SocialDropTerms of Service

Privacy Policy

Last updated: March 2026

1. Introduction

SocialDrop ("we," "us," or "our") is operated by SocialDrop LLC, a company registered in the State of Illinois. We provide an Instagram automation platform for local service businesses at social-drop.com.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. It applies to all users of SocialDrop, including business owners, their team members, and visitors to our website.

By accessing or using SocialDrop, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create a SocialDrop account, we collect:

  • Full name
  • Email address
  • Password (stored as a cryptographic hash, never in plain text)
  • Business name

2.2 Business Profile Information

To tailor our service to your business, we collect:

  • Industry or niche (e.g., landscaping, cleaning, detailing, roofing)
  • Business location and service area
  • Description of services offered
  • Brand tone and content preferences
  • Preferred posting schedule and times

2.3 Instagram Account Data

When you connect your Instagram Business or Creator account, we receive from Meta:

  • Instagram username
  • Instagram profile picture URL
  • Instagram account type (Business or Creator)
  • An access token to publish content on your behalf

2.4 Google Drive Data

If you connect Google Drive for photo syncing, we access:

  • Image files from your selected Google Drive folder(s)
  • File names and metadata (date created, file size)

We use the drive.file scope and do not modify, delete, or access any files outside your selected folder.

2.5 Photos and Content

We collect and store:

  • Photos and images you upload directly to SocialDrop
  • Photos synced from your connected Google Drive folder
  • AI-generated captions, hashtags, and descriptions associated with your posts
  • Any edits you make to captions before publishing

2.6 Usage Data

We automatically collect certain information about how you interact with our service:

  • Pages viewed and features used
  • Post approval and scheduling activity
  • Browser type, device type, and operating system
  • IP address (used for security and approximate geolocation)
  • Date and time of access

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the service: Publish posts to your Instagram account, manage your posting schedule, and maintain your dashboard.
  • AI caption generation: Analyze your uploaded images using Claude AI (by Anthropic) to generate relevant captions, hashtags, and content suggestions tailored to your business niche.
  • Schedule and publish posts: Use the Meta (Instagram) Graph API to publish content to your connected Instagram Business account at your scheduled times.
  • Sync photos: Access your connected Google Drive folder to detect and import new photos for posting.
  • Send notifications: Email you post previews, approval requests, publishing confirmations, and account alerts.
  • Process payments: Manage your subscription billing through our payment processor.
  • Improve our service: Analyze usage patterns to enhance features, fix issues, and develop new capabilities.
  • Ensure security: Detect and prevent unauthorized access, abuse, or fraudulent activity.
  • Comply with legal obligations: Respond to lawful requests from authorities when required.

4. Third-Party Services

We share data with the following third-party services solely to operate SocialDrop. We do not sell your data to any third party.

ServiceData SharedPrivacy Policy
Meta / FacebookInstagram account info, images, captions (for publishing posts)Meta Privacy Policy
GoogleGoogle Drive folder access, image files (read-only sync)Google Privacy Policy
Anthropic (Claude AI)Images and business context (for AI caption generation)Anthropic Privacy Policy
SupabaseAll application data and uploaded files (database and storage provider)Supabase Privacy Policy
VercelApplication hosting, server logs, IP addressesVercel Privacy Policy
ResendEmail addresses, email content (for transactional emails)Resend Privacy Policy
CloudflareDNS traffic, IP addresses (for DNS resolution and SSL)Cloudflare Privacy Policy

5. Instagram / Meta Integration

SocialDrop is a verified Meta application. When you connect your Instagram account, we use the official Instagram Graph API provided by Meta Platforms, Inc.

Permissions We Request

We request only the minimum permissions required to provide our service:

  • instagram_business_basic — Allows us to read your Instagram Business account profile information, including your username, profile picture, and account type.
  • instagram_business_content_publish — Allows us to publish photos and carousel posts to your Instagram Business account on your behalf.

How We Use These Permissions

  • We display your Instagram username and profile picture in your SocialDrop dashboard.
  • We publish image posts and carousel posts to your Instagram account based on your approved schedule.
  • We do not read your Instagram messages, comments, followers list, or any data beyond what is described above.
  • We do not post without your approval (unless you have explicitly enabled auto-approve in your settings).

How to Disconnect

You can disconnect your Instagram account at any time from your SocialDrop dashboard under Settings. You can also revoke SocialDrop's access directly from your Instagram app under Settings > Website Permissions > Apps and Websites. Upon disconnection, we delete your Instagram access token from our servers.

6. Google Drive Integration

SocialDrop offers an optional Google Drive integration that allows you to sync photos from a specific Google Drive folder to your SocialDrop account.

Scope of Access

We request the drive.file scope from Google. This means:

  • What we access: Only files and folders you explicitly select through the Google file picker.
  • What we do not access: Any files you have not selected, documents, spreadsheets, personal files, emails, or any other Google services.
  • We cannot access files you have not shared with SocialDrop. You control exactly which files we can see.

