Data we collect.
We collect three categories of data — only what's necessary to give you a working product. Nothing speculative, nothing sold.
Account & identity
- Name, email, password (hashed with Argon2id), profile photo if you upload one
- Workspace name, billing address, payment method (tokenised through Stripe — we never see card numbers)
- Single sign-on identifiers if you connect Google, Microsoft, Okta, or another IdP
Content you create
- Social posts, drafts, scheduled content, comments, analytics dashboards, keyword lists, audit reports — everything you make in the product
- Files you upload (images, videos, PDFs) up to your plan's storage cap
- Connections to third-party platforms (Facebook, Instagram, LinkedIn, YouTube, Google Search Console, etc.) — we store OAuth tokens, not your password on those sites
Product analytics
- Pages viewed, features used, errors encountered, performance timings
- Approximate location (city level, derived from IP) and device type — used for security and to show the right currency
- We use first-party analytics. We do not embed Google Analytics, Meta Pixel, or similar third-party trackers in the product.
How we use it.
Six purposes — exhaustive list, not examples:
- Run the product. Authenticate you, schedule your posts, fetch your analytics, send the emails you asked for.
- Bill you. Charge your payment method, issue receipts, send renewal reminders.
- Support you. Help-desk replies, debugging your issue with your explicit permission.
- Secure the platform. Detect fraud, abuse, brute-force attempts, account takeovers.
- Improve the product. Aggregate, anonymous metrics — never individual content.
- Comply with the law. Tax records, lawful subpoenas, GDPR/CCPA request fulfilment.
Sell your data. Share it with advertisers. Train shared AI models on it. Read your content for marketing insight. Use it after you've deleted it.
Legal bases (GDPR).
For users in the European Economic Area, UK, or Switzerland, here's the GDPR Article 6 basis we rely on for each purpose:
When we share.
We share data with three groups, and only when needed:
Subprocessors (vendors who run parts of the product)
AWS for infrastructure, Stripe for payments, SendGrid for transactional email, Cloudflare for security, Datadog for monitoring, Snowflake for our internal analytics warehouse. Every subprocessor is contractually bound to GDPR-grade protections. We give 30 days' notice before adding any new one — see the live list at /security.
Integrations you authorise
When you connect Facebook, Google Search Console, or any other platform, we share only what's needed for the feature you enabled (publish posts, fetch keywords, etc.). You can revoke any connection from Settings → Integrations at any time.
Law enforcement & legal process
We require a valid subpoena, warrant, or court order. We push back on overbroad requests and notify the affected user unless legally gagged. We publish a transparency report annually with aggregated request counts.
If Manager.Social is ever acquired or merged, your data transfers under the same terms. You'll get 30 days' notice and an export window before any policy change takes effect.
International transfers.
You pick your data region at signup — US (us-east-1), EU (eu-west-1), or APAC (ap-southeast-1). Your primary data, backups, and logs stay there.
Some operational metadata (login attempts, billing records, support tickets) is processed in the United States by our headquarters. For EU/UK/Swiss users, this transfer is covered by the European Commission's Standard Contractual Clauses (2021/914) and supplementary measures (encryption in transit and at rest, key separation, IP-restricted access).
Our DPA — including SCCs — is available on request from privacy@manager.social or self-serve from your workspace settings on Business and Enterprise plans.
How long we keep it.
Everything you've created, until you delete it or close the account.
Removed from primary storage within 30 days, from backups within 90 days. Certificate of Destruction available.
30-day grace period to recover, then full deletion on the same 90-day schedule.
Retained 7 years for tax compliance, encrypted and access-restricted to finance.
1 year hot, 7 years cold archive — required for SOC 2 + ISO 27001.
3 years after resolution, then deleted automatically.
Your rights.
Whether you're protected by GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, or another regime, you can exercise the following — in-app from Settings → Privacy, or by emailing privacy@manager.social. We respond within 30 days, free of charge.
- Access — get a full copy of every piece of data we hold on you, in standard formats.
- Correction — fix anything inaccurate or incomplete.
- Deletion — also called "right to be forgotten." We delete unless we have a legal duty to retain.
- Portability — export in JSON, CSV, or full database dump (Enterprise).
- Restriction — pause processing while a dispute is being resolved.
- Objection — object to processing based on legitimate interest, including profiling.
- Withdraw consent — for anything you previously opted into (e.g. marketing emails).
- Opt-out of "sale/share" (CCPA) — moot for us; we don't sell or share, but the toggle is in your settings anyway.
- Lodge a complaint with your local supervisory authority. We'd rather you talk to us first, but it's your right.
Cookies & tracking.
Three types only:
- Strictly necessary — session, CSRF, load balancer routing. No way to use the product without them; no consent required under GDPR.
- Functional — remembers your dark-mode preference, last-opened workspace, sidebar collapsed state. You can clear these anytime.
- First-party analytics — anonymised page views and feature usage, hosted on our own infrastructure. No third-party tag, no cross-site tracking.
Marketing site (manager.social) uses one additional cookie for the cookie banner itself — to remember that you dismissed it. We do not use Google Analytics, Meta Pixel, TikTok Pixel, LinkedIn Insight, or any other third-party advertising tracker.
Children's privacy.
Manager.Social is for businesses and creators 16 and over. We don't knowingly collect data from anyone under 16. If you're a parent or guardian and believe your child has signed up, email privacy@manager.social and we'll delete the account within 7 days.
Changes to this policy.
When we make a material change — anything that affects what we collect, how we use it, or who we share it with — we email every active customer 30 days before the change takes effect, post a banner in-app, and bump the version number at the top of this page.
For minor edits (clarifying language, fixing a typo, adding a subprocessor that doesn't change data flow), we update the "Last updated" date and post the diff in our public changelog.
Contact.
Thanks for reading the whole thing. Genuinely.