Privacy Policy

1. GENERAL INFORMATION

In compliance with the information duty established in Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE), the following general information data of this website is provided below:

  • Holder: HADS ADVERTISING, S.L.
  • NIF: B75501627
  • Address: Pasaje del Lucero, 18, Torre del Mar, 29740, Málaga (España)
  • Email: support@loopost.io
  • Web: https://loopost.io

Integrations Summary

Connected Platforms

Loopost integrates with the following social platforms for authentication and content publication:

TikTok

  • OAuth Login
  • Video Publishing
  • Basic Metrics

Facebook

  • Facebook Login
  • Page Management
  • Content Publishing

Instagram

  • Instagram Graph API
  • Content Publishing
  • Business/Creator Accounts

2. DATA CONTROLLER

The controller of the personal data that the User provides through the Website (whether browsing through it, as well as through the enabled forms) will be HADS ADVERTISING, S.L., with address at Pasaje del Lucero, 18, Torre del Mar, 29740, Málaga (Spain).

For any query or proposal, contact us at: support@loopost.io

3. PROCESSING PURPOSES

Your personal data will be processed for the following purposes:

  • Account management: Creation and management of your user account on the platform
  • Service provision: Management of content publication on social networks
  • Commercial communications: Sending information about our services and news
  • Payment management: Processing payments and billing
  • Customer service: Resolving queries and technical support
  • Legal compliance: Compliance with applicable legal obligations

Data and Permissions by Platform

TikTok

Data Collected

  • Basic public profile (name, avatar)
  • Access and refresh tokens
  • Video metadata (title, description, hashtags)
  • Publication status
  • Basic performance metrics

Purpose and Legal Basis

  • Login: Login: OAuth Authentication (consent)
  • Publicación: Publication: Content management (contract execution)
  • Métricas: Metrics: Performance analysis (legitimate interest)
  • Retención: Retention: Until access revocation

Nota: During TikTok's audit period, publications may be limited to "SELF_ONLY" status.

Facebook and Instagram (Meta)

Facebook Login Data

  • User ID (app-scoped)
  • Name and surname
  • Email (if authorized)
  • Avatar/profile picture

Page/Instagram Permissions

  • pages_manage_posts (manage publications)
  • pages_read_engagement (read metrics)
  • instagram_basic (basic access)
  • instagram_content_publish (publish content)

Token Usage

  • Secure storage on encrypted server
  • Automatic token rotation
  • Principle of least privilege
  • Immediate deletion on access revocation

YouTube (Google)

Data Collected

  • YouTube channel information
  • OAuth access tokens
  • Video metadata
  • Basic statistics

Purpose

  • Video publishing
  • Metadata management
  • Performance analysis
  • Service improvement

4. LEGAL BASIS FOR PROCESSING

The processing of your data is carried out with the following legal bases:

  • Contract execution: For the provision of requested services
  • User consent: For sending commercial communications
  • Legitimate interest: For improving our services and security
  • Legal compliance: To comply with applicable legal obligations

Tokens and Security

Secure Storage

All access tokens are stored securely on our servers:

  • Encryption at rest: AES-256 for all stored tokens
  • Encryption in transit: TLS 1.3 for all communications
  • Principle of least privilege: We only request necessary permissions
  • Automatic rotation: Automatic token renewal before expiration
  • Restricted access: Only authorized personnel can access tokens

Token Management

Authentication Process

  • Redirect to social platform
  • Explicit user authorization
  • Secure code exchange
  • Encrypted token storage

Access Revocation

  • Immediate token deletion
  • Notification to social platforms
  • Associated data cleanup
  • User confirmation

5. DATA RETENTION

The personal data provided will be retained while the commercial relationship is maintained or during the years necessary to comply with legal obligations.

Data from connected social network accounts will be deleted immediately when the user disconnects the account or cancels their subscription.

Retention and Deletion

Retention Periods

Account Data

  • Profile information: Until account deletion
  • Access tokens: Until user revocation
  • Published content: According to user settings
  • Metrics: 2 years from last activity

Platform Data

  • TikTok: Immediate deletion on revocation
  • Facebook/Instagram: Deletion within 30 days
  • YouTube: Deletion within 30 days
  • API logs: 90 days maximum

Data Deletion

Data is automatically deleted in the following cases:

  • Account deletion: All data deleted within 30 days
  • Access revocation: Tokens and platform data deleted immediately
  • User request: Exercise of right to be forgotten
  • Contract termination: Data deleted according to established periods

6. RECIPIENTS

Your data will not be transferred to third parties, except by legal obligation. However, for the provision of our services, your data may be processed by:

  • Service providers: Stripe (payments), AWS (hosting), etc.
  • Social networks: Facebook, Instagram, YouTube, TikTok (through official APIs)
  • Authorities: When required by law

Important: Social network APIs (Facebook, Instagram, etc.) only access data that you explicitly authorize during the account connection process.

