Privacy Policy

Last updated: 19 February 2026

SocialRouter is committed to protecting your privacy and handling your personal data transparently. This policy explains what data we collect, why we collect it, how we process it, and what rights you have under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

SocialRouter

Operated by Anders Hoffmann

Denmark, European Union

Email: privacy@socialrouter.eu

2. Data We Collect

2.1 Account Data

When you register for a SocialRouter account, we collect:

  • Name and email address
  • Password (stored as a cryptographic hash, never in plain text)
  • Company name (optional)

2.2 Social Media Connection Data

When you connect a social media account through our platform, we store:

  • OAuth access tokens and refresh tokens (encrypted at rest)
  • Platform user/page identifiers
  • Profile name and profile picture URL
  • Granted OAuth scopes

2.3 Content Data

Content you create or schedule through SocialRouter:

  • Post text, images, and other media
  • Scheduling metadata (dates, times, target platforms)
  • Publishing status and error logs

2.4 Usage & Technical Data

We collect technical data to operate and improve the service:

  • IP address and approximate geolocation (country level)
  • Browser type, operating system, and device type
  • Pages visited, features used, and timestamps
  • API request logs (endpoint, status code, response time)

2.5 Payment Data

Payment processing is handled by our payment processor. We do not store full credit card numbers. We receive and store:

  • Last four digits of your card number
  • Card brand and expiry month/year
  • Billing address
  • Transaction history and invoice records

3. Legal Bases for Processing

Under GDPR Article 6, we process your data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the SocialRouter service you signed up for, including account management, content publishing, and API access.
  • Legitimate interest (Art. 6(1)(f)): Service security, fraud prevention, usage analytics for product improvement, and communication about service changes.
  • Consent (Art. 6(1)(a)): Marketing emails and optional analytics cookies. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): Tax records, fraud reporting, and compliance with lawful requests from authorities.

4. How We Use Your Data

  • Providing and operating the SocialRouter platform
  • Publishing content to your connected social media accounts
  • Authenticating your identity and managing your account
  • Processing payments and maintaining billing records
  • Sending transactional emails (account confirmations, security alerts, service updates)
  • Improving the service through aggregated, anonymized usage analytics
  • Detecting and preventing fraud, abuse, and security threats
  • Complying with legal obligations

5. EU Hosting & Data Residency

All SocialRouter infrastructure is hosted within the European Union. Your data is stored and processed exclusively on servers located in EU data centres.

We do not transfer your personal data outside the EU/EEA. In the event that a future sub-processor requires data transfer outside the EEA, we will ensure appropriate safeguards are in place (such as EU Standard Contractual Clauses) and will update this policy accordingly.

When you instruct SocialRouter to publish content to third-party social media platforms, that content is transmitted to those platforms via their APIs. This may involve data transfer to servers outside the EU, as determined by each platform's own data policies. This transfer is initiated by your explicit instruction and is necessary for the performance of the service.

6. Third-Party Processors

We share your data only with processors that are necessary to operate the service. All processors are bound by Data Processing Agreements (DPAs) compliant with GDPR Article 28.

ProcessorPurposeData Location
Microsoft AzureCloud infrastructure & hostingEU (West Europe)
StripePayment processingEU
PostmarkTransactional email deliveryEU

Social media platforms (LinkedIn, Facebook/Meta, X, etc.) receive content only when you explicitly instruct SocialRouter to publish to those platforms. Each platform operates as an independent data controller under their own privacy policies.

7. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of account deletion, unless required for legal obligations.
  • OAuth tokens: Deleted immediately when you disconnect a platform, or within 30 days of account deletion.
  • Content & posts: Retained for the duration of your account. Deleted within 30 days of account deletion.
  • API & audit logs: Retained for 90 days, then automatically purged.
  • Billing & tax records: Retained for 5 years after the last transaction, as required by Danish and EU tax law.
  • Analytics data: Aggregated and anonymized within 90 days. Anonymized data is not subject to retention limits.

8. Your Rights Under GDPR

As an EU data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Art. 18): Request that we limit how we use your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format (JSON).
  • Right to object (Art. 21): Object to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time for processing based on consent.

To exercise any of these rights, email privacy@socialrouter.eu. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Denmark, this is the Datatilsynet.

9. Cookies

We use a minimal set of cookies:

  • Strictly necessary cookies: Session authentication, CSRF protection. These are essential for the service to function and do not require consent.
  • Analytics cookies (optional): Anonymous, aggregated usage data to improve the product. Only set with your explicit consent.

We do not use advertising cookies or tracking pixels. We do not sell your data to third parties.

10. Children

SocialRouter is a business-to-business service and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to all registered users at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

If you have questions about this privacy policy or how we handle your data, contact us at:

privacy@socialrouter.eu

For general support inquiries, email hello@socialrouter.eu.