Privacy Policy
Last Updated: April 19, 2026
Introduction
1. Introduction & Who We Are
Welcome to SylusAI ("we," "us," or "our"). SylusAI is an AI-powered social media automation platform that helps social media managers, marketers, and brands research trends, generate content, design posts, and schedule publishing across major social networks — all from a single dashboard.
Our platform is operated by SylusAI and is accessible at https://sylusai.com.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have with respect to your data. It applies to all users of our website and platform, including visitors, registered users on Free, Premium, and Business plans, and anyone who connects a social media account to our services.
By using SylusAI, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our platform.
If you have questions or concerns, contact us at contact@sylusai.com.
2. Information We Collect
We collect information necessary to deliver our services effectively and securely. The categories below outline what we collect and why.
2.1 Account Information
When you register for SylusAI, we collect:
Full name — to personalize your experience and communications.
Email address — to create and manage your account, send notifications, and provide support.
Profile picture — if you sign up via a social login (e.g., Google), we may receive your profile photo.
Username and password — for authentication and account security.
Organization or brand name — if provided during onboarding.
Subscription plan — Free, Premium, or Business, which determines feature access.
2.2 OAuth Tokens and Permissions from Social Platforms
When you connect a social media account to SylusAI, we receive OAuth access tokens and, in some cases, refresh tokens from the respective platform. These tokens allow us to perform actions on your behalf — such as posting content and reading analytics — without storing your social media username or password.
The specific permissions requested vary by platform and are described in detail in Section 4 of this policy.
We store these tokens in encrypted form and use them solely to deliver the features you authorize. You can revoke our access at any time, either through our platform or directly through the connected social network's settings.
2.3 Content Data
To provide scheduling and publishing services, we collect and temporarily store:
Draft posts and captions — text you compose or that our AI generates on your behalf.
Images and media — uploaded, AI-generated, or sourced from your connected accounts.
Post schedules and publishing history — dates, times, and statuses of your queued and published content.
Content templates and campaign structures — if you create or save them within the platform.
2.4 Usage Data and Analytics
We collect information about how you interact with the SylusAI platform, including:
Pages and features visited within the dashboard.
Actions taken (e.g., creating a post, connecting an account, generating AI content).
Session duration and frequency of use.
Performance reports and analytics data pulled from your connected social platforms (e.g., impressions, reach, engagement metrics).
This data helps us improve platform features and provide you with insights about your social media performance.
2.5 Payment Information
If you subscribe to a paid plan, billing is handled by a third-party payment processor (such as Stripe). We do not store full credit card numbers or sensitive payment credentials on our servers. We do retain:
Subscription plan type and billing cycle.
Transaction history and invoice records.
Billing name and address, as required for invoicing.
2.6 Device and Log Data
When you access SylusAI, our servers automatically collect certain technical data, including:
IP address — used for security monitoring and geographic compliance checks.
Browser type and version, operating system, and device type.
Referring URLs — the page that directed you to SylusAI.
Timestamps — dates and times of access and actions.
Error logs — for diagnosing technical issues.
3. How We Collect Information
We collect information in the following ways:
Directly from you — when you register, fill in forms, compose content, or contact our support team.
Through OAuth authorization flows — when you connect a social media account, the respective platform shares an access token and permitted scopes with us under your explicit authorization.
Automatically via cookies and tracking technologies — as described in Section 10.
From third-party services — such as payment processors, analytics providers, and social platforms that return data in response to API calls we make on your behalf.
Through AI-generated interactions — when you use our AI content generation features, your prompts and preferences are processed to produce output.
4. Social Media Platform Integrations
SylusAI integrates with major social media platforms through their official OAuth 2.0 authentication flows. We request only the permissions necessary to deliver the features you use. Below is a detailed breakdown for each platform.
4.1 Meta — Facebook & Instagram
Permissions We Request:
Permission | Purpose |
|---|---|
| Create, edit, and delete posts on Facebook Pages you manage |
| Read engagement data (likes, comments, shares) from your Pages |
| View the list of Pages you administer |
| Access your connected Instagram account's basic profile and media |
| Publish media (photos, videos, carousels) to your Instagram account |
| Read Instagram analytics, impressions, and engagement metrics |
| Post to Facebook Groups you manage (if enabled) |
| Access Facebook Page-level analytics |
What We Read: Page details, post performance metrics, audience analytics, and scheduled content status.
