Privacy Policy

The short version

• Free trial: no account. The web app does not retain captured artifacts beyond the seconds it takes to deliver them.
• Pro / Studio: we store the minimum needed to bill you (email, hashed password, Stripe customer ID), plus your audit-logged case archive for the published retention window of your plan (Pro: 30 days, Studio: 90 days). After the window, the artifact is permanently deleted.
• We do not sell, share, or commercially derive from captured content. Vendors are limited to the named processors below and bound by data-processing addenda.
• We use Vercel Analytics for aggregate page-view counts. It is cookieless and IP-anonymised.
• Free tier: we may show ads (Google AdSense) and link to sponsored partners (e.g., a VPN affiliate, donation links) to keep the free tier free. Ad cookies only set after you accept the consent banner; decline and no ads load. Sponsored links are tagged with rel=“sponsored” and never receive any data about you. Pro / Studio plans are ad-free.

1. Who is responsible

socials.download (the “Service”) is operated by the entity reachable via the contact email at the bottom of this page (the “Controller”). The Controller determines the purposes and means of personal-data processing carried out by the Service.

For data about you as the Operator (your account email, billing data, audit-log entries), the Controller is us. For data captured by you about subjects (the artifacts you preserve, the metadata sidecars they ship with), you are the controller and we are your processor. That distinction matters and is treated accordingly throughout this policy and our data-processing terms.

2. What we collect, when, and why

• Email address (paid accounts only). Used for login, billing receipts, and material-change notices. Stored encrypted at rest in our primary database.
• Hashed password (paid accounts only). Argon2id-hashed. We never store or log the plaintext.
• Stripe customer ID and last 4 of card (paid accounts only). Full card data is held by Stripe, not by us. We see only the customer ID and the safe-to-display last four digits.
• Capture metadata (paid accounts only). When you submit a capture we record: source URL, source platform, subject account handle, file size, capture timestamp (UTC), the SHA-256 hash of the artifact bytes, and the Attestation text and timestamp. Stored for the retention window of your plan so you can verify chain of custody and re-download from your case archive.
• Captured artifact bytes. Free-trial captures stream through and are deleted from worker memory within seconds. Paid captures are written to encrypted object storage (AWS S3, server-side AES-256) and deleted after the retention window.
• Audit log (paid accounts only). Every capture, re-download, and removal action against your account, with timestamp, IP, capture session ID, and Attestation hash. Tamper-evident; retained for the lifetime of the account plus statutory retention obligations.
• Server logs (all users). Standard request logs: IP address, request path, response code, request duration. Used for debugging and abuse mitigation. Auto-deleted after 30 days.

3. What we do not collect

• Your browsing history, viewing habits, or searches outside the Service.
• Your contact list, location, or device identifiers.
• The content of captured artifacts for any purpose other than delivering them to you and storing them in your retention archive.
• Behavioural-analytics cookies. Vercel Analytics is the only first-party analytics we run, and it’s cookieless.
• Data about the subjects you investigate beyond what is part of a capture you explicitly requested.

Note: if you accept the cookie consent banner on the free tier, Google AdSense sets cookies for ad personalisation and frequency capping. See section 6 below for the full advertising disclosure.

4. Legal bases (UK GDPR / EU GDPR)

If you are in the UK or EU, our legal bases for processing are:

• Contract: processing necessary to deliver the Service you signed up for (account, captures, archive, billing).
• Legitimate interests: security, abuse mitigation, audit logging, and fraud prevention. Balanced against your interests; you can object at any time.
• Legal obligation: responding to lawful process, retaining records required by tax / accounting law, and complying with applicable record-keeping obligations.
• Consent: only where the law specifically requires it (e.g., certain cookie or marketing scenarios; we do not currently rely on consent for any operational processing).

5. Processors and sub-processors

We use a small set of vendors to deliver the Service. Each is named, scoped, and DPA-covered:

• Amazon Web Services (us-east-1): hosting, encrypted object storage for case archives.
• Stripe: payment processing for paid plans.
• Resend: transactional email (receipts, password resets, plan changes, takedown notifications).
• Cloudflare: CDN and DDoS protection in front of the website. Also operates a Cloudflare Worker we run for platforms whose anti-bot defences block our other infrastructure (currently VSCO, Instagram profile data, TikTok profile data, Threads). The Worker only sees the public URL you submit; no personal data is sent to it.
• Vercel: hosting for the marketing site and serverless functions. Also runs Vercel Analytics, which records aggregate page-view counts (URL, referrer, country, device class) without cookies and without storing the visitor’s IP address. Vercel Analytics does not share data with advertising networks.
• Google AdSense (free tier only, after consent): serves display advertising. Sets cookies for ad personalisation, frequency capping, and click measurement. We never share Operator data, capture metadata, or the URLs you submit with Google. AdSense receives only what your browser sends it directly (page URL, IP, browser fingerprint) under Google’s own privacy policy. See section 6.

We do not use Google Analytics, Meta Pixel, Mixpanel, Amplitude, or Segment. We do not share Operator account data, email addresses, captured content, or capture metadata with advertising networks. We do not enrich Operator data from data brokers. On the free tier we do display Google AdSense ads (after consent) — see section 6.

6. Advertising and affiliate links (free tier)

The free tier of the Service is supported by advertising and affiliate links. We disclose every revenue source here so you know exactly what runs.

Display advertising (Google AdSense)

• When it loads. Only after you click “Accept” on the cookie consent banner. If you click “Decline” the AdSense script never loads, no ad cookies are set, and no ads are served on this device. Your choice is stored in localStorage as a single key (sd-consent-v1) — we do not log it server-side.
• What Google sees. Google AdSense receives the standard signals every embedded ad receives from your browser: the page URL you’re on, your IP address, browser user-agent, screen size, and the cookies AdSense itself sets after consent. It does not receive your account email, your billing data, or anything you paste into the capture input. The URL you submit to capture is sent to our backend only — never to Google.
• What you can do about it. Decline the consent banner (no ads). Or accept and then opt out of personalisation at Google Ads Settings. Or upgrade to Pro / Studio (entirely ad-free).
• Where ads appear. A maximum of three slots: below the capture input, mid-page between content sections, and below a successful gallery preview. We will not run popups, popunders, autoplay video, or interstitials.

Affiliate / sponsored links

• The footer may include sponsored links (currently a VPN partner) marked with rel=“sponsored” per Google’s SEO conventions.
• Affiliate links are static HTML — they don’t set cookies on this domain. If you click one, the destination site sets its own cookies under its own privacy policy, and may credit us with a referral commission if you sign up.
• We never share your email, captured content, or anything else with affiliate partners. The only signal they receive is “a click came from a socials.download referral link.”
• The Ko-fi donation link (if shown) opens an external Ko-fi page; the donation transaction happens on Ko-fi’s domain under their privacy policy.

No ads on paid plans

Pro and Studio accounts never see ads. Affiliate links may still appear in the footer (we don’t segment those by plan tier), but the AdSense display slots are suppressed for authenticated paid users.

7. Security practices

• TLS 1.2+ in transit for every request. HSTS enforced on the marketing site and the API.
• AES-256 at rest for the primary database, encrypted object storage for archived artifacts.
• Argon2id password hashing with per-account salts.
• Principle-of-least-privilege IAM for production access. MFA required for any human access to production systems.
• Audit logs immutable to anyone short of a database-administrator action; database-admin events are themselves audited.
• Quarterly review of dependencies for known vulnerabilities. Automated SCA on every deploy.
• Incident-response plan with a 24-hour internal disclosure target and a 72-hour external-notification target where required by law.

8. Retention windows (concrete)

• Free-trial captures: artifact deleted within 60 seconds of delivery to your browser.
• Pro captures: artifact retained 30 days, then deleted.
• Studio captures: artifact retained 90 days, then deleted.
• Audit log entries: retained for the lifetime of the account plus any statutory retention obligation, then deleted.
• Account email + billing data: retained while the account exists. On account deletion: account email, captures, and metadata are wiped within 24 hours; Stripe records remain in Stripe per their retention policy.
• Server logs: 30 days, then auto-deleted.

We reserve the right to remove or restrict access to captured content at any time in response to lawful process, a valid takedown notice, a credible report of abuse, or breach of these Terms. When we remove content under any of these circumstances, the audit log records the removal, the basis, and the timestamp.

9. International transfers

Our primary infrastructure runs in AWS us-east-1. If you are outside the United States, your data will be processed in the United States. For EU/UK Operators, this transfer is covered by the Standard Contractual Clauses approved by the European Commission (and the UK Addendum where applicable). A copy of the relevant SCCs is available on request via the contact email at the bottom of this page.

10. Your rights

Regardless of where you live, you can:

• Access / export your data. Request a JSON dump of your account email, capture-metadata rows, audit-log entries, and the URLs of artifacts in your retention archive via the contact email at the bottom of this page; we deliver within 30 days.
• Delete your archived content. One-click delete in your account dashboard, per artifact or in bulk. The artifact is removed from object storage within 24 hours; the audit log retains a record of the deletion (the entry, not the artifact).
• Delete your account. One-click delete in account settings. Removes your email, archived artifacts, and capture-metadata rows within 24 hours.
• Correct inaccurate data. Email us; we’ll fix it within 7 days.
• Restrict or object to processing. If you believe we’re processing data we shouldn’t, email and tell us why; we’ll act on valid requests.

EU / UK / Switzerland Operators have additional GDPR / UK-DPA rights including the right to lodge a complaint with your local supervisory authority. California Operators have rights under the California Consumer Privacy Act (CCPA) including the right to know, the right to delete, the right to correct, and the right to opt out of sale or sharing of personal information; we do not sell or share personal information as those terms are defined under the CCPA. Other jurisdictions may grant additional rights. Your local laws are not displaced by anything in this policy.

11. Children

socials.download is not directed to children under 13. We do not knowingly create accounts for children under 13 and do not knowingly collect personal information from them. If you believe a child has registered an account, contact us via the email at the bottom of this page and we will delete it within 7 days.

12. Your responsibility for what you capture

We deliver public artifacts you direct us to. You are responsible for complying with each source platform’s terms of service, applicable copyright and data-protection law in your jurisdiction, and the privacy rights of people who appear in the content you capture. The Service is a tool; what you do with the artifacts is on you. See our Terms of Use and our Compliance Policy.

13. Changes to this policy

If we materially change how data is handled we will (a) update this page, (b) bump the “Last updated” date, and (c) email paid Operators at least 14 days before the change takes effect. The Chrome Web Store will also surface any new permissions before an update reaches your install.

14. Contact

Privacy questions and rights requests: contact@socials.download. We aim to respond within 5 business days and to fulfil rights requests within the statutory window applicable to your jurisdiction (typically 30 days).