based on legitimate interests or for direct marketing.

•Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

•Automated decision-making: Not to be subject to solely automated decisions that have a significant effect on you.

California residents (CCPA/CPRA): You have the right to know what data we collect, delete your data, opt out of its sale (we do not sell data), and not be discriminated against for exercising these rights.

To exercise any of these rights, please contact us at [email protected] or through your account settings. We will respond within 30 days (EEA/UK) or 45 days (CCPA).

We take the security of your data seriously and employ industry-standard measures including:

•Encryption in transit: All data transmitted to and from Social Maze is encrypted using TLS 1.2 or higher.

•Encryption at rest: Sensitive data is encrypted at rest using AES-256.

•Access controls: Strict role-based access controls limit employee access to personal data on a need-to-know basis.

•Infrastructure security: Our infrastructure is hosted on certified cloud providers with regular penetration testing and automated vulnerability scanning.

•Incident response: We have a documented incident response plan. In the event of a data breach, we will notify affected users and relevant authorities within the timeframes required by applicable law.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Social Maze is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete it promptly.

If you believe we may have collected information from a child under 16, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

•Post the updated policy on this page with a revised "Last Updated" date.

•Send an email notification to registered users at least 14 days before the changes take effect.

•Display a prominent notice within the application.

Your continued use of Social Maze after the effective date of changes constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Social Maze Ltd

Data Protection Officer

123 Camden Street, London, N1 9PN

United Kingdom

Email: [email protected]

Support portal: socialmaze.io/contact

If you are located in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.