Privacy Policy

Last Updated: January 19, 2026

Thank you for using Viralix ("Viralix", "we", "our", or "us"). This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have. By using our platform, you agree to the practices described here.

1. Information We Collect

1.1 Account Information

Name, email, password (hashed), verification status, and settings.

1.2 Social Platform Data

When you connect Facebook / Instagram Pages or Accounts, we store tokens and limited metadata (page IDs, names, categories, linked Instagram business IDs) required to publish content and fetch analytics. We never store your Facebook/Instagram password.

1.3 Content & Media

Uploaded media (images / videos) is stored via third-party storage (e.g. Cloudinary). Captions, drafts, scheduled posts, publishing metadata, and AI-generated suggestions are retained for product functionality.

1.4 Analytics & Engagement Data

We retrieve performance metrics (impressions, reach, likes, comments, views, engagement ratios) made available through official platform APIs. We only request scopes necessary for the features you use.

1.5 AI Processing

Text you submit for AI rewriting or caption/hashtag generation is sent to our integrated AI provider for inference. We do not use your private content to train internal models beyond transient processing.

1.6 Technical Data

IP address, device/browser info, timestamps, request logs, and error diagnostics to secure and improve the service.

2. How We Use Information

• Authenticate users & secure access
• Generate, schedule, publish, and manage social content
• Provide analytics dashboards and performance insights
• Improve AI caption/hashtag quality (aggregate + anonymized trends)
• Send transactional email (verification, password reset)
• Detect abuse, fraud, or unauthorized access

3. Legal Bases (EEA / UK)

• Performance of Contract – delivering core platform features.
• Legitimate Interests – product improvement, security, usage analytics.
• Consent – email marketing (if ever applicable) or optional features.

4. Sharing & Disclosure

We do not sell personal data. We share data only with:

• Infrastructure & processing vendors (hosting, storage, AI inference, email delivery)
• Social platform APIs per your explicit connection and scopes
• Legal authorities if required to comply with law or protect rights

5. Data Retention

We retain data while your account remains active or as needed to provide services. You may request deletion (see Data Deletion section). Backups may persist for a limited period before irreversible purge.

6. Security

We employ encryption in transit (HTTPS), hashed passwords, token-based auth, scoped access tokens, least-privilege access controls, rate limiting, and monitoring. No system can guarantee 100% security; report issues promptly.

7. Your Rights

Depending on jurisdiction (GDPR / CCPA etc.) you may have rights to access, correct, delete, restrict, port, or object to processing. Contact us to exercise these.

8. Cookies & Local Storage

We currently rely on localStorage tokens for session handling and may use minimal cookies for OAuth state/security. Third parties (e.g. analytics) may use their own technologies if enabled in the future.

9. AI Generated Content Disclaimer

AI suggestions may be imperfect, outdated, or contain unintended biases. You are responsible for reviewing generated content before publishing. Do not input confidential or regulated data into AI features.

10. Third-Party Links

Links to external sites are not controlled by us. Review their policies independently.

11. Children

The service is not directed to individuals under 16 (or higher local age of digital consent). We do not knowingly collect such data; contact us for removal if discovered.

12. Changes

We may update this Privacy Policy. Material changes will be indicated via updated date or in-app notice. Continued use after changes = acceptance.

13. Google API Services User Data Policy

Our application, Viralix, accesses certain user data from your Google account via the YouTube Data API to provide our social media management services. We are committed to ensuring the privacy and security of your data.

13.1 Data Accessed

We request access to the following Google user data:

• YouTube Channel Information: We access your channel's basic profile information (channel title, description, custom URL, and thumbnail) to display your connected account identity within our dashboard.
• YouTube Video Management: We access your video library to display your uploaded videos and their performance metrics (views, likes, comments).
• YouTube Upload Functionality: We request permission to upload videos directly to your YouTube channel as initiated by you through our platform.

13.2 Data Usage

The Google user data we access is used solely for the following purposes:

• Account Connection: To link your YouTube channel to your Viralix dashboard, allowing you to manage your presence from a single interface.
• Content Publishing: To enable the "Direct Publishing" feature, allowing you to upload, schedule, and publish video content to your YouTube channel directly from our application.
• Analytics Display: To aggregate and display performance insights (such as view counts and engagement metrics) for your videos within our dashboard, helping you analyze your content strategy.

We do not use your Google user data for any other purpose, including advertising or surveillance.

13.3 Data Sharing

We do not share your Google user data with any third parties, except in the following limited circumstances:

• Service Providers: We may share data with cloud infrastructure providers (e.g., database hosting) solely for the purpose of storing and retrieving your data to provide the application's functionality. These providers are bound by strict confidentiality and security obligations.
• Legal Requirements: If required by law, regulation, or legal process.

We do not sell, rent, or trade your Google user data to any third parties.

13.4 Data Storage and Protection

Your data is stored securely in our encrypted database.

• Encryption: All sensitive tokens (Access Tokens and Refresh Tokens) are encrypted at rest using industry-standard encryption protocols.
• Access Control: Access to our database is strictly limited to authorized engineering personnel and is protected by multi-factor authentication and strict firewall rules.
• Transmission: All data transmission between your browser, our servers, and Google's APIs occurs over secure HTTPS connections.

13.5 Data Retention and Deletion

• Retention: We retain your Google user data (access tokens and channel metadata) only for as long as you maintain a connected YouTube account on our platform.
• Deletion: You can revoke our access to your data at any time by:
  1. Disconnecting your YouTube account from the "Connected Accounts" section of your Viralix dashboard.
  2. Visiting Google Security Settings and revoking access for our app.

Upon disconnection, all your stored Google access tokens and related personal metadata are permanently deleted from our database immediately.

14. Contact

Questions or requests: privacy@viralix.dev