Privacy Policy

Effective as of April 20, 2026

SocialShift ("we", "us" or "our") operates an AI-powered platform for content generation, including image, video, and music creation, with social publishing and workflow automation tools. This Privacy Policy describes how we process personal information that we collect through our digital properties that link to this Privacy Policy, including our website (socialshift.ai), our application, and our social media pages (collectively, the "Service"), as well as through our marketing activities and other interactions described in this Privacy Policy.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please discontinue use of our Service.

NOTICE TO EUROPEAN USERS: Please see Section 11 for additional information for individuals located in the European Economic Area (EEA) or United Kingdom.

Personal Information We Collect
How We Use Your Personal Information
How We Share Your Personal Information
Tracking Technologies
Data Retention
Your Rights and Choices
International Data Transfers
Security
Children
Third-Party Links and Services
Notice to European Users
Additional Information for California Residents
Changes to This Privacy Policy
How to Contact Us

1. Personal Information We Collect

1.1 Information You Provide to Us

Account data — name, email address, and authentication credentials when you register. If you sign in via a third-party service (Google, Discord), we receive your profile information from that provider based on your account settings.
Profile data — username, profile picture, biographical details, and preferences you add to your account.
Payment data — payment information needed to complete transactions, including payment card details or bank account number. Payment data is collected and processed by our payment processors (e.g., Stripe, LemonSqueezy) and is not stored directly by SocialShift.
User-generated content — prompts, text inputs, generated images, videos, music files, and other content you create or upload through the Service, as well as associated metadata.
Communications data — the contents of messages when you contact us through the Service, email, or other channels.
Social publishing data — information related to social media accounts you connect to the Service (e.g., YouTube, TikTok, Instagram, Pinterest), including OAuth tokens, channel identifiers, and publishing preferences. When you connect your TikTok account via TikTok Login Kit, we collect basic profile information such as your TikTok User ID, display name, and profile picture solely to verify and link your account.
Feedback data — information you provide regarding your experience with the Service, including survey responses.

1.2 Information Collected Automatically

When you use the Service, we and our service providers may automatically collect or generate technical data, including:

Device data — operating system, browser type and version, screen resolution, device type, IP address, unique device identifiers, language settings, and general location information (city, country).
Usage data — pages viewed, features used, generations created, credits consumed, workflows configured, session duration, navigation paths, access times, and interactions with our emails and communications.
Log data — server logs that record requests made to our Service, including timestamps, referring URLs, and response codes.

1.3 Information from Third-Party Sources

We may receive personal information from third-party sources, including authentication providers (Google, Discord), social media platforms you connect, and analytics services. We use this information in accordance with this Privacy Policy.

1.4 TikTok API Data

When you connect your TikTok account, we request the following API scopes:

user.info.basic — to retrieve your TikTok User ID, display name, and profile picture for account verification.
video.upload — to upload AI-generated video content directly to your TikTok profile at your explicit instruction.
image.upload — to upload AI-generated image content (e.g., photo posts) directly to your TikTok profile at your explicit instruction.

We use these permissions exclusively to execute the posting actions you initiate or schedule within the Service. We do not use these permissions to access, analyze, or store any other TikTok account data beyond what is strictly necessary for those actions.

1.5 Cookies and Similar Technologies

We use cookies and similar tracking technologies to facilitate automatic data collection. See Section 4 (Tracking Technologies) for details and your opt-out options.

2. How We Use Your Personal Information

2.1 Service Delivery and Operations

We use your personal information to:

Provide, operate, and maintain the Service
Process AI content generation requests (image, video, music)
Manage your account, subscriptions, and credit balance
Enable social media publishing and workflow automation features — including using the TikTok permissions video.upload and image.upload exclusively to transfer AI-generated content you have initiated or scheduled directly to your TikTok profile
Process payments and transactions
Communicate with you about the Service, including service announcements, security alerts, and support
Respond to your requests, questions, and feedback

2.2 Service Improvement and Analytics

We use your personal information to analyze usage of the Service, understand user behavior, improve existing features, and develop new products and services. This may include using user-generated content and prompts to improve our AI generation quality and platform performance.

