Privacy Policy
sns-os(the "Service") is an internal SNS content management tool operated by an individual ("we", "our", "us") for the purpose of authoring, scheduling, and analyzing social media posts on SNS accounts owned by the operator.
This Privacy Policy explains what information the Service collects, how it is used, where it is stored, and how to request its deletion.
Last updated: 2026-05-11
1. Scope of this Policy
This Policy applies to:
- Use of the Service via the operator's own SNS accounts on Instagram, Threads, TikTok, and X
- Any data collected through SNS OAuth authorization granted to the Service
This Service is not a public-facing application. It is intended exclusively for the operator's internal use to manage their own SNS accounts. It is not advertised to or used by third parties.
2. Operator
| Item | Value |
|---|---|
| Operator | Individual operator (Japan) |
| Service name | sns-os |
| Contact | contact@sns-os.dev |
| Jurisdiction | Japan |
| Children | Not directed to children under 13 (not COPPA applicable) |
3. Information We Collect
3.1 SNS account credentials
When you (the operator) authorize the Service via SNS OAuth, we collect:
- Access token (short-lived, refreshed automatically)
- Refresh token (long-lived, used to obtain new access tokens)
- Token expiration timestamp
3.2 SNS account profile information
Obtained from each SNS's API at the time of authorization:
- Account handle (e.g.,
@awa_niki) - Account ID (platform-internal numeric or string ID)
- Public profile metadata (display name, profile picture URL) — used solely for display in operator-facing tooling
3.3 Post content and metadata
For each post created through the Service:
- Caption text, hashtags, and content body (authored by the operator)
- Media files (images / videos) uploaded for posting
- Post URL and post ID returned by the SNS after publication
- Scheduling time and publication time
3.4 Post metrics
Public metrics fetched from each SNS's API after publication:
- Views, likes, comments, shares
- (Instagram only) impressions, reach, saved
- (Threads only) replies, reposts, quotes
- Fetched at +1h, +24h, and +7d after publication
3.5 What we do NOT collect
- Personal data of viewers, followers, or non-operator users
- Direct messages or private content
- Browsing data, IP addresses, or device identifiers of viewers
- Payment information (none required)
- Analytics from third-party trackers (no Google Analytics, no Meta Pixel, etc.)
4. How We Use Your Information
| Purpose | Data used |
|---|---|
| Posting content to authorized SNS accounts | Access tokens + post content + media |
| Refreshing access tokens automatically | Refresh tokens |
| Fetching post metrics | Access tokens + post IDs |
| Displaying post status in operator tooling | Profile metadata + post metadata |
The Service does not:
- Sell, share, or transfer your data to third parties
- Use data for advertising or marketing purposes outside of the operator's own SNS posts
- Aggregate data across multiple users (the Service is single-operator)
5. Permissions (Scopes) We Request
The Service requests the minimum scopes required for its operation. Each scope and its purpose:
| Scope | Purpose |
|---|---|
instagram_business_basic |
Read account info (handle, ID, profile) for display |
instagram_business_content_publish |
Publish posts authored and approved by the operator |
instagram_business_manage_comments |
Read comments on operator's posts for metric aggregation |
instagram_business_manage_messages |
(Reserved for future operator-only message workflows) |
Threads
| Scope | Purpose |
|---|---|
threads_basic |
Read account info for display |
threads_content_publish |
Publish posts authored and approved by the operator |
threads_manage_insights |
Fetch metrics on operator's posts |
threads_manage_replies |
Read replies for metric aggregation |
threads_read_replies |
(Same as above, read-only access) |
TikTok
| Scope | Purpose |
|---|---|
user.info.basic |
Read account info for display |
video.upload |
Upload video content to TikTok |
video.publish |
Publish uploaded video as a post |
video.list |
Fetch metrics on operator's posts |
X (Twitter)
| Scope | Purpose |
|---|---|
tweet.read |
Read operator's own posts for metric aggregation |
tweet.write |
Publish posts authored and approved by the operator |
users.read |
Read account info for display |
6. Where We Store Your Information
| Storage location | What is stored | Encryption |
|---|---|---|
| Cloudflare Workers Secrets | Access tokens, refresh tokens, app secrets | Yes (encrypted at rest by Cloudflare) |
Cloudflare R2 bucket sns-os-assets |
Media files (images / videos) | Yes (encrypted at rest) |
| GitHub private repository | Post metadata, profile metadata, metrics (no tokens) | Yes (private repo, HTTPS in transit) |
All storage is on Cloudflare or GitHub infrastructure. The Service does not operate its own physical servers. We do not transfer your data outside of these providers.
7. How Long We Keep Your Information
| Data type | Retention |
|---|---|
| Access tokens | Until expiration; automatically rotated |
| Refresh tokens | Until you revoke authorization or delete the connection |
| Post metadata | Until the operator deletes the post record |
| Media files | Until the operator deletes the asset |
| Metrics | Until the operator deletes the related post record |
When you revoke authorization (via deauthorize callback or contact request), we delete the associated tokens immediately and the related metadata within 30 days.
8. Your Rights and How to Request Deletion
You may, at any time:
8.1 Revoke authorization
- Via SNS settings: Revoke the Service's authorization from your SNS app settings (Instagram / Threads / TikTok / X). This triggers our deauthorize callback at:
https://sns-os.dev/webhooks/instagram/deauthorizehttps://sns-os.dev/webhooks/threads/deauthorize- (TikTok and X follow each platform's own revocation flow)
- Upon receipt, we delete associated tokens immediately.
8.2 Request data deletion
- Via contact: Email
contact@sns-os.devwith subject "Data Deletion Request" - Via SNS data deletion callback (Meta only):
https://sns-os.dev/webhooks/instagram/data-deletionhttps://sns-os.dev/webhooks/threads/data-deletion- These endpoints validate the signed request using
META_APP_SECRETand process the deletion within 30 days
8.3 Response time
We commit to responding to deletion requests within 48 hours of receipt and completing deletion within 30 days.
9. Cookies and Tracking
The Service does not use cookies for tracking purposes. The Service does not include third-party trackers (Google Analytics, Meta Pixel, etc.).
The Service may use session cookies for OAuth flow state preservation; these are short-lived and contain no personally identifiable information.
10. Children's Privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact contact@sns-os.dev.
11. Changes to this Policy
We may update this Policy from time to time. All changes are recorded in the Changelog. The most recent Last updated date at the top of this Policy reflects the latest revision.
If significant changes affect how we handle your data, we will notify the operator (you) via the registered contact email at least 7 days before the changes take effect.
12. Governing Law
This Policy is governed by the laws of Japan. Any disputes shall be resolved in the courts of Japan.
13. Contact
For questions, deletion requests, or concerns:
- Email:
contact@sns-os.dev - Contact form:
https://sns-os.dev/contact
We commit to responding within 48 hours of receipt.
Last updated: 2026-05-11 Changelog | Terms of Service | 日本語版