← Back to ViralFarm

Privacy Policy

Effective Date: March 27, 2026 · Last Updated: March 27, 2026

ViralFarm ("ViralFarm," "we," "us," or "our") operates the website at www.myviral.farm and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect information when you use the Service, including information obtained through integrations with third-party social media platforms such as Meta (Instagram, Facebook, Threads), Pinterest, LinkedIn, TikTok, X (Twitter), YouTube, Bluesky, and Google Business Profile.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and profile photo via Google OAuth or email/password sign-up.
  • Content: Text, images, videos, captions, templates, and other content you create, upload, or import into the Service.
  • Payment Information: If you subscribe to a paid plan, payment details are collected and processed by our payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Communications: Information you provide when you contact support, submit feedback, or respond to surveys.

1.2 Information from Social Media Platforms

When you connect a social media account (e.g., Instagram, LinkedIn, TikTok, Pinterest, Facebook, Threads, YouTube, X, Bluesky, or Google Business Profile), we may receive the following information via OAuth or platform APIs:

  • Profile Information: Username, display name, profile picture URL, account type, and account/page identifiers.
  • OAuth Tokens: Access tokens and refresh tokens necessary to publish content and manage posts on your behalf. These tokens are encrypted at rest and stored securely.
  • Post & Publishing Data: Confirmation of post publishing status (success, failure, scheduled time), post identifiers returned by the platform, and any error messages.

1.2.1 Temporary Caching During Publishing

During the content publishing pipeline, media files (images, videos) may be temporarily cached in server memory or temporary storage for the sole purpose of transmitting them to the destination platform. This temporary cache is automatically purged once the publishing action completes (success or failure) and is never retained for longer than 24 hours under any circumstance. We do not retain copies of media after it has been delivered to the platform.

1.2.2 TikTok-Specific Data

When publishing to TikTok, video content is transmitted to TikTok's API and is not stored on our servers after the publish action completes. We do not retain, archive, or cache TikTok video content beyond the temporary processing window described in Section 1.2.1. The only TikTok data we retain is the OAuth token (encrypted at rest), your TikTok username and account identifier, and post status metadata (e.g., post ID, success/failure).

1.2.3 Pinterest-Specific Data

In compliance with Pinterest's API guidelines, we do not persistently store any data obtained through the Pinterest API beyond the immediate action of publishing a Pin. Pinterest profile information (username, account ID) is used transiently during the session to identify your account for publishing. After the publishing action completes, no raw Pinterest API response data is retained. The only Pinterest-related data we store is the encrypted OAuth token and the post status (scheduled, published, or failed).

1.2.4 Meta-Specific Data (Instagram, Facebook, Threads)

When publishing to Meta platforms, content (images, text, video) is transmitted to Meta's APIs and not cached or stored on our servers beyond the temporary processing window described in Section 1.2.1. We do not access, collect, or store direct messages, private comments, friend/follower lists, or any Meta user data beyond what is strictly necessary to publish content on your behalf. Media uploaded to Meta's API during publishing is purged from our temporary storage immediately upon confirmation of delivery.

We do not collect or store: your social media passwords, direct messages, private follower lists, financial data from social platforms, or any data beyond what is strictly necessary to provide the Service.

1.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, timestamps, and session duration.
  • Device & Browser Data: IP address, browser type, operating system, device type, and screen resolution.
  • Cookies & Similar Technologies: We use essential cookies for authentication and session management. We may use analytics cookies (e.g., Google Analytics) to understand usage patterns. See Section 8 for more details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Generate, customize, export, schedule, and publish visual content to your connected social media accounts.
  • Account Management: Create and maintain your account, authenticate sessions, and process payments.
  • Scheduling & Publishing: Use OAuth tokens to schedule and publish posts to connected social media platforms at times you specify.
  • Improve the Service: Analyze usage trends, diagnose technical issues, and develop new features.
  • Communication: Send transactional emails (e.g., password resets, billing receipts), respond to support requests, and provide product updates (you may opt out of non-essential communications at any time).
  • Security & Compliance: Detect and prevent fraud, abuse, and security incidents; comply with legal obligations.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

  • Social Media Platforms: When you schedule or publish a post, we transmit your content (text, images, video) and relevant metadata to the platforms you selected. This is initiated by you and governed by each platform's own terms and privacy policy.
  • Service Providers: We use trusted third-party providers to operate the Service, including:
    • Supabase (database and authentication)
    • Stripe (payment processing)
    • Outstand (social media API and post scheduling)
    • Vercel (hosting and deployment)
    • OpenAI / Anthropic (AI content generation)
    These providers process data on our behalf under strict contractual obligations and are prohibited from using your data for their own purposes.
  • Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred to the successor entity, with notice provided to users.