7. USER RIGHTS

As a user, you can exercise the following rights:

  • Right of access: Know what data we have about you
  • Right of rectification: Correct inaccurate data
  • Right of erasure: Delete your data
  • Right of restriction: Limit the processing of your data
  • Right of portability: Receive your data in structured format
  • Right of objection: Object to the processing of your data
  • Right of withdrawal: Withdraw the consent granted

To exercise these rights, you can contact us at: support@loopost.io

Facebook/Instagram Data Deletion

Meta Data Deletion Request

If you wish to request deletion of data obtained through Facebook or Instagram:

  1. Send an email to privacy@loopost.io with subject "Meta Data Deletion" and your ID (app-scoped) or account email
  2. You can also revoke access from your Facebook/Instagram account; upon receiving the notification, we will delete the associated data
  3. We will process the request within a reasonable timeframe and confirm by email

Nota: Meta data deletion is performed in accordance with their Data Deletion policies. Data will be completely deleted from our servers within a maximum of 30 days.

8. SOCIAL MEDIA DATA PROCESSING

By connecting your social media accounts (Facebook, Instagram, YouTube, TikTok), you authorize Loopost to:

  • Access your public profile and basic account information
  • Publish content on your behalf on connected platforms
  • Read basic statistics of your publications
  • Manage comments and responses (according to granted permissions)

Specific information about Facebook/Instagram:

  • We only access data that you explicitly authorize
  • We do not store passwords from your accounts
  • We use secure access tokens provided by Meta
  • You can revoke access at any time from your Facebook/Instagram settings

9. YOUTUBE/GOOGLE API SERVICES

Google Data We Collect

When you authorize Loopost to access your Google/YouTube account, we collect only the following data:

  • Basic profile information: Name, email address, profile picture
  • YouTube channel information: Channel title, description, channel thumbnail
  • Access tokens: To maintain connection with your account (we do not store passwords)

How We Use Google Data

We use Google data exclusively to provide and improve our application functionality:

  • Content publishing: Upload and manage videos on your YouTube channel
  • Metadata management: Update titles, descriptions and privacy settings of videos
  • Service improvement: Optimize publishing functionality and content management

Important limitation: We do NOT use Google data for targeted advertising, sale to third parties, credit analysis, or any purpose other than providing or improving our application functionality.

Sharing and Transferring Google Data

We do NOT sell, rent or share your Google data with third parties, except in the following limited circumstances:

  • Essential service providers: Only to operate our service (hosting, payment processing)
  • Legal compliance: When required by law or competent authorities
  • Rights protection: To protect our legal rights or the security of our users

Specific prohibitions: We do NOT transfer Google data for targeted advertising, sale to data brokers, credit analysis, or any commercial purpose unrelated to our application functionality.

Google Data Protection and Security

We implement specific technical and organizational security measures to protect your Google data:

  • Encryption: All data is encrypted in transit and at rest
  • Restricted access: Only authorized personnel can access the data
  • Secure tokens: We use secure access tokens provided by Google
  • Regular audits: We periodically review our security systems
  • Secure storage: Data is stored on secure AWS servers

Google Data Retention and Deletion

Data retention: We retain your Google data only as long as necessary to provide our services:

  • Active account data: While you maintain your connected account
  • Immediate deletion: When you disconnect your Google/YouTube account
  • Automatic deletion: When you cancel your Loopost subscription
  • Grace period: Maximum 30 days for backups

Right of deletion: You can request the deletion of your Google data at any time by contacting us at support@loopost.io. We will delete all data related to your Google account within 30 days.

We comply with the Google API Services User Data Policy, including the Limited Use requirement. We do not sell or transfer Google user data to third parties, except when necessary to provide the service or by legal obligation. We do not access private messages or sensitive data.

YouTube Terms of ServiceGoogle Privacy PolicyGoogle API Services User Data Policy (Limited Use)Manage or revoke access (Google Account Permissions)

12. SECURITY MEASURES

We have adopted the necessary technical and organizational measures to guarantee the security of the personal data we process, preventing its alteration, loss, processing or unauthorized access.

  • SSL/TLS encryption in all communications
  • Secure storage on AWS servers
  • Restricted access to personal data
  • Regular backups
  • Periodic security audits

International Transfers

Service Providers

Some of our service providers may be located outside the European Economic Area:

Cloud Providers

  • Vercel (United States): Hosting and CDN
  • AWS (United States): Storage and services
  • Stripe (United States): Payment processing

Protection Measures

  • Standard contractual clauses (SCC)
  • Adequacy certifications
  • Technical and organizational measures
  • Privacy impact assessments

13. COOKIE POLICY

We use cookies to improve your experience on our website. You can consult our complete cookie policy at: Cookie Policy

10. META (FACEBOOK/INSTAGRAM) API SERVICES

Meta Data We Collect

When you authorize Loopost to access your Facebook/Instagram account, we collect only the following data:

  • Basic profile information: Name, email address, profile picture
  • Page information: Connected page titles, descriptions, thumbnails
  • Access tokens: To maintain connection with your account (we do not store passwords)

How We Use Meta Data

We use Meta data exclusively to provide and improve our application functionality:

  • Content publishing: Upload and manage posts on your Facebook/Instagram pages
  • Metadata management: Update titles, descriptions and privacy settings of posts
  • Service improvement: Optimize publishing and content management functionality

Important limitation: We do NOT use Meta data for targeted advertising, sale to third parties, credit analysis, or any purpose other than providing or improving our application functionality.

