Privacy Policy
Last updated: January 25, 2026
Sierra ("we", "our", "us") provides a comprehensive social media management platform that connects to multiple social networks on your behalf to schedule, publish, and analyze social media content. We support Facebook, Instagram, TikTok, YouTube, LinkedIn, Pinterest, X (Twitter), Bluesky, and Mastodon. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services.
1. Information We Collect
1.1 Account Information
- Registration data: Email address and password when you create an account.
- Profile information: Name and profile details you provide or that we receive from connected social accounts.
- Workspace data: Team workspaces you create, including workspace names, descriptions, and member information.
1.2 Connected Social Media Accounts
When you connect social media accounts, we receive and store:
- Account identifiers: Platform-specific user IDs and page/channel IDs for Facebook Pages, Instagram Business accounts, TikTok accounts, YouTube channels, LinkedIn profiles/pages, Pinterest accounts, X (Twitter) accounts, Bluesky handles, and Mastodon accounts.
- Access tokens: OAuth tokens that allow us to perform authorized actions on your behalf (publish posts, read analytics).
- Profile data: Display names, usernames, profile pictures, and follower/subscriber counts.
- Analytics data: Engagement metrics, post performance, reach, impressions, and audience insights from your connected accounts.
1.3 Content You Create
- Scheduled posts: Text content, images, videos, and scheduling information for posts you create.
- Drafts: Unpublished post drafts saved in your account.
- Media library: Images and videos you upload for use in social media posts.
- Hashtag collections: Saved hashtag groups you create for reuse.
- AI-generated content: Content prompts and generated text when you use our AI content generation features.
2. Platform-Specific Permissions
We request only the minimum permissions necessary for each platform:
Facebook & Instagram (Meta)
| Permission | How We Use It |
|---|---|
| pages_show_list | Display a list of Facebook Pages you manage so you can select which to connect. |
| pages_read_engagement | Read Page analytics, list posts, and verify Page ownership for our dashboard. |
| pages_manage_posts | Schedule and publish posts to your Facebook Pages on your behalf. |
| business_management | Access Instagram Business accounts connected to your Facebook Pages. |
| instagram_basic | Retrieve your Instagram Business account information and media. |
| instagram_content_publish | Publish scheduled content to your Instagram Business account. |
Other Platforms
| Platform | Permissions & Usage |
|---|---|
| TikTok | Video upload, account info access, and publishing to your TikTok account. |
| YouTube | Upload videos, manage playlists, and access channel analytics. |
| Post to your profile or company pages, and read engagement metrics. | |
| Create pins, manage boards, and access pin analytics. | |
| X (Twitter) | Post tweets, upload media, and read account engagement data. |
| Bluesky | Create posts and upload media to your Bluesky account. |
| Mastodon | Post toots and upload media to your Mastodon instance. |
3. How We Use Your Information
We use your information exclusively to provide our services:
- Scheduling & Publishing: Store and publish your content to connected social media platforms at the times you specify.
- Analytics Dashboard: Display engagement metrics, post performance, and audience insights from your connected accounts.
- AI Content Generation: Process your prompts through AI services to generate content suggestions, captions, and hashtags.
- Workspace Collaboration: Enable team members to collaborate on content within shared workspaces.
- Media Management: Store and organize your uploaded images and videos for use across posts.
- Account Management: Authenticate your identity and maintain your connected social accounts.
- Service Notifications: Send you important updates about your scheduled posts, account status, and team activity.
4. Data Sharing
We do NOT sell, rent, or share your personal data with third parties for marketing purposes.
Your data is only shared in these limited circumstances:
- Social Media Platforms: When publishing content or fetching analytics via official APIs (Meta, TikTok, YouTube, LinkedIn, Pinterest, X, Bluesky, Mastodon).
- AI Service Providers: When you use AI content generation, your prompts are processed by our AI provider (OpenAI) to generate content. We do not share your social media data with AI providers.
- Cloud Storage: Uploaded images and videos are stored securely on DigitalOcean Spaces (encrypted at rest and in transit).
- Workspace Members: Content and analytics within a workspace are visible to other members of that workspace based on their role permissions.
- Legal Requirements: If required by law, court order, or government regulation.
5. Data Retention
- Account data: Retained while your account is active. Deleted upon account deletion request.
- Access tokens: Stored until you disconnect the social account or tokens expire. Token expiration varies by platform (Meta: ~60 days, others vary). Automatically refreshed before expiration when possible.
- Scheduled posts & drafts: Retained until you delete them or disconnect your account.
- Media library: Uploaded images and videos are permanently deleted when you remove them, disconnect your account, or delete associated posts.
- Workspace data: Retained while the workspace exists. Workspace owners can delete workspaces at any time.
- AI-generated content: Prompts and generated content are not stored after your session unless you save them as drafts or posts.
6. Your Rights & Data Deletion
You have full control over your data:
Disconnect Accounts
Disconnect any social media account anytime from your dashboard. This immediately revokes tokens and deletes all associated data including scheduled posts, drafts, and uploaded media for that account.
Delete Content
Delete individual posts, drafts, media files, and hashtag collections at any time. Associated data is permanently removed from our systems.
Export Data
Request a copy of your data by contacting us at the email below.
Account Deletion
Request complete account deletion by contacting us. All your data will be permanently removed within 30 days.
Facebook/Instagram Data Deletion
You can also request data deletion directly through Facebook. When you remove our app from your Facebook settings or request data deletion, we automatically receive a callback and delete all your associated data, including uploaded images, scheduled posts, and access tokens. You can check the status of your deletion request at our data deletion status page.
Other Platform Data Deletion
For TikTok, YouTube, LinkedIn, Pinterest, X (Twitter), Bluesky, and Mastodon: disconnect the account from your Sierra dashboard to immediately delete all associated data. You can also revoke our access directly from each platform's app settings, though we recommend disconnecting from Sierra first for complete data cleanup.
7. Data Security
We implement industry-standard security measures:
- Encryption in transit: All data transmitted over HTTPS/TLS 1.3.
- Encryption at rest: Database and file storage encrypted using AES-256.
- Token security: Access tokens stored securely and never exposed to the browser.
- Security headers: HSTS, CSP, X-Frame-Options, and other protections enabled.
8. Cookies
We use essential cookies only for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics that track your behavior across sites.
9. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Your continued use of the service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:
Email: support@your-production-domain.com
Data Controller: Sierra
Website: https://thinksierra.com