2.3 Personalization

We may use your personal information to customize the Service to your preferences, including personalized content recommendations and tailored generation suggestions.

2.4 Marketing

We may use your contact information to send you marketing communications about our products, features, and promotions. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us. Even if you opt out of marketing, we may still send you service-related communications.

2.5 Compliance and Protection

We may use your personal information to:

Comply with applicable laws, regulations, and legal processes
Protect our rights, privacy, safety, or property, and that of our users and third parties
Enforce our terms of service and other agreements
Detect, prevent, and address fraud, security incidents, and abuse

2.6 Aggregated and De-identified Data

We may create aggregated, de-identified, or anonymized data from your personal information. We may use and share such data for any lawful purpose, including analytics, research, and improving the Service. This data cannot be used to identify you.

3. How We Share Your Personal Information

We may share your personal information with the following categories of recipients:

Service providers — third parties that provide services on our behalf, including hosting (Vercel), database and authentication infrastructure (Supabase), AI model inference (Replicate), prompt processing (Anthropic / Claude API), payment processing (Stripe, LemonSqueezy), and analytics providers. These providers are bound by contractual obligations and may only process your data as instructed by us.
Social media platforms — when you use our social publishing features to post content to platforms such as YouTube, TikTok, Instagram, or Pinterest, we share the necessary data with those platforms in accordance with their respective privacy policies.
Linked third-party services — if you connect your account with a third-party service (e.g., Google, Discord), we may share information with that service. Their use of the information is governed by their own privacy policies.
Legal and regulatory authorities — we may disclose your information to comply with applicable laws, respond to legal processes (including subpoenas), or cooperate with government authorities and law enforcement.
Business transfers — in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the acquiring entity, which will continue to process it in accordance with this Privacy Policy.
Professional advisors — lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they provide to us.

We do not sell your personal information to third parties for their independent marketing purposes. In particular, we do not sell or transfer any data obtained via the TikTok API to third parties. Data received through TikTok integrations is transmitted back to TikTok solely to execute the posting actions you have initiated, and is not shared with any other third party.

4. Tracking Technologies

When you visit or use our Service, we use cookies, pixels, and similar tracking technologies ("Tracking Technologies") to automatically collect information about your device and online behavior. These help us enhance your experience, improve performance, and perform analytics.

4.1 Types of Tracking Technologies

Essential cookies — required for the Service to function properly, including authentication and security.
Analytics cookies — help us understand how users interact with the Service, which features are most popular, and where users encounter issues.
Preference cookies — remember your settings and choices to provide a personalized experience.

4.2 Managing Tracking Technologies

You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling cookies may affect the functionality of the Service. For more information, see our Cookie Policy.

5. Data Retention

5.1 General Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including to satisfy legal, accounting, or reporting requirements, to establish or defend legal claims, and for fraud prevention purposes.

5.2 Retention Criteria

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements.

5.3 Account Deletion

Account data is retained for the duration of your account and up to 90 days after deletion to allow for recovery and to fulfill any outstanding legal obligations. Generated content is retained while your account is active. After you delete your account, your content will become inaccessible and will be purged from our systems within 90 days. These periods may be extended if required for legal purposes. You may request earlier deletion by contacting us.

5.4 TikTok Data Revocation and Deletion

You can revoke our access to your TikTok account at any time directly in the TikTok app under Settings & Privacy → Security → Connected Apps. You may also disconnect your TikTok account in your SocialShift account settings. Upon disconnection or upon a deletion request, we will delete all stored TikTok API tokens and associated TikTok account data within 30 days.

5.5 When Information Is No Longer Needed

When we no longer require the personal information we have collected, we will either delete it, anonymize it, or isolate it from further processing until deletion is possible.

6. Your Rights and Choices

6.1 Access and Update

If you have a registered account, you may review and update your account information by logging into your account settings.

6.2 Opt Out of Marketing

You may opt out of marketing emails by following the unsubscribe instructions in our emails or by contacting us. You may continue to receive service-related communications.

