Privacy Policy
Last updated: July 11, 2026
1. Who We Are
Social Magnum ("Social Magnum", "the App", "we", "us", or "our") is a social media management platform for scheduling, publishing, and engagement across Facebook Pages, Instagram, and Threads. The App is operated by METAFLUX MEDIA LLC, a Wyoming limited liability company.
- Address: 30 N Gould St, Ste 23881, Sheridan, WY 82801, United States
- Contact: support@socialmagnum.com
This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. By creating an account or using the App, you agree to the practices described here. Please also review our Terms of Service.
2. Information We Collect
2.1 Information you provide directly. When you sign up and use Social Magnum:
- Your name and email address (from signup, or from Google/Facebook sign-in if you choose it)
- Your password (stored only as a salted hash — we never see it in plain text)
- Workspace and team details you create, and members you invite
- Content you create in the App: captions, media you upload, first comments, scheduled-post settings, drafts, and RSS feeds you connect
- Billing details when you subscribe to a paid plan (see Section 5)
- Messages you send us through support or contact forms
2.2 Information collected automatically. To operate and secure the service we record limited technical data — IP address, browser/device type, and basic request logs. We use only an essential session cookie to keep you signed in (see Section 10).
2.3 Information from your connected accounts. When you connect a Facebook Page, Instagram account, or Threads profile, we access data from those platforms to provide the features you request. This is detailed in Section 4.
3. How We Use Your Information
We use the information we collect to:
- Publish & schedule — create, schedule, and publish posts, reels, stories, and carousels to your connected accounts
- Analytics — show reach, impressions, engagement, follower trends, and per-post performance for accounts you own
- Engagement (Inbox) — let you read and reply to comments and direct messages on your own accounts
- Account & workspace management — manage connected accounts, workspaces, team roles, and access
- Reliability & security — detect token expiry, prevent abuse, and keep the service secure
- Communication — send account, billing, and service notices (and, only if you opt in, product updates)
We do not sell, rent, or trade your personal information, and we do not use your data or your connected-account data for advertising or to build ad-targeting profiles.
4. Connected Social Accounts & Platform Data
When you connect an account, we access only the data needed for the features you enable — publishing, scheduling, analytics, and engagement for accounts you own or manage. We store an encrypted access token so we can act on your behalf, and we use this data only to provide those features. We never sell it or share it for advertising.
Facebook Pages
Via the Meta Graph API, we access: Page name, Page ID, category, follower count, and profile picture; your published posts and their content; Page insights (impressions, reach, engagement, video views); comments on your posts; and — if you enable the Inbox — Messenger conversations and messages, so you can read and reply to them in the App.
Via Instagram's API (Instagram Business Login), we access: your Instagram account ID, username, name, profile picture, and follower count; your media and captions; comments; account and media insights (including aggregate audience demographics); and — if you enable the Inbox — Instagram direct messages, so you can read and reply to them in the App.
Threads
Via the Threads API, we access: your Threads user ID, username, and profile; your posts and replies; mentions; and post/profile insights (views, likes, replies), so you can publish and manage engagement in the App.
Our use of information received from Meta's APIs adheres to the Meta Platform Terms and Developer Policies, including their data-use and Limited Use requirements. Specifically:
- We request only the permissions necessary for the App's stated features
- We do not transfer or sell platform data to data brokers or any third party
- We do not use platform data for surveillance, or to discriminate against any person or group
- You can disconnect any account or revoke our access at any time (see Section 9)
5. How We Share Information
We share information only as needed to run the service:
- Service providers (sub-processors) who process data on our behalf under confidentiality obligations: Supabase (database & authentication), Cloudflare R2 (media storage), Resend (transactional email), and Vercel (application hosting). When paid billing is enabled, a third-party payment processor handles card details — we do not store full card numbers.
- Legal & safety — when required to comply with law, enforce our Terms, or protect our rights and users.
- Business transfers — if we are involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction.
These disclosures are not a "sale" of your personal information under laws such as the CCPA/CPRA.
6. Data Retention
- Connected-account data & tokens: kept while the account is connected; cleared when you disconnect it.
- Content & scheduled posts: retained until you delete them or close your account.
- Media files: stored on Cloudflare R2 to power publishing and your Media Library; deleted when you remove them or close your account.
- Account data: retained until you request deletion or your account is removed.
- Logs & billing records: retained for a limited period for security and legal/accounting obligations.
After a deletion request, we remove or anonymize your data within 30 days, except where retention is required by law.
7. Data Security
- Token encryption: all platform access tokens are encrypted at rest with AES-256-GCM, using a key stored separately from the database.
- Encryption in transit: all traffic is served over HTTPS/TLS, with HSTS and strict security headers.
- Tenant isolation: every account's data is scoped to that account; workspace roles (owner, admin, member) control who can see and manage which accounts.
- Least privilege: access to production data is limited to personnel who need it.
No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard measures.
8. GDPR (EU/UK Users)
For personal data of individuals in the EEA and UK, you are the data controllerfor the content and audience data you manage through Social Magnum, and Social Magnum acts as a data processor — we process that data only to provide the features you enable. We follow a privacy-by-default approach and collect only what is needed to run the service. Where data is transferred internationally, we rely on recognized safeguards such as Standard Contractual Clauses (see Section 11).
9. Your Rights & Choices
You can:
- Access, correct, or export the data we hold about you — email support@socialmagnum.com
- Delete your data — see our Data Deletion page
- Disconnect any connected account at any time in Connected Pages, which stops all data collection for that account
- Revoke our access from the platform directly — via Facebook Settings → Business Integrations, your Instagram apps & websites settings, or your Threads account settings
- Opt out of product/marketing emails using the unsubscribe link (account and billing notices still apply)
Depending on where you live (e.g., EEA/UK, California, Virginia, Colorado), you may have additional rights and the right to lodge a complaint with your local data protection authority.
10. Cookies
We use an essential session cookie (from Supabase Auth) to keep you signed in. We do not use third-party advertising pixels or cross-site tracking cookies.
11. International Data Transfers
We and our sub-processors may process data in the United States and other countries. Where we transfer personal data out of the EEA/UK, we rely on appropriate safeguards, including Standard Contractual Clauses, to ensure an adequate level of protection.
12. Children's Privacy
Social Magnum is a business tool and is not directed to children. We do not knowingly collect personal information from anyone under 13 (or under 16 in the EU). If you believe a child has provided us personal data, contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted here with a new "Last updated" date and, where appropriate, communicated by email. Continued use of the App after changes take effect constitutes acceptance.
14. Contact Us
For privacy questions or data requests:
- Email: support@socialmagnum.com
- Mail: METAFLUX MEDIA LLC, 30 N Gould St, Ste 23881, Sheridan, WY 82801, United States