What We Write: Posts, images, videos, carousels, and reels to your Facebook Pages and Instagram Business/Creator accounts on the schedules you define.
Data Retention: Meta access tokens are stored in encrypted form. We do not store media assets from your Meta accounts beyond what is necessary to fulfill a scheduled post.
How to Revoke Access:
Within SylusAI: Go to Settings > Connected Accounts and click Disconnect next to Facebook/Instagram.
Directly via Meta: Visit https://www.facebook.com/settings?tab=applications and remove SylusAI from your connected apps.
4.2 LinkedIn
Permissions We Request:
Permission | Purpose |
|---|---|
| Access your LinkedIn name and profile photo for account identification |
| Read the primary email address associated with your LinkedIn account |
| Post updates, articles, and media to your LinkedIn profile |
| Read posts and engagement from LinkedIn Company Pages you manage |
| Publish content to LinkedIn Company Pages you manage |
| Access basic profile details for display within SylusAI |
What We Read: Your LinkedIn profile information, Company Page details, and post engagement metrics.
What We Write: Text posts, image posts, article shares, and scheduled updates to your personal LinkedIn profile and Company Pages.
How to Revoke Access:
Within SylusAI: Go to Settings > Connected Accounts and click Disconnect next to LinkedIn.
Directly via LinkedIn: Visit https://www.linkedin.com/psettings/permitted-services and remove SylusAI.
4.3 Twitter / X
Permissions We Request:
Permission | Purpose |
|---|---|
| Read your tweets, timeline, and mentions |
| Post new tweets, reply to tweets, and retweet on your behalf |
| Delete tweets published through SylusAI |
| Access your Twitter/X profile information for display within SylusAI |
| Maintain persistent access via refresh tokens so posting can occur on your scheduled times without requiring re-authentication |
| Upload and attach media (images, videos, GIFs) to tweets |
What We Read: Your profile details, recent tweets, and engagement metrics (where permitted by the Twitter/X API).
What We Write: Tweets (including text, images, and videos) and threaded content published according to your defined schedule.
How to Revoke Access:
Within SylusAI: Go to Settings > Connected Accounts and click Disconnect next to Twitter/X.
Directly via Twitter/X: Visit https://twitter.com/settings/connected_apps and revoke SylusAI's access.
4.4 Reddit
Permissions We Request:
Permission | Purpose |
|---|---|
| Access your Reddit username for account identification within SylusAI |
| Submit posts (text, links, images) to subreddits on your behalf |
| Read subreddit information and post details for scheduling and analytics |
| View your submission history to avoid duplicate posting and provide analytics |
What We Read: Your Reddit username, submission history, and subreddit details relevant to your scheduled content.
What We Write: Text posts, link posts, and image posts to subreddits where your account has posting permissions. SylusAI will only post to communities you explicitly configure within the platform.
Important Note: SylusAI complies fully with Reddit's API Terms of Service. We do not use Reddit data to train machine learning models, and we do not store Reddit content beyond what is operationally necessary to fulfill scheduling and provide activity logs.
How to Revoke Access:
Within SylusAI: Go to Settings > Connected Accounts and click Disconnect next to Reddit.
Directly via Reddit: Visit https://www.reddit.com/prefs/apps and revoke SylusAI's access.
4.5 Pinterest
Permissions We Request:
Permission | Purpose |
|---|---|
| Read the list of your Pinterest boards for content scheduling |
| Create new boards or update board information on your behalf |
| Read existing Pins and their performance data |
| Create and publish new Pins on your selected boards |
| Access your Pinterest profile details for display within SylusAI |
What We Read: Your board list, Pin details, and Pinterest analytics (impressions, saves, clicks) where available via the API.
What We Write: Pins (including images, video Pins, and descriptions) published to boards you designate within SylusAI.
How to Revoke Access:
Within SylusAI: Go to Settings > Connected Accounts and click Disconnect next to Pinterest.
Directly via Pinterest: Visit https://www.pinterest.com/settings/security, navigate to Apps and websites, and remove SylusAI.
4.6 General OAuth Token Practices
Storage: All OAuth access tokens and refresh tokens are stored using AES-256 encryption at rest.
Transmission: Tokens are transmitted only over TLS-encrypted connections.
