Privacy Policy
Last updated: 27 April 2026
✦ Plain-English Summary
This is the plain-English version of what data we collect, why, what we do with it, and your rights. We're based in Australia, our customers are all over the world, and we follow the strictest privacy rules that apply (Australian Privacy Principles, UK & EU GDPR, and US state privacy laws like the CCPA) so the same baseline protects everyone.
If you only read one thing: we collect only what we need to run your audit and our business, we never sell your data, we never train AI on it, and you can ask us to delete everything at any time — we'll action it straight away.
For anything not covered here, contact us here or email privacy@thesocialvoiceco.com.
✦ Who We Are
The Social Voice is the "data controller" for the data described below. We're an Australian business operating globally. Reach us at privacy@thesocialvoiceco.com, or via our contact page.
✦ What We Collect
✦ Information you give us directly
- Account details — name, email, password (hashed; we never see the plaintext)
- Billing details — handled by our payment provider; we only see the last 4 digits of your card and your billing country
- Anything you send us in support messages, forms, or contact emails
✦ Information from your connected social accounts
When you use the audit and connect a platform, we read — read only, never write:
- Profile basics (ID, display name, username, profile picture, email if the platform offers it)
- Public and private insights — follower counts, post impressions, reach, engagement rate, audience demographics in aggregate, post-level performance
- Metadata about your posts — captions, hashtags, timestamps, media type — so we can analyse content patterns
We do not read DMs, private messages, comments from other users, or anything the platform doesn't expose through its official insights/analytics API. Platforms we currently support: Facebook, Instagram, Threads, TikTok, LinkedIn, X (Twitter), Pinterest, YouTube (via Google). As we add more, we'll list them here.
We store an encrypted access token for each connection so we can run your audit and — if you opt in — re-read your metrics over time.
✦ Information we collect automatically
- Site analytics — which pages you visit, how you got there, roughly where you are (city / country from your IP), device type, browser
- Cookies — see our Cookie Policy
- Technical logs — IP addresses, timestamps, request paths, kept short-term for security and debugging
✦ Why We Collect It
We rely on the following legal bases under UK / EU GDPR (the equivalents under the Australian Privacy Principles work the same way). Each use of your data fits under at least one.
| What we do with your data | Legal basis |
|---|---|
| Running the audit you asked for | Contract |
| Sending your audit report and follow-up emails about that audit | Contract + legitimate interest |
| Periodic re-reads of your metrics to track growth and flag issues we can help with | Your consent (opt-in at connection time) |
| Fulfilling paid subscriptions and sending receipts | Contract |
| Security, fraud prevention, rate-limiting abuse of the free audit | Legitimate interest |
| Marketing emails about new features, tips, and products | Your consent (separate opt-in) |
| Aggregate, anonymised analytics about how the audit performs across all users | Legitimate interest |
| Responding to your questions or complaints | Legitimate interest |
| Meeting our legal obligations (tax, accounting, lawful requests) | Legal obligation |
✦ How We Use Your Data
✦ To deliver your audit
We analyse what you've connected and generate a personalised report. Nothing more, unless you ask us to.
✦ To track growth and reach out when we can help
If you opt in, we re-read your metrics on a schedule. This lets us:
- Send you a before/after comparison ("your reach is up 40% since your audit")
- Spot when something's slipping and let you know — e.g. if your reach drops, we may reach out to suggest how we can help
- Build a better picture of which audit recommendations actually move the needle
You can stop this any time by revoking access on the platform, disconnecting in your account, or contacting us.
✦ For aggregate marketing claims
We may use anonymised, aggregated insights publicly — "creators in beauty who follow our recommendations grow X% faster" — but we won't name you, screenshot your account, or use your numbers as a case study without your explicit written permission. (We don't do individual case studies or testimonials.)
✦ To improve the product
We look at aggregate, anonymised data to refine our scoring and recommendations. This never identifies you.
✦ To market to you (only if you consent)
We may email you about new products, tips, and offers — but only if you opted in, and you can unsubscribe from every email in one click.