4. Data Storage & Security

  • Data is stored on servers in the United States using Supabase (hosted on AWS) and Vercel.
  • OAuth access tokens and refresh tokens are encrypted at rest using industry-standard encryption (AES-256).
  • All data is transmitted over HTTPS/TLS.
  • We implement access controls, audit logging, and regular security reviews.
  • Passwords (when applicable) are hashed and salted; we never store plaintext passwords.

While we employ commercially reasonable measures to protect your information, no system is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

5. Data Retention & Deletion

  • Account Data: Retained for as long as your account is active. Upon account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law.
  • Content: Generated posts, templates, and media are deleted when you delete them or when your account is deleted.
  • OAuth Tokens: Revoked and deleted when you disconnect a social media account or delete your ViralFarm account.
  • Logs & Analytics: Aggregated, anonymized usage data may be retained indefinitely for analytics and product improvement.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request a machine-readable export of your data.
  • Restrict Processing: Request that we limit how we use your data.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Opt Out of Marketing: Unsubscribe from marketing emails at any time via the link in the email or your account settings.
  • Disconnect Social Accounts: Revoke the Service's access to any connected social media account at any time from your account settings or from the social platform's own app permissions page.

You can also revoke ViralFarm's access to your data directly through each platform's security settings, including: Google Security Settings (YouTube, Google Business), Facebook Business Integrations (Instagram, Facebook, Threads), and LinkedIn Permitted Services.

To exercise any of these rights, contact us at myviral.farm@gmail.com. We will respond within 30 days (or sooner as required by applicable law).

6.1 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, email myviral.farm@gmail.com.

6.2 European Economic Area & UK (GDPR)

If you are located in the EEA or UK, our legal bases for processing are: (a) your consent, (b) performance of a contract (providing the Service), (c) legitimate interests (improving the Service, security), and (d) compliance with legal obligations. You may lodge a complaint with your local data protection authority.

7. Third-Party Platform Policies

When you use the Service to interact with third-party social media platforms, your use is also subject to those platforms' terms and privacy policies. We encourage you to review:

By using our YouTube integration, you are also bound by the YouTube Terms of Service and the Google Privacy Policy.

We access platform data solely through official APIs and within the scope of permissions you grant. We do not scrape, crawl, or otherwise collect data outside of authorized API access.

7.2 Google API Services — Limited Use Disclosure

ViralFarm's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7.3 Platform-Specific Data Use Limitations

Data obtained from each third-party platform's API is used exclusively to provide the Service to the individual user who authorized access. Specifically:

  • Data from one user's connected social account is never combined, aggregated, or cross-referenced with data from another user's account.
  • Platform API data is not used for advertising, ad targeting, data brokerage, market research, user profiling, or any purpose other than performing the publishing and scheduling actions requested by the authorizing user.
  • Platform API data is not sold, licensed, or shared with any third party for their independent use.
  • Platform API data is not used to train machine learning or AI models.
  • We access only the minimum data and permissions necessary to publish content and report back the publishing status to the user.
  • ViralFarm does not cache, store, or archive TikTok video content or user metadata beyond the transient period required to complete a user-initiated upload.

These restrictions apply to all supported platforms, including but not limited to: Meta (Instagram, Facebook, Threads), Pinterest, LinkedIn, TikTok, X (Twitter), YouTube, Bluesky, and Google Business Profile.

8. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Analytics Cookies: Help us understand how the Service is used (e.g., page views, feature usage). You may opt out via your browser settings.

We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at myviral.farm@gmail.com.

10. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

© 2026 ViralFarm. All rights reserved. · Terms of Service