Privacy Policy

Effective date: April 1, 2026

This Privacy Policy describes how Schedii LLC ("we", "us", "our") collects, uses, and protects your information when you use the Schedii platform ("Service"). We are committed to protecting your privacy and handling your data responsibly.

1. Information We Collect

a. Account Information

When you register, we collect your email address, display name, and password (hashed). If you sign in via a third-party provider (e.g., Google, GitHub), we receive your name, email, and profile picture from that provider.

b. Connected Platform Data

When you connect social media accounts, we receive OAuth tokens that grant limited access to your accounts on those platforms. We store these tokens encrypted at rest using AES-256-GCM encryption. We access only the data and permissions necessary to provide the Service (e.g., posting content, reading analytics).

c. User Content

We store the content you create, upload, or schedule through the Service, including text, images, videos, and associated metadata (scheduling times, platform selections, tags).

d. Usage Data

We collect minimal server-side logs (request paths, error traces, timestamps) to operate the Service, diagnose issues, and prevent abuse. We do not use third-party product analytics, behavioral trackers, or session-replay tools. We do not build advertising profiles from your usage.

e. AI Interaction Data

When you use AI features, we process your prompts and generated content to provide the Service. Conversation history is stored per-workspace to enable context-aware assistance. We do not use your content to train AI models.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To publish content to connected platforms on your behalf
• To generate AI-powered content suggestions
• To provide analytics and insights on your published content
• To send transactional notifications (e.g., post failures, scheduled reminders)
• To ensure platform security and prevent abuse

3. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

• Third-party platforms: When you publish content, we transmit your content to the platforms you have connected (e.g., X, LinkedIn, Instagram). This is initiated by your explicit action.
• AI model providers: When you use AI features, your prompts are sent to the AI provider configured in your account (e.g., OpenAI, Anthropic). These providers process data under their own privacy policies.
• Legal requirements: We may disclose information if required by law, regulation, or legal process. When we receive such a request, we (a) review the legality of the request before responding, (b) disclose only the minimum information necessary to comply, and (c) document the request, our response, and the legal reasoning involved. We will notify affected users when we are legally permitted to do so.

4. Data Security

We protect your data with industry-standard measures including:

• AES-256-GCM encryption for stored OAuth tokens and API keys
• HTTPS/TLS for all data in transit
• JWT-based authentication with secure token handling
• Rate limiting and brute-force protection
• HMAC-SHA256 webhook signing
• Regular automated database backups
• Role-based access control for team workspaces

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Published content that has already been sent to third-party platforms is governed by those platforms' retention policies.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent for data processing
• Object to certain types of data processing

To exercise these rights, contact us at privacy@schedii.app.

7. Data Deletion

You can request deletion of your data at any time. For users who connected via Facebook, Instagram, or other Meta platforms, you can also use our Data Deletion page to submit a deletion request. We will process all deletion requests within 30 days.

8. Cookies

We use essential cookies for authentication and session management only. We do not use third-party product analytics, advertising cookies, or session-replay trackers, and we do not sell cookie data. You can control cookie preferences through your browser settings.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it. Users between 13 and the age of majority in their jurisdiction must have parent or guardian consent to use the Service.

10. International Data Transfers

Your data may be processed on servers located outside your country of residence. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date.

12. Contact

For privacy-related questions or requests, contact us at: privacy@schedii.app