Privacy Policy
Last updated: May 2, 2026
This Privacy Policy explains how JoinIris ("we," "us," "our") collects, uses, stores, and shares your personal information when you use our social media management service. We are committed to handling your data responsibly and in compliance with applicable laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the platform-specific data protection requirements of TikTok, Meta (Instagram and Facebook), and other connected services.
1. Information We Collect
1.1 Information You Provide
- Account information: email address, password (hashed), display name, optional profile picture.
- Content: videos, images, captions, hashtags, scheduling metadata, and related material you upload to schedule or publish.
- Communications: support requests, feedback, and other messages you send us.
1.2 Information from Connected Third-Party Platforms
When you connect a third-party platform account to JoinIris (TikTok, Instagram, etc.), we receive specific information from that platform via its official API. The exact data depends on the scopes you grant during the OAuth flow.
1.3 Automatically Collected Information
- Usage data: log data, IP address, browser/device type, pages viewed, actions taken within the service.
- Cookies and similar technologies: session cookies for authentication, no third-party advertising or tracking cookies.
2. TikTok Data Handling
If you connect a TikTok account to JoinIris, the following describes how we handle TikTok data specifically. This section is provided for transparency and to comply with TikTok's developer requirements.
| TikTok data | Why we collect it | Retention |
|---|---|---|
| OAuth access token and refresh token | To publish posts on your behalf and read post analytics within the scopes you authorized. | Stored encrypted at rest. Deleted when you disconnect your TikTok account or delete your JoinIris account. |
TikTok user ID, username, display name, avatar URL (via user.info.basic scope) |
To display which TikTok account is connected to JoinIris and label your content with the correct creator. | Same as above. |
| Post metadata after publishing (post ID, share URL, post status) | To track which posts succeeded, fetch their performance metrics, and display them in your dashboard. | Retained for as long as you maintain a JoinIris account, then deleted within 30 days of account deletion. |
| Post performance metrics (views, likes, comments, shares, watch time) | To produce engagement analytics and weekly performance reports for the content you published through JoinIris. | Same as above. |
What we do NOT do with TikTok data:
- We do not sell, rent, or trade TikTok data to any third party.
- We do not use TikTok data for advertising or targeted marketing.
- We do not share TikTok data with any third party except as required by law or to provide the service (e.g., our cloud hosting provider, encrypted in transit and at rest).
- We do not request, store, or process TikTok data beyond the scopes explicitly granted by you.
You can revoke JoinIris's access to your TikTok account at any time by visiting your TikTok account settings or by disconnecting the integration within JoinIris. Upon revocation, we will delete your TikTok access tokens and stop fetching new data.
3. Instagram and Meta Data Handling
If you connect an Instagram (Business or Creator) account, we receive similar information via the Instagram Graph API: account ID, username, post metadata, and post performance metrics within the scopes you grant. The same retention, security, and non-sale commitments described above apply.
4. How We Use Your Information
- To provide, maintain, and improve the JoinIris service;
- To authenticate you and secure your account;
- To publish content on your behalf to connected platforms when you instruct us to;
- To compute and display analytics on the content you've published;
- To communicate with you about service changes, security issues, or support requests;
- To comply with legal obligations and enforce our Terms.
5. How We Share Your Information
We do not sell your personal information. We share information only in the following limited circumstances:
- Connected platforms: When you publish content, we transmit that content (and minimum necessary metadata) to the platform you selected.
- Service providers: We use trusted vendors for hosting (cloud infrastructure), object storage (media files), and email delivery. They are bound by data-processing agreements and may only use your data on our instruction.
- Legal requirements: We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of JoinIris, our users, or the public.
- Business transfers: If JoinIris is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data becomes subject to a different privacy policy.
6. Data Security
We implement reasonable technical and organizational measures to protect your data, including encryption in transit (TLS 1.2+), encryption at rest for sensitive fields (OAuth tokens), access controls, and regular security review. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain personal information for as long as your account is active or as needed to provide the service. Upon account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records).
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate information.
- Deletion: Request that we delete your personal information.
- Portability: Request a machine-readable export of your data.
- Objection / restriction: Object to certain processing activities.
- Withdraw consent: Disconnect any third-party account or delete your JoinIris account at any time.
To exercise any of these rights, email us at privacy@joiniris.dev. We will respond within 30 days.
9. International Data Transfers
JoinIris is operated from the United States. If you access the service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. We rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.
10. Children's Privacy
JoinIris is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn that a minor has provided us information, we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or through the service if we make material changes. The "Last updated" date at the top of this page indicates when the most recent revision took effect.
12. Contact
Questions, concerns, or requests? Email our privacy team at privacy@joiniris.dev or our general legal contact at legal@joiniris.dev.