✦ What We Will Never Do
- We never sell your personal data
- We never use data from connected platforms (Meta, Google, TikTok, LinkedIn, X, Pinterest) for ad targeting or to train AI models — this is a platform requirement and a promise from us
- We never share your data with anyone for them to market their own products
- We never use individuals as case studies without their explicit written permission
✦ Who We Share Data With
Only with the service providers we need to run the business. Each is bound by a data-processing agreement that limits what they can do with your data.
| Service | What they do for us |
|---|---|
| Cloudflare | Hosting, CDN, edge database (D1), DNS, bot protection |
| Payment provider | Processing payments (secure card handling) |
| Email provider | Sending transactional and (with consent) marketing emails |
| Analytics provider | Understanding site usage in aggregate |
| Meta, Google, LinkedIn, TikTok, X, Pinterest | Where we read the insights you authorised, in order to generate your audit |
If we add or change any of these, we'll update this page.
✦ Where Your Data Lives
Our infrastructure runs on Cloudflare's global network. Some providers may process data in Australia, the UK, the EU, or the US. Where data moves outside the UK/EEA, we rely on Standard Contractual Clauses or equivalent safeguards. Where data leaves Australia, we take reasonable steps to ensure overseas recipients handle it consistently with the Australian Privacy Principles.
✦ How Long We Keep It
- Account data — while your account is open, plus 12 months after you close it, then deleted or anonymised
- Audit data (reports and snapshots) — same retention as your account, so you can look back at your history
- Platform access tokens — deleted automatically when you disconnect, revoke on the platform, or close your account, and immediately when you ask us to delete them
- Marketing email list — until you unsubscribe
- Payment records — as long as tax law requires us to keep them (usually 7 years in Australia)
- Support emails — 3 years
You can ask us to delete your data at any time — see below.
✦ Deleting Your Data
You can ask us to delete your account and data at any time. We action deletion straight away — we have no resistance to it. There are two ways:
- Self-serve — log in, open your account settings, and click delete (once that page is live)
- Email or contact form — email privacy@thesocialvoiceco.com or contact us
When you delete:
- Your account, audit history, and connected-platform tokens are removed immediately
- We revoke our access at the platform on your behalf
- Aggregate, anonymised analytics may persist (you're no longer identifiable in them)
- Records the law requires us to keep (e.g. payment records) are kept for the legally required period only
✦ Your Rights
You have the right to:
- Know what data we hold about you
- Get a copy of it (data portability)
- Correct anything that's wrong
- Delete it ("right to be forgotten")
- Object to a particular use (especially marketing)
- Restrict how we use it while we sort out a complaint
- Withdraw consent for anything we do on a consent basis, without it affecting what came before
- Complain to the relevant authority — in Australia the OAIC, in the UK the ICO, and in the EU your national DPA
To exercise any of these, email privacy@thesocialvoiceco.com or contact us here. We respond within 30 days.
✦ US residents (CCPA and state privacy laws)
If you live in California, Colorado, Virginia, Connecticut, Utah, or another US state with a consumer privacy law, you also have the right to know the categories of data we collect, access the specific pieces, delete them, opt out of "sale" or "share" (we don't sell data, but the right is yours either way), and not be discriminated against for exercising any of these rights.
✦ Platform-Specific Data Use
These notes are required by the platforms themselves and apply on top of everything above:
- Meta (Facebook, Instagram, Threads) — data accessed through Meta is used only to deliver the audit and growth-tracking features you requested, in line with the Meta Platform Terms. We honour your revocation immediately.
- Google (including YouTube) — our use of information from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We don't use Google user data for ads, transfer it to third parties except as strictly necessary, or use it to train AI.
- LinkedIn — governed by the LinkedIn API Terms of Use. Same principles.
- TikTok — governed by the TikTok Developer Terms. Same principles.
- X, Pinterest — used solely to deliver your audit and tracking, in line with each platform's developer terms.
✦ Children
Our service isn't intended for anyone under 16. If you believe a child has given us their information, contact us and we'll remove it.
✦ Security
We use standard industry measures: HTTPS everywhere, encrypted access tokens, principle-of-least-privilege access, and regular backups. No system is ever 100% secure, but we take this seriously. If we ever detect a breach that affects you, we'll notify you and the relevant regulator within 72 hours.
✦ Changes to This Policy
When we change something meaningful we'll update the "Last updated" date and — for significant changes — email anyone with an account.
✦ Contact Us
For any data or privacy question, email privacy@thesocialvoiceco.com or contact us here. We'll handle access, deletion, or any other request through the same address.