Privacy Policy

Welcome to AMS, operated by AGHRBA TECHNOLOGICAL SOLUTIONS ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform and related services (collectively, the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

• Create an account: Name, email address, password, organization/business name, profile information
• Connect social media accounts: OAuth authorization tokens, social media account IDs, usernames, profile data
• Create and schedule content: Text, images, videos, links, captions, hashtags, and other content you create or upload
• Use our services: Settings preferences, scheduling preferences, team member invitations
• Contact us: Support inquiries, feedback, correspondence

1.2 Information Collected Through Social Media Integrations

When you connect your social media accounts to our Service using OAuth authorization, we collect and store:

• Access tokens and refresh tokens to authenticate and authorize posting on your behalf. Tokens are encrypted at rest.
• Account information: Username, profile name, profile picture, follower count, account statistics
• Permissions granted: Specific permissions you authorize (e.g., posting, reading insights, managing comments, messaging)
• Posted content: Copies of content you post through our Service
• Native post content: For platforms where supported (currently Facebook Pages), we read posts you published directly on the platform (not via our Service) so that comments on those posts appear in your unified inbox. We do not store the post content itself — only the platform's post ID and minimal metadata needed to associate the comments.
• Comments and replies: The text, author display name, author profile picture URL, timestamp, like count, and reply count for comments on your posts. Includes comments on both AMS-published posts and (for Facebook) native page posts.
• Direct messages (messaging-enabled platforms): When you grant the messaging permission for a platform (e.g., Facebook Messenger, Instagram DMs, LinkedIn messages, WhatsApp, Telegram), we sync conversation threads and individual messages so they appear in your unified inbox. This includes participant display names, profile pictures, message text, attachments, and timestamps. To populate participant names that the platform's bulk endpoints leave empty (common with Meta Messenger), we may make targeted per-user identity lookups using the platform-issued user ID (PSID for Messenger). We never read messages from conversations the platform has not exposed to your connected page/account.
• Partner / Business Manager accounts: If you grant Business Manager access (e.g., the business_management Meta permission), we enumerate Pages and Instagram accounts shared with your business so you can connect partner-managed brands. We only access accounts your Business Manager role permits.
• Real-time updates: If you enable real-time notifications, we subscribe your connected Page/account to the platform's webhooks (e.g., the Meta pages_manage_metadata permission) so that new comments and messages appear in your inbox without delay. You can disable this at any time; the Service falls back to periodic syncing.
• Analytics data: Engagement metrics, impressions, reach, likes, comments, shares, follower growth (as provided by the social media platform's API)

Platforms We Integrate With:

• Facebook (Meta) — Pages, comments, Messenger, insights
• Instagram (Meta) — Business / Creator accounts via Facebook Page, including partner Business Manager accounts; also standalone Instagram Login accounts
• Threads (Meta)
• LinkedIn — Personal profile and Company Pages (where you are an Admin)
• X / Twitter
• TikTok — Personal and TikTok Ads
• YouTube — Channels you own under a Google account, including Brand Accounts
• Pinterest — Boards and pins
• Reddit
• Tumblr
• Telegram — Bot API and personal sessions
• WhatsApp — Personal sessions via the WhatsApp Web protocol (Baileys); messages are encrypted in transit and stored in your AMS workspace

1.3 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Usage data: Pages visited, features used, actions taken, time spent, navigation paths
• Device information: Device type, operating system, browser type and version, unique device identifiers
• Log data: IP address, access times, error logs, API calls
• Cookies and similar technologies: Session cookies, preference cookies, analytics cookies

2. How We Use Your Information

2.1 To Provide and Maintain the Service

• Create and manage your account
• Authenticate your identity
• Enable you to connect social media accounts via OAuth
• Post content to your social media accounts on your behalf
• Schedule and publish posts at your specified times
• Retrieve and display analytics from your social media accounts
• Process your transactions and send related information
• Provide customer support and respond to your inquiries

2.2 To Improve and Optimize the Service

• Analyze usage patterns and trends
• Develop new features and functionality
• Improve user experience
• Perform testing and troubleshooting
• Monitor and analyze Service performance

2.3 For Security and Legal Compliance

• Protect against fraud, abuse, and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations and government requests
• Protect our rights, property, and safety, and that of our users and the public
• Detect and prevent security incidents

3. How We Share Your Information

We do not sell your personal information.

3.1 With Social Media Platforms

We share content (text, images, videos) with social media platforms on your behalf when you schedule and publish posts. We transmit access tokens to social media platform APIs to authenticate and authorize actions. This sharing is necessary to perform the core functionality of the Service.

3.2 With Service Providers

We may share your information with third-party service providers who perform services on our behalf:

• Cloud hosting providers for data storage and processing
• Analytics providers to analyze usage and improve the Service
• Email service providers to send notifications and communications
• Payment processors to process transactions
• Customer support tools to provide support services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 With Your Team Members

If you invite team members to your organization within the Service, they may have access to content created and scheduled within your organization, social media accounts connected to your organization, analytics and reporting data, and organization settings and preferences. Access levels are controlled by role-based permissions you configure.

