Data Protection
Our Data Minimization Philosophy
At Sociable AI, we follow a strict data minimization approach. We only collect and store the absolute minimum data needed to provide our services:
- No Content Storage: We do not persistently store the content of social media posts or interactions beyond what’s needed for core functionality
- Access Token Focus: We store access tokens rather than credentials, ensuring we never have access to your passwords
- Transient Processing: Social media content is processed transiently and not permanently stored
Data Categories and Protection
| Data Type | Storage Approach | Protection Measures |
|---|---|---|
| Authentication data | Handled by Clerk | Industry-standard encryption via Clerk’s SOC 2 compliant service |
| OAuth tokens | Encrypted at rest | Access controlled, rotated per platform requirements |
| User settings | Minimal storage | Encrypted at rest |
| Message data | Limited retention | Encrypted at rest, user-deletable |
Privacy Principles
Our data protection practices are designed with privacy in mind:
- Access Controls: Users can request access to their personal data
- Deletion Rights: We provide account deletion functionality
- Data Portability: We support export options for user data when requested
- Purpose Limitation: Data used only for specified, legitimate purposes
- Transparency: Clear communication about our data practices
Third-Party Data Processing
When we engage third-party services to process data:
- We select providers with strong security credentials (those with SOC 2, GDPR compliance)
- We implement appropriate data processing agreements
- We limit data sharing to only what’s necessary for service provision
Technical Protection Measures
Encryption
- TLS 1.2+ for all data in transit
- AES-256 encryption for data at rest
- Secure key management practices
Access Controls
- Role-based access controls
- Least privilege principle
- Regular access reviews
Monitoring
- Continuous monitoring for unusual access patterns
- Automated alerts for potential security events via Google Cloud Security Command Center, AWS CloudWatch, Sentry, Clerk Security Alerts, Supabase Security Monitoring, and infrastructure monitoring systems
- Regular security reviews of data access logs
Retention and Deletion
- Regular data review and cleanup processes
- Automatic deletion of transient processing data
- User-controlled data deletion options
- Clear retention periods defined for each data category
Contact for Data Concerns
If you have questions about how we handle your data or wish to exercise your data rights, please contact us at:
- Email: product@sociable.how
- Response time: Within 48 hours