Sharing and Transferring Meta Data

We do NOT sell, rent or share your Meta data with third parties, except in the following limited circumstances:

  • Essential service providers: Only to operate our service (hosting, payment processing)
  • Legal compliance: When required by law or competent authorities
  • Rights protection: To protect our legal rights or the security of our users

Specific prohibitions: We do NOT transfer Meta data for targeted advertising, sale to data brokers, credit analysis, or any commercial purpose unrelated to our application functionality.

Meta Data Protection and Security

We implement specific technical and organizational security measures to protect your Meta data:

  • Encryption: All data is encrypted in transit and at rest
  • Restricted access: Only authorized personnel can access the data
  • Secure tokens: We use secure access tokens provided by Meta
  • Regular audits: We periodically review our security systems
  • Secure storage: Data is stored on secure AWS servers

Meta Data Retention and Deletion

Data retention: We retain your Meta data only as long as necessary to provide our services:

  • Active account data: While you maintain your connected account
  • Immediate deletion: When you disconnect your Facebook/Instagram account
  • Automatic deletion: When you cancel your Loopost subscription
  • Grace period: Maximum 30 days for backups

Right to deletion: You can request deletion of your Meta data at any time by contacting us at privacy@loopost.io. We will delete all data related to your Meta account within 30 days.

We comply with Meta developer policies and the Data Deletion Policy. We do not sell or transfer Meta user data to third parties, except when necessary to provide the service or by legal obligation. We do not access private messages or sensitive data.

Gestionar acceso:

Manage or revoke access (Facebook/Instagram Settings)

11. TIKTOK API SERVICES

TikTok Data We Collect

When you authorize Loopost to access your TikTok account, we collect only the following data:

  • Basic profile information: Username, profile picture, public information
  • Video information: Video metadata (title, description, hashtags)
  • Access tokens: To maintain connection with your account (we do not store passwords)

How We Use TikTok Data

We use TikTok data exclusively to provide and improve our application functionality:

  • Content publishing: Upload and manage videos on your TikTok account
  • Metadata management: Update titles, descriptions and privacy settings of videos
  • Service improvement: Optimize publishing and content management functionality

Important limitation: We do NOT use TikTok data for targeted advertising, sale to third parties, credit analysis, or any purpose other than providing or improving our application functionality.

Sharing and Transferring TikTok Data

We do NOT sell, rent or share your TikTok data with third parties, except in the following limited circumstances:

  • Essential service providers: Only to operate our service (hosting, payment processing)
  • Legal compliance: When required by law or competent authorities
  • Rights protection: To protect our legal rights or the security of our users

Specific prohibitions: We do NOT transfer TikTok data for targeted advertising, sale to data brokers, credit analysis, or any commercial purpose unrelated to our application functionality.

TikTok Data Protection and Security

We implement specific technical and organizational security measures to protect your TikTok data:

  • Encryption: All data is encrypted in transit and at rest
  • Restricted access: Only authorized personnel can access the data
  • Secure tokens: We use secure access tokens provided by TikTok
  • Regular audits: We periodically review our security systems
  • Secure storage: Data is stored on secure AWS servers

TikTok Data Retention and Deletion

Data retention: We retain your TikTok data only as long as necessary to provide our services:

  • Active account data: While you maintain your connected account
  • Immediate deletion: When you disconnect your TikTok account
  • Automatic deletion: When you cancel your Loopost subscription
  • Grace period: Maximum 30 days for backups

Right to deletion: You can request deletion of your TikTok data at any time by contacting us at privacy@loopost.io. We will delete all data related to your TikTok account within 30 days.

We comply with TikTok developer policies. We do not sell or transfer TikTok user data to third parties, except when necessary to provide the service or by legal obligation. We do not access private messages or sensitive data.

Gestionar acceso:

Manage or revoke access (TikTok Settings)

14. MODIFICATIONS

We reserve the right to modify this policy to adapt it to legislative or jurisprudential developments. In such cases, we will announce the changes introduced on this page with reasonable advance notice before their implementation.

15. CONTACT

For any query about this privacy policy, you can contact us:

  • General email: support@loopost.io
  • Privacy email: privacy@loopost.io
  • Address: Pasaje del Lucero, 18, Torre del Mar, 29740, Málaga (España)

Last updated: 15/11/2025

For any queries about this privacy policy, contact us at support@loopost.io