1. Introduction

Welcome to eWasl ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media scheduling platform, available at https://ewasl.com.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, profile picture
• Profile Information: Bio, preferences, timezone, language settings
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Content: Social media posts, images, videos, captions, hashtags you create or upload
• Social Media Account Connections: When you connect your social media accounts, we receive access tokens and basic profile information

2.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, performance metrics
• Social Media Analytics: Post engagement metrics, follower counts, reach data from connected platforms
• Cookies and Tracking Technologies: See our Cookie Policy for details

2.3 Information from Third-Party Platforms

When you connect your social media accounts, we receive:

• Facebook/Instagram: Profile information, page access, post analytics
• Twitter/X: Profile information, tweet data, engagement metrics
• YouTube: Channel information, video analytics, subscriber data
• TikTok: Profile information, video data, engagement metrics
• LinkedIn: Profile information, company page data, post analytics
• Other Platforms: Similar data as permitted by each platform's API

3. How We Use Your Information

We use your information for the following purposes:

• Service Provision: To provide and maintain our social media scheduling and management service
• Content Publishing: To schedule and publish posts to your connected social media accounts
• Analytics: To provide insights and analytics about your social media performance
• Account Management: To create and manage your account, process subscriptions, and send service updates
• Communication: To send you service updates, security alerts, administrative messages, and respond to your inquiries
• Improvement: To improve our Service, develop new features, and conduct research
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. OAuth and Third-Party Platform Integrations

4.1 OAuth Authentication

We use OAuth 2.0 to securely connect your social media accounts. When you authorize our application:

• You grant us permission to access your social media accounts on your behalf
• We receive access tokens that allow us to publish content and retrieve analytics
• We store these tokens securely and use them only for the purposes you authorized
• You can revoke access at any time through your account settings or directly through the platform

4.2 Scope of Access

We request the following permissions (scopes) from each platform:

• Facebook/Instagram: pages_manage_posts, pages_read_engagement, instagram_basic, instagram_content_publish
• Twitter/X: tweet.read, tweet.write, users.read, offline.access
• YouTube: youtube.upload, youtube (for channel management and analytics)
• TikTok: user.info.basic (profile information), video.publish (publish videos)
• LinkedIn: w_member_social, w_organization_social

These permissions are used exclusively to provide the scheduling and publishing features of our Service. We do not use your data for advertising or share it with third parties for marketing purposes.

4.3 Third-Party Platform Policies

Your use of our Service with third-party platforms is also subject to their privacy policies:

• Meta (Facebook/Instagram): Facebook Privacy Policy
• Twitter/X: Twitter Privacy Policy
• YouTube/Google: Google Privacy Policy
• TikTok: TikTok Privacy Policy
• LinkedIn: LinkedIn Privacy Policy

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Social Media Platforms

We share your content and necessary information with connected social media platforms to:

• Publish posts on your behalf
• Retrieve analytics and engagement data
• Manage your scheduled content

This sharing is necessary to provide our Service and is done in accordance with each platform's API terms.

5.2 Service Providers

We share information with trusted service providers who assist us in operating our Service:

• Supabase: Database and authentication services
• Stripe: Payment processing (PCI-DSS compliant)
• Vercel: Hosting and infrastructure services
• Email Services: For sending transactional and service emails

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests (subpoenas, court orders, etc.)
• Government investigations
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access controls and authentication
• Secure Storage: Access tokens and credentials stored securely using industry-standard encryption
• Regular Audits: Security audits and vulnerability assessments
• Payment Security: PCI-DSS compliant payment processing through Stripe
• Monitoring: Continuous monitoring for security threats and unauthorized access

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

• Access your personal data and receive a copy in a structured, machine-readable format
• Request information about how we process your data

7.2 Rectification and Erasure

You have the right to:

• Correct inaccurate or incomplete data
• Request deletion of your data ("right to be forgotten")
• Delete your account and all associated data

7.3 Objection and Restriction

You have the right to:

• Object to processing of your data for certain purposes
• Request restriction of processing in certain circumstances
• Withdraw consent at any time (where processing is based on consent)

7.4 Account Controls

You can:

• Update your account information through your account settings
• Disconnect social media accounts at any time
• Delete scheduled posts and content
• Export your data before account deletion

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@ewasl.com. We will respond to your request within 30 days (or as required by applicable law).

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When you delete your account, we will:

• Delete or anonymize your personal data within 30 days
• Retain certain information as required by law (e.g., transaction records for tax purposes)
• Remove your content from our systems (scheduled posts will be cancelled)

Access tokens for connected social media accounts are deleted immediately upon account deletion or when you disconnect an account.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Provide personalized features

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Service. For more information, see our Cookie Policy.

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@ewasl.com. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place to protect your data, including:

• Standard contractual clauses approved by data protection authorities
• Compliance with applicable data protection laws (GDPR, CCPA, etc.)
• Regular security assessments of our service providers

By using our Service, you consent to the transfer of your information to countries outside your jurisdiction.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@ewasl.com.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• All rights listed in Section 7 (Your Rights and Choices)
• Right to lodge a complaint with a supervisory authority
• Right to data portability

Our legal basis for processing your data includes:

• Consent: When you connect social media accounts or opt-in to communications
• Contract: To provide our Service under our Terms of Service
• Legal Obligation: To comply with applicable laws
• Legitimate Interest: To improve our Service and prevent fraud

14. Do Not Track Signals

Our Service does not currently respond to "Do Not Track" signals from browsers. However, you can control tracking through your browser settings and our cookie preferences.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the new Privacy Policy. If you do not agree to the changes, you should stop using the Service and delete your account.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@ewasl.com
• General Inquiries: support@ewasl.com
• Website: https://ewasl.com
• Data Protection Officer: dpo@ewasl.com

We are committed to resolving any privacy concerns you may have and will respond to your inquiries promptly.