6.3 Cookie Controls

You can manage cookie preferences through your browser settings. See Section 4.2 for details.

6.4 Connected Accounts

You may disconnect linked third-party accounts (Google, Discord, YouTube, TikTok, Instagram, Pinterest) at any time through your account settings. Disconnecting will revoke our access to information from that platform, but will not affect information we have already received.

6.5 Delete Your Account

You may request deletion of your account and associated data by contacting us at hello@socialshift.ai. See Section 5.3 for details on our deletion process.

European users have additional rights described in Section 11. California residents have additional rights described in Section 12.

7. International Data Transfers

We are based in Germany and use service providers that may operate in other countries, including the United States. Your personal information may be transferred to and processed in countries where privacy laws may differ from those in your jurisdiction.

Where we transfer personal information outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.

8. Security

We implement technical, organizational, and physical safeguards designed to protect the personal information we collect. These include encryption in transit (TLS), encrypted storage, access controls, and regular security assessments.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you suspect a security breach, please notify us immediately at hello@socialshift.ai.

9. Children

The Service is not intended for use by anyone under 16 years of age. We do not knowingly collect personal information from children under 16. If a parent or guardian becomes aware that their child has provided us with personal information without consent, please contact us at hello@socialshift.ai. If we learn that we have collected personal information from a child under 16 without appropriate consent, we will take steps to delete that information promptly.

10. Third-Party Links and Services

The Service may contain links to websites, applications, and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third-party services and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our Service.

11. Notice to European Users

This section applies to individuals located in the European Economic Area (EEA) or United Kingdom ("Europe"). References to "personal information" in this Privacy Policy include "personal data" as defined in the General Data Protection Regulation (GDPR).

11.1 Data Controller

SocialShift is the controller of your personal data for the purposes of the GDPR. Contact: hello@socialshift.ai

11.2 Legal Bases for Processing

We process your personal data on the following legal bases:

Contractual necessity — processing necessary to provide the Service to you and fulfill our contractual obligations (e.g., account management, content generation, payment processing).
Legitimate interests — processing necessary for our legitimate interests, such as improving the Service, analytics, security, and fraud prevention, where your interests and fundamental rights do not override those interests.
Legal obligation — processing necessary to comply with applicable laws and regulations.
Consent — processing based on your specific consent, such as for marketing communications and optional cookies. You may withdraw consent at any time.

11.3 Your Rights under GDPR

Under European data protection laws, you have the following rights regarding your personal data:

Access — request confirmation of whether we process your personal data and obtain a copy of it.
Rectification — request correction of inaccurate or incomplete personal data.
Erasure — request deletion of your personal data ("right to be forgotten") where there is no compelling reason for continued processing.
Restriction — request that we limit processing of your personal data in certain circumstances.
Portability — receive a copy of your personal data in a structured, commonly used, machine-readable format, and request transfer to another controller.
Objection — object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent — withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

11.4 Exercising Your Rights

To exercise any of these rights, contact us at hello@socialshift.ai. We may request information to verify your identity before processing your request. We will respond to legitimate requests within one month. If your request is complex, we may extend this period by up to two additional months and will notify you accordingly.

11.5 Right to Lodge a Complaint

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with your local data protection supervisory authority. For EEA users, a list of supervisory authorities is available at edpb.europa.eu. For UK users, contact the Information Commissioner's Office (ICO).

12. Additional Information for California Residents

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

12.1 Your California Rights

As a California resident, you have the right to:

Right to Know — request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom it was shared.
Right to Delete — request deletion of personal information we collected from you, subject to certain exceptions.
Right to Correct — request correction of inaccurate personal information.
Right to Opt Out — opt out of the "sale" or "sharing" of personal information. We do not sell your personal information in the traditional sense.
Right to Non-Discrimination — you will not be discriminated against for exercising any of your CCPA rights.

12.2 Submitting a Request

To exercise your California rights, contact us at hello@socialshift.ai. We will verify your identity before processing your request. You may designate an authorized agent to submit a request on your behalf by providing written authorization.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, through email or in-app notification. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@socialshift.ai
Security issues: hello@socialshift.ai