Social

Privacy Policy — Social by The Consultant

Last updated: May 2026

This Privacy Policy explains how The Consultant ("we", "us") collects, uses, stores, and deletes information when you use Social by The Consultant (the "App" or "Service"), our managed social-content service available at https://social.theconsultant.chat. Social by The Consultant is the name of this application across all platform integrations, including Facebook, Instagram, TikTok, and Google Business Profile.

1. Information we collect

  • Account info: your name, email, business name, and billing details.
  • Facebook data: when you connect your Facebook Page to Social by The Consultant via Meta Login, we receive a Page Access Token, your Page ID and name, and your Facebook user ID. We request the following permissions: pages_manage_posts, pages_read_engagement, pages_show_list, business_management.
  • Instagram data: when you connect an Instagram Business or Creator account to Social by The Consultant, we receive your IG Business Account ID, username, and a Page access token scoped to instagram_basic and instagram_content_publish.
  • TikTok data: when you connect your TikTok account to Social by The Consultant, we receive your TikTok open ID, union ID, display name, username, avatar URL, and access + refresh tokens scoped to user.info.basic, video.publish, video.upload, and video.list. We use TikTok data solely to publish content you have approved to your TikTok account and to read engagement metrics (views, likes, comments, shares) for posts we published on your behalf. We do not use TikTok data for advertising, profiling, or any purpose other than operating Social by The Consultant for you.
  • Google Business Profile data: when you connect a Google Business Profile location to Social by The Consultant, we receive your Google account ID, location ID, location name, and OAuth tokens scoped to business.manage.
  • AI provider credentials (optional): if you choose to use your own Google, OpenAI, Anthropic, or other AI provider account for image or caption generation, we store the OAuth token or API key you provide.
  • Content you provide: raw text, images, and brand assets you give us so we can generate posts.
  • Post analytics: reach, impressions, likes, comments, shares, and views for posts we publish on your behalf, pulled from the Meta Graph API and the TikTok Display API.

2. How we use your information

  • To generate, schedule, and publish posts to your Facebook Page, Instagram Business account, TikTok account, and Google Business Profile location through Social by The Consultant.
  • To notify you by email and in-dashboard when a post is ready for approval or has been published.
  • To monitor the health of your access tokens and request re-authorization when needed.
  • To produce monthly analytics reports for your connected accounts.
  • To process subscription billing via our payment processors (Lemon Squeezy, Stripe, Razorpay, Paddle, or Coinbase Commerce, depending on your region).

Social by The Consultant never uses your Facebook, Instagram, TikTok, Google Business Profile, or AI provider credentials for any purpose other than operating the Service for you. We do not sell your data, do not share it with advertisers, and do not use it to train machine-learning models.

2a. Google User Data — Limited Use Disclosure

When you connect a Google Business Profile to Social by The Consultant, we request the https://www.googleapis.com/auth/business.manage OAuth scope. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google user data solely to:

  • List the Google Business Profile accounts and locations you manage, so you can pick which location to publish to (accounts.list, accounts.locations.list).
  • Publish Local Posts you have approved inside Social by The Consultant to your selected location (locations.localPosts.create). The post content (caption text and first image) is generated and approved by you within the dashboard before any publish happens.

We explicitly do not:

  • Read, store, or transfer customer reviews, Q&A, messages, or business information edits.
  • Use Google user data to train, develop, or improve generalised AI or machine-learning models.
  • Use Google user data to serve advertisements, including retargeted or personalised ads.
  • Sell Google user data to third parties or share it with data brokers.
  • Allow humans to read Google user data, except (a) with your explicit consent for a support request you initiated, (b) for security investigations to comply with applicable law, or (c) where the data has been aggregated and anonymised.

Access and refresh tokens issued by Google are encrypted at rest using AES-256-GCM. You can revoke our access at any time from your Social by The Consultant dashboard, or directly at myaccount.google.com/permissions. Upon revocation or account deletion, we permanently delete the stored tokens and connection metadata.

3. How we store your information

  • All access tokens (Facebook Page Access Token, Google OAuth token, OpenAI API key) are encrypted at rest using AES-256-GCM before being stored in our database.
  • Data is hosted on DigitalOcean infrastructure in the EU or Asia-Pacific.
  • Generated images are stored on Cloudflare R2.
  • Transport is encrypted with TLS 1.2+ (Let's Encrypt certificates).

4. Third-party services

Social by The Consultant shares data with the following processors only as needed to operate the Service:

  • Meta (Facebook & Instagram): to publish posts and read Page / IG account analytics.
  • TikTok: to publish posts and read engagement metrics from your connected TikTok account.
  • Google (Business Profile & AI): to publish Local Posts and, optionally, generate images using your AI provider credentials.
  • OpenAI / Anthropic / other AI providers: to generate images and captions, using either your own credentials (BYOAI) or our operator-side credentials.
  • Cloudflare R2: to store generated images and customer-uploaded reference images.
  • Resend: to deliver transactional emails.
  • Lemon Squeezy / Stripe / Razorpay / Paddle / Coinbase Commerce: to process subscription payments and credit-pack top-ups, depending on your region.

5. Your rights

You can at any time:

  • Disconnect your Facebook Page or Instagram account from within the Social by The Consultant dashboard, or by removing "Social by The Consultant" from your Facebook settings under Business Integrations.
  • Disconnect your TikTok account from within the Social by The Consultant dashboard, or by removing "Social by The Consultant" from your TikTok app permissions page.
  • Disconnect your Google Business Profile from within the Social by The Consultant dashboard, or by revoking access at myaccount.google.com/permissions.
  • Request deletion of all your data — see the Data Deletion page, or email hello@theconsultant.chat.
  • Export your data — email the address above and we will provide a copy of your stored data within 30 days.

6. Data retention

We retain your account data for as long as your subscription is active, and for up to 90 days after cancellation to handle billing disputes and refunds. After that, all personal data, Facebook tokens, and stored images are permanently deleted.

7. Children's privacy

The Service is not directed to individuals under 18.

8. Changes to this policy

We'll post any changes to this page and email active customers at least 14 days in advance of material changes.

9. Contact

The Consultant
Email: hello@theconsultant.chat