4. Data Storage and Security

4.1 Data Storage

• Your data is stored on secure cloud infrastructure
• Social media access tokens are encrypted at rest using AES-256 encryption
• Backups are performed regularly and stored securely

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data in transit is encrypted using TLS 1.2 or higher; sensitive data at rest is encrypted
• Access controls: Role-based access controls, multi-factor authentication for team accounts
• Monitoring: Continuous monitoring for security incidents and unauthorized access
• Secure development: Security testing, code reviews, vulnerability assessments

4.3 Data Retention

• We retain your information for as long as your account is active or as needed to provide the Service
• If you delete your account, we will delete your personal information within 90 days, except where retention is required by law
• Social media tokens are deleted immediately upon disconnection of a social media account
• Backup copies may persist for up to 90 days after deletion
• Aggregated, anonymized data may be retained indefinitely for analytics purposes

However, please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Your Rights and Choices

5.1 Access and Portability

• Right to access: Request a copy of the personal information we hold about you
• Right to data portability: Receive your data in a structured, machine-readable format

5.2 Correction and Deletion

• Right to correction: Update or correct inaccurate or incomplete information
• Right to deletion: Request deletion of your personal information (subject to legal retention requirements)

5.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• In-app: Account Settings → Privacy & Data

We will respond to your request within 30 days (or as required by applicable law). To request deletion of all your data, see our Account & Data Deletion page.

5.4 Account Management

You can directly manage many aspects of your information through your account settings:

• Update profile information
• Connect or disconnect social media accounts
• Delete content and posts
• Manage team member access
• Delete your account

6. Social Media OAuth and Data Access

6.1 OAuth Authorization

When you connect a social media account to our Service, you authorize us to access your account information as specified in the OAuth consent screen, post content to your account on your behalf, retrieve analytics and engagement data, and perform other actions based on the permissions you grant. You understand that you can revoke these permissions at any time.

6.2 Token Security

• Access tokens are encrypted using industry-standard encryption (AES-256)
• Tokens are stored separately from other user data
• Token refresh is handled automatically and securely
• Tokens are deleted immediately when you disconnect a social media account

6.3 Revoking Access

You can disconnect any social media account at any time through:

• In the Service: Account Settings → Connected Accounts → Disconnect
• On the social media platform: Revoke app access in your platform's app permissions settings

When you disconnect an account or revoke access, we immediately delete all associated access tokens, stop posting to that account, and previously published content remains on the social media platform (we cannot delete it after publication).

6.4 Google API Services and YouTube Data

AMS uses Google API Services and YouTube API Services to let you connect and manage the YouTube channels you own or administer. By connecting a YouTube channel and using these features, you agree to be bound by the YouTube Terms of Service, and you acknowledge the Google Privacy Policy.

Depending on the permissions you grant on Google's OAuth consent screen, we access:

• Your YouTube account and channel details (youtube.readonly) — to identify the channels you can publish to and display them inside AMS.
• Uploading and managing your videos (youtube.upload, youtube.force-ssl) — to publish, schedule, edit, and manage videos and their metadata, and related comments and captions, only on the channels you connect and only when you ask us to.

We use Google and YouTube data solely to provide the scheduling, publishing, and engagement features you request. We do not use it for advertising, we do not sell it, and we do not transfer it to third parties except as needed to deliver the feature (for example, sending your video to YouTube for publishing) or as required by law. Google and YouTube authorization tokens are encrypted at rest and are deleted when you disconnect the channel. You can review or revoke AMS's access at any time from your Google Account permissions page.

AMS's use of information received from YouTube API Services is also subject to the YouTube API Services Developer Policies.

6.5 Limited Use Disclosure

AMS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. GDPR Compliance

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

7.1 Legal Basis for Processing

We process your personal data based on:

• Performance of a contract: To provide the Service you requested
• Legitimate interests: To improve the Service, prevent fraud, ensure security
• Consent: For marketing communications and non-essential cookies (where required)
• Legal obligation: To comply with applicable laws

7.2 Your GDPR Rights

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential cookies: Required for the Service to function (authentication, security, preferences)
• Analytics cookies: Help us understand how users interact with the Service
• Preference cookies: Remember your settings and preferences

8.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling essential cookies may affect Service functionality.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at [email protected]. We will promptly delete such information from our systems.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will provide prominent notice (email notification, in-app notification, or notice on our website)
• Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

AGHRBA TECHNOLOGICAL SOLUTIONS

• Email: [email protected]
• Website: https://ams.aghrba.com

Response Time: We aim to respond to all privacy inquiries within 30 days.

By using AMS, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Updated: June 14, 2026 | Version: 1.1