Introduction
Welcome to Pavern. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Social Media Management (SMM) platform and our fully-managed services.
Information We Collect
Account Information: Your name, email address, and payment information when you subscribe.
Connected Social Media Accounts: When you connect your accounts (X/Twitter, LinkedIn, YouTube, Instagram, Facebook, TikTok) via OAuth, we receive authentication tokens. We do NOT store your social media passwords.
Platform Data: We fetch analytics data (likes, views, engagement) only to display in your Pavern dashboard.
How We Use Your Information
We use your data only to provide Pavern's core functions:
- To publish, schedule, and manage content on your behalf through our AI tools and your dashboard.
- To let the Pavern team help create content only when you assign a managed task.
- To generate performance analytics.
Third-Party API Services & Compliance
Pavern uses several third-party APIs. By using Pavern, you also accept the privacy policies of these platforms:
Google/YouTube: Pavern's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. YouTube Terms of Service · Google Privacy Policy
X (formerly Twitter): We strictly comply with the X Developer Agreement. We don't use X data for mass automation, spam, or unauthorized surveillance. Terms & Privacy Policy
Meta (Facebook & Instagram): We comply with the Meta Platform Terms and Developer Policies. We access only the accounts and content you authorize via OAuth, and never your password. Instagram · Facebook
TikTok: We comply with the TikTok Developer Terms of Service. We access only the content you authorize for publishing to your own account. Terms & Privacy Policy
LinkedIn: We comply with the LinkedIn API Terms of Use. We post only on your behalf to your own profile, with your explicit consent. Terms & Privacy Policy
Data Sharing & Disclosure
We don't sell your personal data. We share your data only with:
- Pavern Team: If you use our 'Fully Managed' plans, the team assigned to your workspace has limited access to your content calendar to perform your tasks.
- Service Providers: Secure hosting and payment processors like Stripe.
Data Retention & Deletion
You can revoke Pavern's access to your social media accounts at any time directly from your social media settings or the Pavern dashboard. After account deletion, your data and access tokens are securely deleted from our servers within 30 days. Manage or revoke Google/YouTube access
Data Security
We take the protection of your data seriously, especially sensitive data such as your account credentials and the access tokens for the social accounts you connect. We apply the following safeguards:
- Encryption in transit. All traffic between you and Pavern, and between Pavern and connected platforms (Google, Meta, X, LinkedIn, TikTok and others), travels over encrypted HTTPS/TLS connections.
- Encrypted token storage. The access and refresh tokens for your connected social accounts are stored encrypted at rest using AES-256-GCM. They are never sent to your browser or written to logs in plain text.
- Credential protection. Account passwords are stored only as salted, one-way hashes, never in plain text, and two-factor authentication (2FA) is available to further protect your account.
- Access controls. Access to data is gated by authentication and role-based permissions, and internal access follows the principle of least privilege.
- Payment data. We do not store your full card number. Payments are processed by a PCI-DSS-compliant payment provider.
- Data minimization and deletion. We collect only the data needed to provide the service and keep it only as long as necessary. You can disconnect any account or request deletion at any time; revoking access immediately removes our ability to use that data.
- Google user data (Limited Use). Data obtained through Google APIs is used solely to provide the features you request and is handled in accordance with the Google API Services User Data Policy, including its Limited Use requirements. It is never sold or used for advertising.
Have questions about this document? [email protected] Feel free to write to us.