Scope Limitation: We request only the minimum permissions needed for features you actively use. Permissions are not expanded without your explicit re-authorization.
No Token Sharing: We never sell, rent, or share your OAuth tokens with any third party beyond our operational sub-processors (e.g., our encrypted database provider).
Token Expiry: When tokens expire and cannot be refreshed, we prompt you to re-authenticate. Expired tokens are securely deleted.
Account Disconnection: Upon disconnecting a platform, its tokens are immediately invalidated and deleted from our systems. Scheduled posts to that platform will be cancelled.
5. How We Use Your Information
We use the information we collect for the following purposes:
Delivering our services — to automate social media posting, scheduling, analytics, and AI content generation on your behalf.
Account management — to create, maintain, and secure your SylusAI account.
AI content generation — your preferences, brand voice settings, and historical content inform the AI models used to draft posts and suggestions.
Analytics and reporting — to display your social media performance data within the SylusAI dashboard.
Customer support — to respond to your questions, troubleshoot issues, and resolve disputes.
Product improvement — to understand how features are used and to develop new capabilities. We use aggregated, de-identified usage data for this purpose.
Security and fraud prevention — to detect suspicious activity, enforce our Terms of Service, and protect our platform.
Legal compliance — to meet obligations under applicable laws, including responding to lawful requests from authorities.
Billing and payments — to process subscription payments, issue invoices, and manage your plan.
Communications — to send you product updates, security alerts, and promotional messages (which you may opt out of at any time).
We do not use your content, social media posts, or OAuth tokens for any purpose beyond those described above.
6. Sharing of Information
We do not sell your personal information to third parties.
We share information only in the following limited circumstances:
6.1 Sub-Processors and Service Providers
We engage trusted third-party vendors to operate our platform. These sub-processors access only the data necessary to perform their specific functions and are contractually bound to protect your information:
Cloud hosting and infrastructure (e.g., AWS, Google Cloud, or similar) — for storing your account data and processing operations.
Payment processors (e.g., Stripe) — for handling subscription billing securely.
Email service providers — for transactional and notification emails.
Analytics providers — for understanding platform performance using aggregated data.
AI model providers — for processing content generation requests. Prompts may be transmitted to AI APIs; we configure these services to prohibit training on your data where possible.
Customer support tools — for managing support tickets.
6.2 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of SylusAI, our users, or the public.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.
6.4 With Your Consent
We may share your information with third parties when you explicitly request or authorize us to do so.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. Specific retention periods:
Account information: Retained for the duration of your account. Deleted within 30 days of account closure upon request.
OAuth tokens: Deleted immediately upon account disconnection or within 7 days of account closure.
Published content and scheduling history: Retained for 12 months after publication to support analytics, then deleted or anonymized.
Draft content: Retained until deleted by you, or for 90 days after account inactivity, whichever is sooner.
Payment and billing records: Retained for 7 years to meet legal and tax obligations.
Log and device data: Retained for 90 days for security and debugging purposes.
Support communications: Retained for 2 years after ticket resolution.
You may request deletion of your data at any time by contacting us at contact@sylusai.com.
8. Data Security
We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, loss, or disclosure:
Encryption at rest: All sensitive data, including OAuth tokens and account credentials, are encrypted using AES-256.
Encryption in transit: All communications between your browser and our servers are protected by TLS 1.2 or higher.
Access controls: Access to production systems is restricted to authorized personnel and enforced through role-based access control and multi-factor authentication.
Regular security reviews: We conduct periodic vulnerability assessments and penetration testing.
Incident response: We maintain a documented incident response plan. In the event of a data breach affecting your personal information, we will notify you and relevant regulatory authorities as required by applicable law (within 72 hours under GDPR, and promptly under other applicable regulations).
Employee training: All SylusAI team members handling personal data complete regular privacy and security training.
No method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at contact@sylusai.com. We will respond within the timeframes required by applicable law.
9.1 Rights Under GDPR (EU/EEA Users)
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction: Request that we limit processing of your data in certain circumstances.
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., your national Data Protection Authority).
We process your data on the following lawful bases: contractual necessity (to deliver our services), legitimate interests (platform security, fraud prevention, product improvement), and consent (for marketing communications and optional data uses).
9.2 Rights Under CCPA/CPRA (California Users)
California residents have the right to:
Know what personal information is collected, used, shared, or sold.
