Privacy Policy

Last updated: March 22, 2026

Expozy ("we," "our," or "us") operates the expozy.io platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in with Google, we receive your Google profile information (name, email, profile picture).

1.2 Brand & Social Account Data

When you connect social media accounts, we store OAuth access tokens (encrypted at rest using AES-256-GCM) to publish content and retrieve messages on your behalf. We store your posts, scheduled content, campaign data, and analytics metrics.

1.3 Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, browser type, IP address, and device information.

1.4 Communications Data

If you use our unified inbox feature, we process messages sent and received through your connected social media accounts. These messages are stored to provide the inbox functionality.

2. How We Use Your Information

  • To provide, maintain, and improve our services
  • To publish content to your connected social media accounts at your direction
  • To aggregate and display analytics from your social media accounts
  • To manage your unified inbox and process messages
  • To send you service-related emails (account verification, security alerts, billing)
  • To provide customer support
  • To detect and prevent fraud, abuse, or security incidents

3. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

  • Service providers: Third-party services that help us operate (email delivery via Resend, payment processing via Stripe, cloud infrastructure).
  • Social media platforms: We transmit content and retrieve data via official APIs (Meta, Twitter/X, LinkedIn, TikTok, YouTube) as directed by you.
  • Legal requirements: When required by law, subpoena, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.

4. Data Security

We implement industry-standard security measures including:

  • AES-256-GCM encryption for all stored OAuth tokens
  • HTTPS/TLS for all data in transit
  • Bcrypt hashing for passwords
  • JWT-based authentication with short-lived access tokens
  • Database access controls and encrypted connections

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Export your data in a portable format
  • Object to or restrict processing of your data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@expozy.io.

7. Cookies

We use essential cookies and local storage to maintain your authentication session. We do not use third-party tracking cookies. Analytics, if implemented, will use privacy-respecting methods.

8. Third-Party Services

Our service integrates with third-party social media platforms. Your use of those platforms is governed by their respective privacy policies. We encourage you to review them.

9. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

  • Email: privacy@expozy.io
  • Website: expozy.io