Privacy Policy

Effective Date: September 4, 2025

1. Introduction

This Privacy Policy describes how beeViral ("we," "our," "us," or "Company") collects, uses, processes, and protects personal information in connection with our multi-platform social media management service (the "Service"). This Policy applies to www.beeviral.com and related services.

Data Controller: beeViral

Contact: privacy@beeviral.com

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, profile information, avatar/profile images
  • Authentication Data: Login credentials, password hashes, authentication tokens
  • Social Media Account Data: Platform usernames, account handles, authorized access tokens and refresh tokens for connected accounts (Instagram, TikTok, YouTube)
  • Content Data: Post titles, captions, descriptions, media files, scheduling preferences, publication settings
  • Billing Information: Payment details, subscription information, transaction history (where applicable)
  • Communications: Support inquiries, feedback, correspondence with us

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system, referring URLs
  • Usage Data: Pages visited, features used, time spent, click patterns, session information
  • Analytics Data: Performance metrics, engagement statistics retrieved from connected social media platforms
  • Log Data: Error logs, security logs, access logs, system performance data

2.3 Information from Third Parties

  • Social Platform Data: Profile information, content metrics, engagement statistics from connected Instagram, TikTok, and YouTube accounts through authorized API access
  • Authentication Providers: Profile data from OAuth providers (Google, etc.) when used for account creation
3. How We Use Your Information

We process personal information for the following purposes and legal bases:

3.1 Service Provision (Contract Performance)

  • Creating and managing user accounts
  • Facilitating connections to social media platforms
  • Publishing content to connected platforms as instructed
  • Retrieving and displaying analytics data
  • Providing customer support
  • Processing payments and managing subscriptions

3.2 Legitimate Interests

  • Improving and optimizing the Service
  • Ensuring security and preventing fraud
  • Analyzing usage patterns and trends
  • Developing new features and functionality
  • Maintaining system performance and reliability

3.3 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Protecting our rights and property
  • Enforcing our Terms of Service

3.4 Consent (Where Required)

  • Marketing communications (with explicit consent)
  • Analytics cookies and tracking (where legally required)
  • Processing sensitive personal information (where applicable)
4. Information Sharing and Disclosure

4.1 Service Providers

We may share information with trusted third-party service providers who assist in:

  • Cloud hosting and infrastructure (Supabase, Vercel)
  • Payment processing
  • Customer support
  • Analytics and monitoring
  • Email services

All service providers are bound by contractual obligations to protect your information and use it only as directed.

4.2 Social Media Platforms

We share content and interact with connected platforms (Instagram, TikTok, YouTube) only as authorized by you through OAuth permissions. We do not share personal information beyond what is necessary for the requested functionality.

4.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request, or when necessary to:

  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of users or others
  • Prevent fraud or security threats
  • Comply with legal obligations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the business transaction, subject to appropriate protections.

4.5 No Sale of Personal Information

We do not sell, rent, or trade personal information to third parties for monetary consideration.

5. Data Security

5.1 Technical Safeguards

  • Encryption in transit (TLS/HTTPS) and at rest where supported
  • Access controls and authentication systems
  • Row Level Security (RLS) policies in database
  • Regular security monitoring and incident response
  • Secure token management and storage
  • Database backups with encryption

5.2 Organizational Safeguards

  • Employee training on data protection
  • Access controls based on need-to-know principle
  • Regular security assessments and audits
  • Incident response procedures
  • Vendor security requirements

5.3 Infrastructure Security

Our Service utilizes Supabase's SOC 2 Type 2 audited infrastructure, which provides:

  • Enterprise-grade security controls
  • Compliance certifications
  • Regular penetration testing
  • 24/7 security monitoring
6. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Policy:

  • Account Data: Retained while account is active and for reasonable period after closure
  • Content Data: Retained while account is active and as needed for service provision
  • Access Tokens: Retained while social media connections are active
  • Analytics Data: Retained for historical reporting and trend analysis
  • Log Data: Typically retained for 12 months unless longer retention is required for security or legal purposes

Upon account deletion, we will delete or anonymize personal information within 30 days, except where longer retention is required by law.

7. Your Rights

7.1 GDPR Rights (EU/UK Users)

  • Access: Request copies of your personal information
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Restriction: Limit processing of your information
  • Portability: Receive your information in portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

7.2 CCPA/CPRA Rights (California Users)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Portability: Receive portable copy of your information
  • Right to Opt-Out: Opt out of sale or sharing (not applicable as we don't sell data)
  • Right to Limit: Limit use of sensitive personal information
  • Non-Discrimination: No discrimination for exercising rights

7.3 Exercising Your Rights

To exercise your rights, contact us at privacy@beeviral.com with:

  • Clear description of your request
  • Proof of identity
  • Specific information or data categories involved

We will respond within legally required timeframes (typically 30 days for GDPR, 45 days for CCPA).

8. International Data Transfers

8.1 Transfer Mechanisms

When personal information is transferred outside the EEA/UK, we ensure adequate protection through:

  • European Commission Standard Contractual Clauses
  • UK International Data Transfer Agreement
  • Adequacy decisions where applicable
  • Additional safeguards as needed

8.2 Supabase Infrastructure

Our primary service provider, Supabase, processes data in compliance with applicable transfer requirements and maintains appropriate safeguards.

9. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information promptly and may terminate the account.

10. Cookies and Tracking

10.1 Essential Cookies

We use strictly necessary cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Basic functionality of the Service

10.2 Analytics and Performance

With your consent where required, we may use:

  • Performance monitoring tools
  • Usage analytics
  • Error tracking

10.3 Cookie Management

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

11. California Privacy Disclosures

11.1 Information Collection (Last 12 Months)

  • Identifiers: Name, email, usernames, IP address
  • Commercial Information: Transaction history, subscription details
  • Internet Activity: Usage patterns, interactions, preferences
  • Audio/Visual: Profile images, uploaded media content
  • Professional Information: Business account details, if provided
  • Inferences: Service preferences, engagement patterns

11.2 Business Purposes

  • Service provision and account management
  • Security and fraud prevention
  • Customer support
  • Service improvement and development
  • Legal compliance

11.3 No Sale or Sharing

We do not sell personal information or share for cross-context behavioral advertising.

12. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications

Continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

13. Contact Information

Data Protection Inquiries

Email: privacy@beeviral.com

Response Time: Within 5 business days

Supervisory Authority

EU/UK users may contact relevant data protection authorities:

  • EU: European Data Protection Board (edpb.europa.eu)
  • UK: Information Commissioner's Office (ico.org.uk)

Dispute Resolution

We are committed to resolving privacy concerns promptly. For unresolved issues, you may:

  • Contact supervisory authorities
  • Seek legal remedies as provided by applicable law
  • Use dispute resolution services where available

This Privacy Policy is effective as of September 4, 2025 and supersedes all previous versions.