01Who we are
SocialBoiler (“SocialBoiler”, “we”, “us”) operates an AI-powered short-video automation platform that helps creators discover trending topics, generate videos with AI and publish them to connected social-media platforms.
We are the “controller” of the personal information described in this Privacy Policy under European and UK data-protection law, and a “business” under the California Consumer Privacy Act / CPRA.
This Privacy Policy explains what information we collect, why we collect it, how we use and share it, how long we keep it, and the rights and choices you have. It applies to our website at socialboiler.app and to the SocialBoiler application. By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.
02Scope and definitions
“Personal information” means information that identifies, relates to, describes, references, or could reasonably be linked, directly or indirectly, with a particular individual or household.
This policy does not cover:
- Personal information processed by third-party services you connect to (YouTube, Instagram, TikTok, Facebook, LinkedIn, X, etc.) — those are governed by their own privacy policies;
- Anonymous or aggregated information that does not identify any individual;
- Information you choose to make publicly available, including videos you publish to public social-media accounts.
03Information we collect
We collect the following categories of personal information, both directly from you and from your use of the Service:
- Account information — name, email address, password credentials (stored hashed), profile photo, time-zone, and any other details you provide on sign-up or in account settings.
- Content & configuration — niches, keywords, video formats, caption styles, scripts, captions, hashtags, voice preferences, generated videos and thumbnails, schedules and any content you upload.
- Connected-account data — when you connect a social platform via our publishing partner (Upload-Post), we store opaque profile identifiers and authorization tokens that permit posting on your behalf. Where the platform discloses it, we may also store your public handle and platform user-id.
- Billing information — if you purchase a paid plan, our payment processor collects payment-card or bank details directly. We receive only a non-sensitive token, the last four digits of the card, the brand and expiry, plus invoice metadata.
- Usage data & device information — IP address, browser type and version, operating system, device identifiers, referrer, pages viewed, links clicked, features used, errors encountered and the dates and times of those events.
- Communications — content of any support requests, feedback, survey responses or other messages you send us.
- Cookies and similar technologies — see our Cookie Policy for details.
We do not ask for or knowingly collect special categories of personal data (such as health, biometric, racial or religious information). Please do not include such data in your videos, scripts or prompts.
04How we use your information
We use personal information only for purposes described below, each based on a clear legal basis (where applicable in the EEA / UK):
| Purpose | Legal basis (EEA / UK) |
|---|---|
| Create and manage your account; provide the Service | Performance of a contract |
| Generate scripts, voiceovers, video and other AI Outputs at your request | Performance of a contract |
| Publish content to your connected social accounts when you trigger it | Performance of a contract |
| Process payments and prevent fraud / chargeback abuse | Performance of a contract; legitimate interests |
| Send service notices (security alerts, downtime, policy changes) | Legitimate interests; legal obligation |
| Send product updates and marketing emails | Consent (you can opt out at any time) |
| Operate, secure, troubleshoot and improve the Service (analytics, logs, abuse detection) | Legitimate interests |
| Comply with law, court orders and government requests | Legal obligation |
We do not sell your personal information for money and we do not shareit for cross-context behavioral advertising. We do not use your private content (scripts, prompts, generated videos) to train any AI model — yours or anyone else's.
05AI processing and generated content
The Service uses third-party AI providers to turn your inputs into Outputs. When you generate content, relevant inputs (such as a topic keyword, a source transcript, a creative brief, or a scene visual prompt) are transmitted to those providers solely to produce your Output. Specifically:
- OpenAI and/or Groq — idea-polish and chat-completion text;
- Google Gemini — script generation;
- Supadata — YouTube transcript retrieval;
- Lightricks (LTX) — text-to-video clip generation;
- json2video — composing the final 9:16 video with voiceover and captions;
- Microsoft Azure Neural TTS (via json2video) — voice synthesis.
Each provider acts as a sub-processor under appropriate contractual safeguards. We send the minimum information needed for the requested generation and do not transmit account credentials or billing data to AI providers.
AI Outputs are inherently probabilistic. You are responsible for reviewing Outputs before publishing — see our Terms of Service.