Delete personal information we hold, subject to certain exceptions.
Correct inaccurate personal information.
Opt out of the sale or sharing of personal information. (Note: We do not sell personal information.)
Limit the use and disclosure of sensitive personal information.
Non-discrimination for exercising your privacy rights.
To submit a verifiable consumer request, email us at contact@sylusai.com with "CCPA Request" in the subject line. We will respond within 45 calendar days (with an extension of up to an additional 45 days where required).
9.3 Rights Under the Indian DPDP Act 2023 (Indian Users)
Pursuant to India's Digital Personal Data Protection Act 2023, Indian residents have the right to:
Access information about the personal data we hold and how it is processed.
Correction and erasure of inaccurate or no-longer-necessary personal data.
Grievance redressal through our designated grievance mechanism.
Nominate a person to exercise rights on your behalf in the event of death or incapacity.
We process your data on the basis of consent and for legitimate uses as defined under the DPDP Act, including the performance of the contract for our services. For grievances, contact our designated officer at contact@sylusai.com. We will acknowledge grievances within 48 hours and resolve them within 30 days.
10. Cookies and Tracking
SylusAI uses cookies and similar tracking technologies to operate and improve our platform.
Types of Cookies We Use
Cookie Type | Purpose |
|---|---|
Essential cookies | Required for platform functionality — authentication sessions, security tokens, and user preferences. Cannot be disabled. |
Analytics cookies | Help us understand how users interact with our platform (e.g., Google Analytics, Mixpanel, or similar). Data is aggregated and de-identified. |
Preference cookies | Remember your settings and customizations across sessions. |
Marketing cookies | Used on our public website to understand the effectiveness of campaigns. We do not use marketing cookies inside the authenticated dashboard. |
Managing Cookies
You can control cookie preferences through:
Your browser settings (most browsers allow you to block or delete cookies).
Our cookie consent banner (displayed on your first visit to sylusai.com).
Disabling essential cookies may impair the functionality of the platform.
We do not engage in cross-site tracking for advertising purposes within our platform.
11. Third-Party Services
Our platform may include links to or integrations with third-party websites, services, and APIs. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use in connection with SylusAI, including:
SylusAI is not responsible for the privacy practices of these platforms. Your use of those platforms is governed by their respective terms and policies.
12. Children's Privacy
SylusAI is a professional social media management platform intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18.
If you believe that a minor has provided us with personal information, please contact us immediately at contact@sylusai.com. We will promptly investigate and delete such information from our systems.
In jurisdictions where different minimum age requirements apply (e.g., 13 under COPPA in the US, 16 under GDPR in certain EU member states), we do not knowingly provide services to users below the applicable minimum age. Access to our platform constitutes your representation that you meet the minimum age requirement.
13. International Data Transfers
SylusAI operates globally. Your personal information may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.
We ensure appropriate safeguards are in place for such transfers, including:
EU Standard Contractual Clauses (SCCs): For transfers of EU/EEA personal data to countries not covered by an EU adequacy decision, we rely on the European Commission's June 2021 standard contractual clauses (Module 2: Controller to Processor).
UK International Data Transfer Addendum: For transfers of UK personal data, we use the UK ICO's International Data Transfer Addendum to the EU SCCs.
Adequacy decisions and certifications: Where available, we rely on adequacy decisions or other recognized transfer mechanisms.
India: For Indian users, we process and store data in compliance with the DPDP Act 2023 and applicable localization guidelines as they are issued.
By using SylusAI, you acknowledge that your data may be processed in countries outside your own, subject to the safeguards described above.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will:
Update the "Last Updated" date at the top of this page.
Notify registered users via email or an in-app notification at least 14 days before the changes take effect.
For significant changes affecting how we use your social platform data, we may require you to re-authorize our access.
Your continued use of SylusAI after the effective date of any update constitutes your acceptance of the revised policy. If you disagree with the changes, you may discontinue use and request deletion of your data.
We encourage you to review this Privacy Policy periodically. The current version is always available at https://sylusai.com/privacy.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern or complaint, please reach out to us:
SylusAI
Email: contact@sylusai.com
Website: https://sylusai.com
We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject requests (access, deletion, portability), we will confirm receipt within 48 hours and fulfill the request within the timeframe required by applicable law.
For users in the EU/EEA who are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.
