SOCIALFORGE PRIVACY POLICY

Effective Date: 2025-07-09
Last Updated: 2025-11-11

Operator and Legal Entity
-------------------------
The Social Forge ("we," "our," or "us") is a digital platform owned and operated by M & W Logistics LLC d/b/a The Social Forge, a Virginia limited liability company ("Company").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform.

DBA Disclosure Notice
---------------------
The Social Forge is a registered trade name of M & W Logistics LLC, filed in the Commonwealth of Virginia.
All references to "The Social Forge" in this document refer to M & W Logistics LLC d/b/a The Social Forge.

1. INTRODUCTION
The Social Forge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly
Account Information:
- Name and email address
- Password (encrypted)
- Company name and business information
- Billing information (processed by Stripe)
- Phone number (for SMS notifications)

Content Data:
- Social media posts and captions
- Uploaded images and videos
- Scheduling preferences
- AI prompt inputs

Platform Credentials:
- OAuth tokens for connected social media accounts
- Platform-specific user IDs
- Account permissions and scopes

2.2 Information Collected Automatically
Usage Data:
- Features used and frequency
- Post performance metrics
- Login times and IP addresses
- Device and browser information
- Session duration and page views

Analytics Data:
- Social media engagement metrics
- Audience demographics (aggregated)
- Post reach and impressions
- Optimal posting time patterns

2.3 Third-Party Data
Social Platform Data:
- Public profile information
- Page/account insights
- Follower counts and growth
- Engagement metrics
- Platform-specific analytics

3. HOW WE USE YOUR INFORMATION

3.1 Service Delivery
- Schedule and publish your social media content
- Generate AI-powered captions and suggestions
- Provide analytics and performance insights
- Send notifications about post status
- Process payments and manage subscriptions

3.2 Service Improvement
- Analyze usage patterns to improve features
- Develop new functionalities
- Optimize AI model performance
- Enhance user experience
- Conduct A/B testing

3.3 Communication
- Send service-related emails
- Notify about scheduled post status
- Alert about account issues
- Share product updates (with consent)
- Respond to support requests

3.4 Legal and Security
- Comply with legal obligations
- Enforce our Terms of Service
- Protect against fraud and abuse
- Maintain platform security
- Resolve disputes

4. DATA SHARING AND DISCLOSURE

4.1 Service Providers
We share data with trusted third parties who assist in operating our service:

Provider | Purpose | Location
----------|----------|----------
Amazon Web Services (AWS) | Cloud infrastructure (Aurora Serverless v2 PostgreSQL, S3, SES, CloudFront, Cognito) | United States
Stripe | Payment processing | United States
OpenAI | AI services for content generation (anonymized prompts only) | United States

4.2 Social Media Platforms
- We share content you create with platforms you've connected.
- OAuth tokens are used to authenticate on your behalf.
- We access only the permissions you explicitly grant.

4.3 Legal Requirements
We may disclose information when required by:
- Court orders or subpoenas
- Law enforcement requests
- National security requirements
- Protection of our legal rights

4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred to the successor entity.

4.5 Aggregated Data
We may share anonymized, aggregated data that cannot identify you personally for research or marketing purposes.

5. DATA RETENTION

5.1 Active Accounts
- Account data: Retained while the account is active
- Posted content: 90 days after publication
- Analytics data: Based on your subscription tier (90 days for Starter, 1 year for Pro, 2 years for Business)
- AI interactions: 30 days
- Uploaded media: Until you delete or your account is terminated

5.2 After Account Termination
- Basic account info: 90 days for reactivation
- Legal records: As required by law (typically 7 years)
- Anonymized analytics: Indefinitely
- All other data: Deleted within 30 days

6. DATA SECURITY

6.1 Technical Measures
- AES-256 encryption for data at rest
- TLS 1.3 for data in transit
- AWS security best practices
- Regular security audits
- Vulnerability scanning

6.2 Operational Security
- Access controls and authentication
- Employee security training
- Incident response procedures
- Regular backups
- DDoS protection via AWS CloudFront

6.3 OAuth Token Security
- Encrypted storage in AWS Secrets Manager
- Token refresh automation
- Immediate revocation upon disconnect
- No plain-text token storage

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability
- View all data we have about you
- Export your data in common formats
- Request a copy of your information

7.2 Correction and Deletion
- Update incorrect information
- Delete your account and associated data
- Remove specific content or connections

7.3 Communication Preferences
- Opt-out of marketing emails
- Manage notification settings
- Control SMS alerts

7.4 Connected Accounts
- Revoke platform permissions
- Disconnect social accounts
- Manage app permissions

8. COOKIES AND TRACKING

8.1 First-Party Cookies Only
We use only essential first-party cookies for:
- Session management
- Authentication
- Security features
- User preferences
- Basic usage analytics

These cookies are necessary for the Service to function and do not require consent under GDPR/CCPA.

8.2 No Third-Party Cookies
We do not use:
- Third-party advertising cookies
- Cross-site tracking cookies
- Marketing or retargeting cookies
- Social media tracking pixels

8.3 No Cookie Banner Required
Because only essential first-party cookies are used, no cookie consent banner is required under GDPR or CCPA regulations.

9. CHILDREN'S PRIVACY
Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover such data, we will delete it immediately.

10. INTERNATIONAL DATA TRANSFERS

10.1 Data Location
- Primary data storage: United States (AWS US regions)
- We use Standard Contractual Clauses (SCCs) for EU data transfers
- Data may be processed where our service providers operate

10.2 Your Consent
By using our Service, you consent to data transfer to the United States and other jurisdictions where we or our providers operate.

11. CALIFORNIA PRIVACY RIGHTS

11.1 CCPA Rights
California residents have the right to:
- Know what personal information we collect
- Request deletion of personal information
- Opt-out of sale of personal information (we do not sell data)
- Non-discrimination for exercising privacy rights

11.2 Categories of Information
- Identifiers: name, email, IP address
- Commercial information: subscription, usage
- Internet activity: browsing, interactions
- Professional information: company details

12. EUROPEAN PRIVACY RIGHTS

12.1 GDPR Rights
EU residents have the right to:
- Access personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Data portability
- Object to processing
- Restrict processing

12.2 Legal Basis
We process data based on:
- Contract performance (service delivery)
- Legitimate interests (improvement, security)
- Legal obligations
- Your consent (marketing)

13. AI AND AUTOMATED PROCESSING

13.1 AI Usage
- We use AI services for content generation and enhancement.
- Prompts are anonymized before processing.
- No personal data is used to train AI models.
- You maintain full control over all AI-generated content.

13.2 No Automated Decision-Making
We do not use automated processing for decisions that significantly affect you.

14. CHANGES TO THIS POLICY
- We will notify you of material changes 30 days in advance.
- Continued use constitutes acceptance.
- Previous versions available upon request.

15. CONTACT US

Data Protection Officer:
Email: privacy@thesocialforge.net

General Inquiries:
The Social Forge
Email: support@thesocialforge.net

For physical correspondence, please email for current mailing address.

EU Representative:
[If applicable, EU representative details]

© 2025 The Social Forge - M & W Logistics LLC d/b/a The Social Forge
Business mailing address available upon request.
Contact: legal@thesocialforge.net