How It Works

Our system periodically checks your selected folder for new image files. When new images are detected, they are copied to our secure storage for processing and publishing. The original files in your Google Drive remain untouched. You can disconnect Google Drive at any time from your dashboard settings.

Google API Services User Data Policy

SocialDrop's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. AI Processing

SocialDrop uses artificial intelligence to generate captions, hashtags, and content suggestions for your Instagram posts. Our AI processing is powered by Claude, developed by Anthropic.

What Happens During AI Processing

  • Your uploaded images are sent to Anthropic's Claude API for visual analysis.
  • Along with each image, we send your business context (name, niche, location, and tone preferences) to generate a relevant caption.
  • Claude analyzes the image and returns a suggested caption, hashtags, and content description.

Data Handling by Anthropic

  • Images and prompts sent to the Claude API are processed in real time and are not stored by Anthropic for model training purposes when accessed via their API.
  • Anthropic may retain API inputs and outputs for a limited period for trust and safety purposes, as described in their privacy policy.
  • We do not send your email address, password, Instagram credentials, or payment information to Anthropic.

Your Control

AI-generated captions are suggestions. You can review, edit, or replace any caption before it is published to your Instagram account. If you have auto-approve enabled, captions will be published automatically, but you can change this setting at any time.

8. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it.

Storage Infrastructure

  • Application data is stored in a Supabase PostgreSQL database, hosted on AWS infrastructure.
  • Uploaded images are stored in Supabase Storage with secure access controls.
  • Our application is hosted on Vercel's infrastructure.

Security Measures

  • All data is encrypted in transit using TLS/SSL.
  • Database data is encrypted at rest.
  • Passwords are cryptographically hashed and never stored in plain text.
  • Instagram access tokens and Google refresh tokens are stored server-side only and are never exposed to client-side code.
  • Row-Level Security (RLS) policies ensure users can only access their own data.
  • API routes are protected with authentication and role-based access checks.
  • All administrative actions require admin role verification.

9. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account closure.
  • Published post records: Retained for as long as your account is active so you can view your publishing history.
  • Uploaded images: Retained while your account is active. Images may be deleted from our storage after successful publishing to Instagram, unless you have content rotation enabled.
  • Instagram tokens: Deleted immediately upon disconnecting your Instagram account or closing your SocialDrop account.
  • Google Drive tokens: Deleted immediately upon disconnecting Google Drive or closing your account.
  • Server logs: Retained for up to 30 days for debugging and security purposes, then automatically deleted.
  • Payment records: Retained as required by law for tax and accounting purposes (typically 7 years).

10. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete data.
  • Deletion: Request that we delete your account and all associated data. See Section 16 for details.
  • Disconnect services: Disconnect your Instagram account or Google Drive at any time from your dashboard settings.
  • Data export: Request an export of your data in a machine-readable format.
  • Withdraw consent: Withdraw your consent to data processing at any time by closing your account.
  • Object to processing: Object to certain types of data processing where we rely on legitimate interests.

To exercise any of these rights, please contact us at admin@social-drop.com. We will respond to your request within 30 days.

11. Cookies

SocialDrop uses minimal cookies that are strictly necessary for the functioning of our service:

  • Authentication cookies: Used to keep you logged in to your SocialDrop account. These are session-based and expire when you log out or after your session ends.
  • Security cookies: Used to prevent cross-site request forgery (CSRF) and other security threats.

We do not use advertising cookies, tracking cookies, or any third-party analytics cookies. We do not track you across other websites.

12. Children's Privacy

SocialDrop is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at admin@social-drop.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last updated" date at the top of this page.
  • For material changes, we will notify you by email at the address associated with your account at least 30 days before the changes take effect.
  • Your continued use of SocialDrop after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SocialDrop LLC

Email: admin@social-drop.com

Website: social-drop.com

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Sale of personal information: We do not sell personal information. We have not sold personal information in the preceding 12 months.

To exercise your CCPA rights, contact us at admin@social-drop.com. We will verify your identity before processing your request and respond within 45 days.

16. Data Deletion

How to Request Deletion

You can request deletion of your data in the following ways:

  • Email us at admin@social-drop.com with the subject line "Data Deletion Request."
  • Use the "Delete Account" option in your SocialDrop dashboard settings.

What We Delete

Upon receiving a verified deletion request, we will delete:

  • Your SocialDrop account and login credentials
  • Your business profile and all associated settings
  • All uploaded images stored in our system
  • All post records, captions, and scheduling data
  • Your Instagram access token and Google Drive refresh token
  • Your email address from our notification systems

What We May Retain

  • Anonymized usage statistics that cannot be linked back to you.
  • Payment records as required by law for tax and accounting purposes.
  • Records necessary to comply with legal obligations or resolve disputes.

Timeline

We will process your deletion request and remove your data within 30 days of receiving a verified request. You will receive a confirmation email once the deletion is complete.

Meta Data Deletion Callback

As a Meta-integrated application, we support Meta's data deletion callback. If you remove SocialDrop from your Instagram or Facebook account settings, Meta will notify us, and we will automatically delete all Instagram-related data associated with your account, including your access token, Instagram username, and profile information stored in our system.