ThinkSierra
Login Sign Up

Privacy Policy

Last updated: December 10, 2025

Sierra ("we", "our", "us") provides a social media management platform that connects to Facebook and Instagram on your behalf to schedule, publish, and analyze social media content. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services.

1. Information We Collect

1.1 Account Information

  • Registration data: Email address and password when you create an account.
  • Profile information: Basic profile information from your Facebook account (name, profile ID).

1.2 Facebook & Instagram Data

When you connect your Facebook or Instagram accounts, we receive and store:

  • Facebook Page IDs: Identifiers for the Facebook Pages you manage and choose to connect.
  • Instagram Business Account IDs: Identifiers for Instagram Business/Creator accounts linked to your Facebook Pages.
  • Access Tokens: OAuth tokens that allow us to perform actions on your behalf (publish posts, read analytics).
  • Page/Account Analytics: Engagement metrics, follower counts, and post performance data from your connected accounts.

1.3 Content You Create

  • Scheduled posts: Text content, images, and scheduling information for posts you create.
  • Uploaded media: Images you upload for use in social media posts.

2. Facebook & Instagram Permissions

We request the following permissions from Meta (Facebook/Instagram) and use them as described:

Permission How We Use It
pages_show_list Display a list of Facebook Pages you manage so you can select which to connect.
pages_read_engagement Read Page analytics, list posts, read comments, and verify Page ownership for our dashboard.
pages_manage_posts Schedule and publish posts to your Facebook Pages on your behalf.
business_management Access Instagram Business accounts connected to your Facebook Pages.
instagram_basic Retrieve your Instagram Business account information and media.
instagram_content_publish Publish scheduled content to your Instagram Business account.

3. How We Use Your Information

We use your information exclusively to provide our services:

  • Scheduling & Publishing: Store and publish your content at the times you specify.
  • Analytics Dashboard: Display engagement metrics and post performance from your connected accounts.
  • Account Management: Authenticate your identity and maintain your connected social accounts.
  • Service Notifications: Send you important updates about your scheduled posts and account status.

4. Data Sharing

We do NOT sell, rent, or share your personal data with third parties for marketing purposes.

Your data is only shared in these limited circumstances:

  • Meta Platforms: When publishing content or fetching analytics via the official Facebook/Instagram Graph APIs.
  • Cloud Storage: Uploaded images are stored securely on DigitalOcean Spaces (encrypted at rest and in transit).
  • Legal Requirements: If required by law, court order, or government regulation.

5. Data Retention

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Access tokens: Stored until you disconnect the social account or tokens expire (~60 days). Automatically refreshed before expiration.
  • Scheduled posts: Retained until you delete them or disconnect your account.
  • Uploaded images: Permanently deleted when you disconnect your account or delete associated posts.

6. Your Rights & Data Deletion

You have full control over your data:

Disconnect Accounts

Disconnect Facebook/Instagram anytime from your dashboard. This immediately deletes all tokens, scheduled posts, and uploaded images for that account.

Delete Posts

Delete individual scheduled posts at any time. Associated images are also removed from our storage.

Export Data

Request a copy of your data by contacting us at the email below.

Account Deletion

Request complete account deletion by contacting us. All your data will be permanently removed within 30 days.

Facebook Data Deletion

You can also request data deletion directly through Facebook. When you remove our app from your Facebook settings or request data deletion, we automatically receive a callback and delete all your associated data, including uploaded images, scheduled posts, and access tokens. You can check the status of your deletion request at our data deletion status page.

7. Data Security

We implement industry-standard security measures:

  • Encryption in transit: All data transmitted over HTTPS/TLS 1.3.
  • Encryption at rest: Database and file storage encrypted using AES-256.
  • Token security: Access tokens stored securely and never exposed to the browser.
  • Security headers: HSTS, CSP, X-Frame-Options, and other protections enabled.

8. Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics that track your behavior across sites.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: support@your-production-domain.com

Data Controller: Sierra
Website: https://thinksierra.com