06Third-party services and sub-processors
We rely on a limited set of trusted third parties to deliver the Service. Each processes only the data needed for its function:
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Authentication, database, file storage | United States / EU |
| Vercel | Web application hosting and edge delivery | United States |
| n8n Cloud | Workflow automation engine | EU |
| OpenAI / Groq | Idea polish and chat completion | United States |
| Google Gemini | Script generation | United States |
| Lightricks (LTX) | Text-to-video clip generation | Israel / Global |
| json2video | Video rendering and TTS | European Union |
| Supadata | YouTube transcript retrieval | Global |
| YouTube Data API | Trending-topic discovery | United States |
| Upload-Post | Multi-platform publishing aggregator | United States |
| Stripe (if/when billing is enabled) | Payment processing | United States / Global |
This list may change as the Service evolves. Material changes will be reflected by updating the “Last updated” date.
10Security
We use industry-standard safeguards to protect your information — including TLS in transit, encryption at rest where supported by our storage providers, role-based access controls, principle of least privilege for staff access, secure secret management, and regular security review of our codebase and configuration. No method of transmission or storage is completely secure; we cannot guarantee absolute security and you use the Service at your own risk. Report suspected vulnerabilities to security@socialboiler.app.
11Data retention
We retain personal information only as long as needed for the purposes described above:
| Category | Retention period |
|---|---|
| Account information | For the life of the account, plus 30 days after deletion |
| Generated videos and clips | Until you delete them or close your account; clips referenced by published videos remain to keep your live posts working |
| Connected-account tokens | Until you disconnect, or for up to 90 days after account closure |
| Usage logs and security logs | Up to 12 months |
| Billing records and invoices | 7 years (US tax recordkeeping) |
| Support communications | Up to 24 months |
We may retain certain information for longer where required by law, to resolve disputes, or to enforce our agreements.
12Your privacy rights
Depending on where you live, you have rights regarding your personal information:
- Access — request a copy of the personal information we hold about you;
- Rectification — request correction of inaccurate or incomplete information;
- Deletion — request deletion of your personal information (you can also delete your account from settings);
- Portability — receive a machine-readable copy of certain information you provided to us;
- Objection / restriction — object to or restrict certain processing based on legitimate interests;
- Withdraw consent — where processing is based on consent, withdraw it at any time (this does not affect prior processing);
- Opt out of sale / sharing — California residents may opt out, although we do not currently sell or share for cross-context behavioral advertising;
- Non-discrimination — we will not discriminate against you for exercising any of these rights.
To exercise any right, email privacy@socialboiler.app from the address associated with your account, or write to us at the registered office below. We will respond within the timeframe required by applicable law (45 days under CCPA / one month under GDPR, with extensions where permitted).
You also have the right to lodge a complaint with your local data protection authority. EU/EEA residents can find their authority at edpb.europa.eu.
13California-specific disclosures
This section supplements the information above for California residents under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Categories collected — in the past 12 months we have collected the categories described in Section 3 (identifiers, customer records, commercial information, internet/network activity, inferences). We do not collect sensitive personal information beyond account credentials.
Sources — directly from you; automatically from your use of the Service; and from connected third-party platforms when authorized by you.
Purposes — to operate, secure and improve the Service, communicate with you, comply with law (see Section 4).
Sale / sharing — we do not sell personal information for money and we do not share it for cross-context behavioral advertising. No opt-out is required, but you may still exercise the rights above.
Shine the Light — California Civil Code §1798.83 requests can be sent to privacy@socialboiler.app.
14International data transfers
SocialBoiler is operated from the United States. Your information may be processed and stored in the United States and in other countries where our sub-processors operate. When we transfer personal data from the EEA, UK or Switzerland to a country that is not considered “adequate” by the relevant authority, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, or equivalent mechanisms. Contact us if you would like more information about the safeguards in place.
15Children
The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact privacy@socialboiler.app and we will promptly delete it.
16Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the application or by email. Continued use of the Service after the effective date of the updated policy constitutes acceptance.
17Contact us
For privacy questions or to exercise your rights, write to:
SocialBoiler · Attn: Privacy
Email: privacy@socialboiler.app
07Connected social accounts
When you connect a social platform (YouTube, Instagram, TikTok, Facebook, LinkedIn or X), you grant SocialBoiler permission — via OAuth or platform-equivalent flow — to publish video on your behalf to that account. We store opaque profile identifiers and the access tokens needed to call those platforms' publishing APIs.
Tokens are stored within our Upload-Post integration and are transmitted over TLS. You can disconnect any platform at any time from the Connections screen. Disconnecting revokes our ongoing publishing access; content already published remains on that platform under its own terms.
Note that Instagram and Facebook require a Business or Creator account and a connected Facebook Page to publish via API. See our Connections requirements.