Privacy Policy

1. Who we are

TheSocialForks ("we", "our", "us") operates the platform at www.thesocialforks.com. This is a self-hosted, single-operator platform. The operator (the person who installed and runs the platform) is the data controller for all data processed within the system.

Contact: legal@thesocialforks.com

2. What data we collect

Account data

• Name and email address (provided during registration or via LinkedIn login)
• Hashed password (bcrypt — never stored in plain text)
• Login provider and last login IP
• Role and permissions within the platform

Social account credentials

• OAuth access tokens and refresh tokens — encrypted at rest using AES-256-GCM
• Platform-specific account metadata (username, profile picture URL, follower counts)
• Account health scores and posting history

Content and campaign data

• Post content, drafts, schedules, and campaign configurations
• SEO data: keywords, rank history, backlinks, audit results
• Analytics: click logs, UTM parameters, conversion events

Technical data

• Server logs (IP address, user agent, timestamps) — retained for 30 days
• Cookie consent preferences
• Session tokens (stored as HTTP-only, Secure cookies)

3. How we use your data

• To authenticate you and maintain your session
• To connect and publish content to social media platforms on your behalf
• To schedule, queue, and track marketing campaigns
• To generate analytics and SEO reports
• To send transactional system notifications (e.g. post failures, token expiry alerts)
• To comply with legal obligations

We do not sell, rent, or share your personal data with any third party for marketing purposes.

4. Legal basis for processing (GDPR)

5. Data retention

• Account data: retained while account is active; deleted within 30 days of deletion request
• Social tokens: deleted immediately when account is disconnected
• Post history and analytics: retained for 2 years, then anonymised
• Server logs: 30-day rolling window
• Cookie consent records: 13 months

6. Your rights (GDPR)

Under the GDPR you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Restriction — limit how we process your data
• Object — object to processing based on legitimate interest
• Withdraw consent — for any processing based on consent (e.g. cookies)

Exercise any of these rights by emailing legal@thesocialforks.com. We respond within 30 days.

7. Third-party services

The platform integrates with the following third-party APIs. When you connect these services, their respective privacy policies also apply:

• LinkedIn (Microsoft) — Privacy Policy
• Meta (Facebook, Instagram, Threads, WhatsApp) — Privacy Policy
• X / Twitter — Privacy Policy
• Google (YouTube) — Privacy Policy
• Reddit — Privacy Policy
• TikTok — Privacy Policy
• Anthropic (Claude AI) — Privacy Policy

AI content generation features send your content drafts to Anthropic's Claude API. No personal identifiable information is deliberately included in AI prompts.

8. Security

• All OAuth tokens encrypted at rest with AES-256-GCM
• HTTPS enforced on all connections
• Passwords hashed with bcrypt (cost factor 12)
• Session tokens stored in HTTP-only, Secure, SameSite=Strict cookies
• Two-factor authentication (TOTP) for operator accounts
• Audit log for every data mutation

9. Cookies

See our Cookie Policy for full details. You can manage your cookie preferences at any time.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via an in-app notification. Continued use of the platform after the effective date constitutes acceptance.