Privacy Policy

Last updated: April 11, 2026

SocialRoar is a product of Oxia (“Oxia”, “SocialRoar”, “we”, “us”, or “our”). It helps brands and creators manage social media comments and online reviews. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to socialroar.co and any related applications and services (collectively, the “Service”).

1. Who we are and how to contact us

SocialRoar is a product operated by Oxia, the legal entity behind socialroar.co. The data controller for personal information processed under this policy is Oxia. You can contact our privacy team at [email protected].

2. Information we collect

We collect the following categories of information:

  • Account information: name, email address, password (hashed), workspace name, profile picture, billing details, and team-member roles.
  • Connected platform data: when you connect a Facebook Page, Instagram Business Account, Google Business Profile, LinkedIn Page, TikTok Business account, or YouTube channel, we receive data through the platform’s official API. This may include page/business identifiers, comments and replies, reviews, message metadata, post identifiers, commenter usernames and public profile information, and the access tokens required to act on your behalf.
  • Knowledge base content:files, URLs, FAQs, and brand guidelines you upload so the AI can generate on-brand replies.
  • Usage data: log data such as IP address, browser type, device identifiers, pages visited, actions taken in the Service, and timestamps.
  • Cookies and similar technologies:see our Cookie Policy.

3. How we use your information

We use the information we collect to:

  • Provide, operate, secure, and improve the Service;
  • Authenticate you and the social accounts you connect, and post replies, hide comments, or take other actions you instruct us to take through the Service;
  • Generate AI-suggested replies, sentiment scores, and tags using your knowledge base and the comment/review content;
  • Send service announcements, security alerts, and support messages;
  • Process payments and prevent fraud and abuse;
  • Comply with applicable law and enforce our Terms of Service.

We do not sell your personal information, and we do not use data obtained from Meta, Google, or LinkedIn platforms for advertising, retargeting, or to build user profiles for purposes unrelated to the features you have enabled.

4. Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Service), legitimate interests (to secure and improve the Service), consent (for marketing emails and certain cookies), and compliance with legal obligations.

5. Data obtained from Meta Platforms (Facebook, Instagram, Messenger, Threads)

When you connect a Facebook Page or Instagram Business Account, we access data through the Meta Graph API and Webhooks using the permissions you grant during the OAuth flow. We use this data only to power the features you have enabled in SocialRoar — for example, loading comments into your inbox, applying sentiment analysis, generating AI replies, and posting your approved replies back to Meta.

We comply with the Meta Platform Terms and Developer Policies. We do not transfer data we receive from Meta to any data broker, ad network, or analytics platform. We retain Meta-derived data only as long as needed to provide the Service, and we delete it when you disconnect a page, delete your account, or submit a deletion request. See our Data Deletion Instructions.

6. Data obtained from Google APIs

SocialRoar’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We access the Google Business Profile API only to read locations and reviews you own, and to post replies to those reviews on your instruction. We do not use Google user data to serve ads, and we do not share Google user data with third parties except as required to provide the Service or comply with the law.

7. Data obtained from LinkedIn

When you connect a LinkedIn Page, we access page posts, comments, and engagement data through the LinkedIn Marketing Developer Platform using only the scopes you authorize. LinkedIn data is used solely to provide the comment-management features you have enabled and is handled in accordance with the LinkedIn API Terms of Use.

8. How we share information

We share information only as described below:

  • Service providers: hosting (DigitalOcean), database (PostgreSQL on managed infrastructure), email delivery, error monitoring, payment processing (Stripe), and AI inference (Anthropic). These providers may process data only on our behalf and under contractual confidentiality obligations.
  • Within your workspace:content and actions in your workspace are visible to other team members you invite.
  • Legal and safety: when required by law, valid legal process, or to protect the rights, property, or safety of SocialRoar, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality obligations.

9. AI processing

To generate replies, classify sentiment, and tag comments, we send the relevant comment or review text and the applicable knowledge-base context to our AI provider (Anthropic). We do not allow our AI provider to train its models on your content. AI-generated replies are suggestions that you must review and approve before they are posted to the underlying platform.

10. International transfers

We may transfer, store, and process your information in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

11. Data retention

We retain account information for as long as your account is active. Comments, reviews, and AI-generated replies are retained while the related social account remains connected. When you disconnect a social account, we delete the associated platform data within 30 days. When you delete your account, we delete all personal data within 30 days, except where retention is required by law (e.g., billing records).

12. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. You can exercise most rights from your account settings, or by emailing [email protected]. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

13. Security

We use industry-standard administrative, technical, and physical safeguards including TLS encryption in transit, encryption at rest, access controls, and regular backups. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

14. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.

16. Contact us

For questions about this Privacy Policy or our data practices, contact [email protected].