Digitoly

Last updated: May 14, 2026

Privacy Policy

Digitoly ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media scheduling platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, and profile details when you register.
  • Payment Information: Billing details processed securely through Razorpay. We do not store your card details on our servers.
  • Social Media Credentials: OAuth access tokens for platforms you connect (Facebook, Instagram, LinkedIn, Twitter/X, TikTok, YouTube, Google Business Profile, Threads, BlueSky, WhatsApp Business). These are encrypted and stored securely.
  • Content: Posts, captions, images, videos, and other content you create or schedule through Digitoly.
  • Communications: Messages you send to our support team.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, clicks, and interactions within the platform.
  • Device Information: Browser type, operating system, IP address, device identifiers.
  • Log Data: Server logs including error reports, API requests, and timestamps.
  • Cookies and Tracking: See our Cookie Policy for full details.

1.3 Information from Third Parties

  • Social Media Platforms: When you connect accounts, we receive profile data, post metrics (likes, comments, shares, views), and messages/comments from those platforms as permitted by their APIs.
  • Analytics Providers: Aggregated usage analytics to improve our service.

2. How We Use Your Information

  • To provide, operate, and maintain the Digitoly platform
  • To schedule and publish content to your connected social media accounts on your behalf
  • To process payments and manage your subscription
  • To send you service-related emails (account confirmations, billing, security alerts)
  • To respond to your support requests
  • To analyze usage patterns and improve platform performance
  • To detect, prevent, and address fraud, abuse, or security issues
  • To comply with legal obligations
  • To send you product updates and marketing communications (you can opt out at any time)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data under the following legal bases:

  • Contract Performance: Processing necessary to provide the services you've signed up for.
  • Legitimate Interests: Improving our service, fraud prevention, and security.
  • Consent: Marketing communications and non-essential cookies.
  • Legal Obligation: Compliance with applicable laws.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party vendors who assist in operating our platform:

  • Supabase — Database and authentication hosting
  • Razorpay — Payment processing
  • Vercel — Application hosting
  • Anthropic — AI caption generation

4.2 Social Media Platforms

When you schedule or publish posts, your content and credentials are shared with the respective social media platforms (Meta, LinkedIn, Twitter/X, TikTok, Google, BlueSky) solely to fulfill your publishing requests.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect the rights, property, or safety of Digitoly, our users, or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Social Media Platform Data

When you connect social media accounts, you grant us permission to:

  • Read your profile information and account details
  • Publish content on your behalf at scheduled times
  • Read post performance metrics (likes, comments, shares, views)
  • Read and display comments and direct messages in our Inbox feature
  • Reply to comments and messages on your behalf

You can revoke these permissions at any time by disconnecting accounts in Settings, or directly through each platform's settings. We comply with the data use policies of all connected platforms including Meta's Platform Policy, Twitter's Developer Agreement, LinkedIn's API Terms, TikTok's Developer Terms, and Google's API Services User Data Policy.

6. Data Retention

  • Account Data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
  • Post Data: Retained for 2 years or until you delete it.
  • Payment Records: Retained for 7 years as required by Indian financial regulations.
  • Access Tokens: Deleted immediately upon disconnecting a social media account.
  • Logs: Retained for 90 days for security and debugging purposes.

7. Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for stored OAuth access tokens
  • Row-Level Security (RLS) policies ensuring users can only access their own data
  • Regular security audits and penetration testing
  • Two-factor authentication for admin access
  • PCI-DSS compliant payment processing via Razorpay

Despite our best efforts, no security system is impenetrable. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.

8. Your Rights

Depending on your location, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("Right to be Forgotten").
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing of your data for marketing purposes.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw Consent: Withdraw consent at any time for consent-based processing.

To exercise these rights, email us at privacy@digitoly.com. We will respond within 30 days.

9. Children's Privacy

Digitoly is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@digitoly.com and we will delete it.

10. International Data Transfers

Digitoly is operated from India. If you are accessing our service from outside India, your data may be transferred to and processed in India or other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform at least 30 days before the change takes effect. Your continued use of Digitoly after the effective date constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

Digitoly

Email: privacy@digitoly.com

Website: https://www.digitoly.com

For GDPR-related requests, please include "GDPR Request" in the subject line.