Privacy Policy

Article 1 (Introduction)

Maria Communications Co., Ltd. (hereinafter “the Company”) establishes this Privacy Policy (hereinafter “this Policy”) regarding the handling of personal information and user data in the SNS management service “SocialHub” (hereinafter “the Service”) provided by the Company.

Article 2 (Information We Collect)

The Service collects the following information through OAuth authentication with the user's consent.

2-1. Instagram

• Profile information (username, account name, profile picture, etc.)
• Comments on posts
• Insights data (follower count, reach, engagement, etc.)

Scopes used: instagram_basic, instagram_manage_comments, instagram_manage_insights, pages_show_list, pages_read_engagement, business_management

2-2. Facebook

• Facebook Page information
• Post content and engagement (comments, reactions, etc.)
• Insights data (reach, impressions, etc.)

Scopes used: pages_show_list, pages_read_engagement, pages_read_user_content, pages_manage_engagement, read_insights, business_management

2-3. TikTok

• User profile information (display name, avatar image, etc.)
• Account statistics (follower count, following count, likes count, video count)
• Video list and engagement data (view count, like count, comment count, share count, etc.)

Scopes used: user.info.basic, user.info.stats, video.list

2-4. Google Business Profile

• Business/store information
• Reviews and review replies

Scopes used: https://www.googleapis.com/auth/business.manage

2-5. YouTube

• Channel information (channel name, icon image, etc.)
• Video list (title, thumbnail, publish date, etc.)
• Video performance data (view count, like count, comment count, etc.)

Scopes used: https://www.googleapis.com/auth/youtube.readonly

2-6. Threads

• Profile information (username, profile picture, etc.)
• Post content (text, images, videos, etc.)
• Insights data (views, likes, reposts, quotes, etc.)

Scopes used: threads_basic, threads_manage_insights

2-7. Other Information

• Email address and password registered with the Service (managed through Firebase Authentication)
• Usage logs (access time, operations performed, etc.)

Article 3 (Purpose of Use)

The Company uses the collected information for the following purposes:

• Visualizing SNS management status (health dashboard display)
• Centralized management of comments and reviews, and providing reply functionality
• Engagement analysis and report generation
• Post calendar management
• Sending alert notifications
• Improving the Service and developing new features

Article 4 (Data Storage and Security)

• Collected data is stored in encrypted form on Firebase Firestore (Google Cloud).
• OAuth authentication tokens are stored in an isolated area accessible only from the server side (_tokenVault collection) and are not directly accessible from the client side.
• Session cookies are set with HttpOnly, Secure, and SameSite=Lax attributes, with a validity period of 14 days.
• Access control is implemented through Firestore security rules and role-based access control (RBAC).

Article 5 (Disclosure to Third Parties)

The Company will not provide collected information to third parties without the user's explicit consent, except in the following cases:

• When required by law
• When necessary for the protection of life, body, or property, and obtaining consent is difficult
• When using infrastructure services such as Firebase (Google Cloud) to the extent necessary for operating the Service

Article 6 (Data Deletion)

• When a user disconnects an SNS account, the OAuth authentication tokens and related cached data for that platform will be promptly deleted.
• Users may request deletion of their account. Upon account deletion, all data associated with the user will be deleted.
• Users may request data deletion through any of the following methods:
  • Execute “Delete Account” from the Service settings page
  • Disconnect individual SNS integrations from the Service settings page
  • Send a deletion request via email to the contact address listed at the end of this Policy
• For Meta platforms (Instagram, Facebook, Threads), users may also request disconnection and data deletion from each platform's app settings page. Upon receiving such a request, the Company will promptly delete the relevant data and issue a confirmation code.
• All relevant data will be deleted within 30 days of receiving a deletion request. Deleted data cannot be recovered.

Article 7 (Use of Cookies)

The Service uses cookies for session management purposes. Cookies are used for user authentication and session maintenance and are not used for advertising or tracking purposes. Users may disable cookies through browser settings, but some features of the Service may become unavailable.

Article 8 (Changes to This Policy)

The Company may modify this Policy as necessary. The revised Privacy Policy will take effect from the time it is posted on this page. Users will be notified within the Service if significant changes are made.

Article 9 (Contact)

For inquiries regarding this Policy, please contact: