← Back to SocialMate

Privacy Policy

Last updated: April 13, 2026 · Gilgamesh Enterprise LLC

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how we protect it.

1. Who We Are

SocialMate (also referred to as "SocialMate" in all connected third-party platform applications, including but not limited to TikTok, Meta, LinkedIn, and Google developer integrations) is a social media scheduling and content management platform operated by Gilgamesh Enterprise LLC, a Wyoming limited liability company ("we", "us", "our"). Our Service is available at socialmate.studio and associated domains and applications.

For all privacy-related questions, requests, or concerns, contact our privacy team at: socialmate.updates@gmail.com

We will respond to all privacy inquiries within 30 days.

2. Information We Collect

2.1 Information You Provide Directly

  • Email address and password when you create an account
  • Display name and optional profile information
  • Social media content, captions, hashtags, and media files you upload or schedule
  • Payment information processed by Stripe (we never receive or store full card numbers — Stripe handles all payment data)
  • Team member email addresses when you send workspace invitations
  • Client workspace names and descriptions
  • Communications you send to our support team
  • Prompts and instructions you enter into AI features
  • Newsletter opt-in preference (stored in Supabase user metadata)
  • SM-Give donation history, if you choose to make in-app donations
  • Affiliate program participation data, including referral activity and payout information
  • Twitch account data when you connect Twitch via OAuth: channel ID, channel name, and channel avatar. We store OAuth access and refresh tokens to fetch your clips on your behalf.
  • YouTube channel URL you provide when connecting a YouTube channel for clip browsing. We do not require or store a YouTube OAuth token — channel data is retrieved via public RSS feed.
  • Email address submitted on the Gilgamesh's Guide waitlist (/gilgamesh), used solely to notify you when the guide is available. This list is separate from your SocialMate account and may be unsubscribed from at any time.

2.2 Information Collected Automatically

  • OAuth access tokens and refresh tokens from social platforms you authorize
  • Post engagement analytics (likes, comments, shares, impressions) fetched from connected platform APIs
  • Feature usage data and interaction events (e.g., which tools you use, scheduling frequency)
  • IP address and general geographic region (country/state) for security and fraud prevention
  • Browser type and version, operating system, device type for compatibility and debugging
  • Session identifiers and authentication tokens
  • Error logs and diagnostic data when the Service encounters issues
  • Vercel Analytics data: page views, navigation patterns (anonymized, no personal identifiers)

2.3 Information from Third Parties

  • Public profile information from social platforms you connect (name, username, avatar, follower count)
  • Post performance metrics from connected platform APIs
  • Billing and subscription status information from Stripe
  • Twitch clip metadata (clip title, thumbnail URL, view count, duration, clip URL) fetched via the Twitch API using your connected OAuth token or via app-level credentials when you use the "Search Any Channel" feature to browse public channels
  • YouTube video metadata (video title, thumbnail URL, publish date, video URL) fetched via public RSS feed for the channel URL you provide. No YouTube user account data is accessed.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal grounds:

  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Service you signed up for — account management, scheduling posts, billing.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, product improvement, analytics. We balance our interests against your rights and will not override them.
  • Legal Obligation (Art. 6(1)(c) GDPR): Retaining billing records for tax and accounting compliance.
  • Consent (Art. 6(1)(a) GDPR): Marketing communications (you can withdraw consent at any time).

4. How We Use Your Information

  • To create, manage, and authenticate your account
  • To publish and schedule posts to your connected social accounts on your behalf
  • To process subscription payments and manage billing through Stripe
  • To send transactional emails: account confirmations, team invitations, billing receipts, password resets
  • To generate AI-powered content suggestions (your prompts and context are sent to Google Gemini API)
  • To display post analytics and scheduling calendars
  • To enforce our Terms of Service and prevent abuse
  • To detect and prevent fraud, security incidents, and unauthorized access
  • To diagnose technical problems and improve the reliability of the Service
  • To analyze aggregate usage patterns and improve the Service (using anonymized data)
  • To comply with legal obligations, including responding to valid legal requests
  • To power the Clips Studio feature: fetching your Twitch clips via your connected OAuth token and your YouTube videos via public RSS, and pre-filling the post composer when you click "Schedule" on a clip or video
  • To send a 3-email onboarding sequence (welcome, day 2 tip, day 5 check-in) via Resend upon account creation. These are service-related communications and are sent regardless of marketing preferences.
  • To send product update announcements and newsletters (only with your consent; unsubscribe at any time)
  • To notify Gilgamesh's Guide waitlist subscribers when the guide becomes available (separate opt-in, separate list)

We do not sell your personal data to third parties. We do not use your content or prompts to train our own AI models.

5. Third-Party Services and Data Sharing

We share your data with the following service providers solely to the extent necessary to operate the Service. Each provider has their own privacy policy:

  • Supabase — database hosting and authentication. Data stored on AWS infrastructure in the United States. supabase.com/privacy
  • Stripe — payment processing and subscription management. PCI DSS Level 1 certified. stripe.com/privacy
  • Google Gemini API — AI content generation. Your prompts are transmitted to Google for processing. ai.google.dev/terms
  • Resend — transactional email delivery (account, billing, team invites). resend.com/privacy
  • Vercel — application hosting, CDN, and privacy-friendly analytics. vercel.com/legal/privacy-policy
  • Inngest — background job and scheduled task processing. inngest.com/privacy
  • Twitch — when you connect Twitch, we use your OAuth token to fetch your clips via the Twitch API. The "Search Any Channel" feature uses app-level credentials (not your account) to access public clip data from any channel you search. twitch.tv privacy policy
  • YouTube (Google) — when you connect a YouTube channel, we access that channel's public RSS feed using the URL you provide. No YouTube OAuth token is required or stored. google.com/policies/privacy
  • TikTok — the SocialMate application on TikTok's developer platform is registered under the name "SocialMate." When you connect TikTok, we request scopes for user.info.basic, video.publish, and video.upload to enable content publishing on your behalf. We do not access, store, or analyze your TikTok content beyond what is necessary to publish posts you schedule through SocialMate. TikTok Privacy Policy
  • Connected Social Platforms — data is shared with platforms you explicitly authorize for post scheduling: Bluesky, Discord, Mastodon, Telegram, and X/Twitter (live). LinkedIn, YouTube posting, Reddit, Instagram, Facebook, Pinterest, and TikTok (planned). Each platform's own privacy policy governs their data use.

We do not share your personal data with advertising networks, data brokers, or analytics companies beyond the privacy-friendly analytics described above. We may disclose your data if required by law, court order, or valid government request, or to protect the rights, property, or safety of Gilgamesh Enterprise LLC, our users, or the public.

In the event of a business acquisition, merger, or sale of substantially all of our assets, your data may be transferred to the acquiring entity, subject to the same privacy protections. We will notify you via email or prominent in-app notice before such a transfer.

6. Affiliate Program Data

If you participate in the SocialMate affiliate program, we collect and store additional data in order to administer the program and meet our legal obligations:

  • Affiliate earnings and commission data — referral counts, conversion events, commission amounts, and payout history
  • Tax documentation — W-9 or equivalent forms required for IRS reporting. This data is stored securely and used solely for tax compliance purposes. It is never shared with other users or third parties except as required by law.
  • Stripe Connect account information — Stripe processes all affiliate payouts. We share only the data necessary to facilitate payment. Please review stripe.com/privacy for details on how Stripe handles this data.

Affiliate data is retained for 7 years to comply with tax reporting requirements, even after you leave the program or close your account.

7. SM-Give Data

When you make a voluntary in-app donation through the SM-Give program, we store the donation amount and a reference to the platform session or feature that initiated the donation. This data is used for SM-Give reporting and charitable allocation purposes. It is not shared with third parties beyond what is necessary to process the transaction via Stripe.

8. Advertising and Data Sales Policy

SocialMate never sells user data to advertisers. We never display third-party advertisements within the platform. We do not share personal data with listing applicants or approved listing partners in Studio Stax (/studio-stax) beyond what you explicitly choose to share. Approved listings are curated directory entries on a dedicated page and do not receive access to user data, usage patterns, or any other information collected by the Service.

9. Data Storage and Security

Your data is stored on Supabase's infrastructure, hosted on AWS in the United States. We implement the following security measures:

  • Row Level Security (RLS) on all database tables — users can only access their own data
  • OAuth tokens for connected platforms are stored encrypted at rest
  • Passwords are hashed using bcrypt via Supabase Auth and are never stored in plain text
  • All data in transit is encrypted via TLS 1.2 or higher
  • Stripe handles all payment card data — we never receive or store card numbers
  • Access to production systems is restricted to authorized personnel only

Despite these measures, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by applicable law within 72 hours of becoming aware of the breach.

10. International Data Transfers

Our Service is operated from the United States. If you are accessing the Service from outside the United States, your personal data will be transferred to, processed, and stored in the United States.

For EEA, UK, and Swiss users: When we transfer your personal data to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and/or other applicable data transfer mechanisms, to ensure adequate protection of your data. By using the Service, you acknowledge that your data will be processed in the United States, where data protection laws may differ from those in your country.

11. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data, posts, and content: retained while your account is active; deleted within 30 days of account deletion
  • Connected platform OAuth tokens: deleted immediately upon platform disconnection or account deletion
  • Billing and transaction records: retained for up to 7 years for tax and accounting compliance, even after account deletion
  • Support communications: retained for 2 years
  • Security logs and IP records: retained for 90 days
  • Anonymized analytics data: may be retained indefinitely as it cannot identify you

After the applicable retention period, data is securely deleted or anonymized.

12. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

All Users:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated personal data (right to be forgotten)
  • Portability: Request your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing emails at any time via the unsubscribe link

EEA / UK / Switzerland (GDPR / UK GDPR):

  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: File a complaint with your local supervisory authority (e.g., ICO in the UK, your national DPA in the EEA)

California Residents (CCPA / CPRA):

  • Know: Right to know what personal information we collect, use, disclose, and sell
  • Delete: Right to delete personal information we have collected from you
  • Correct: Right to correct inaccurate personal information
  • Opt-Out of Sale: We do not sell personal information. You do not need to opt out.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
  • To submit a CCPA request, contact us at socialmate.updates@gmail.com with "CCPA Request" in the subject line

To exercise any of these rights, email socialmate.updates@gmail.com with your request. We will respond within 30 days. We may need to verify your identity before processing certain requests. We will not charge a fee for reasonable requests.

13. Account Deletion and Data Removal

You can request deletion of your account and personal data at any time by:

  • Emailing socialmate.updates@gmail.com with "Delete My Account" in the subject line, or
  • Using the account deletion option in your account settings (if available)

Upon receiving a valid deletion request, we will:

  • Immediately cancel any active subscription (no pro-rated refunds)
  • Revoke all connected platform OAuth tokens
  • Delete all posts, drafts, content, workspace data, and profile information within 30 days
  • Remove your email from all marketing lists immediately
  • Retain billing records for up to 7 years as required by law

Note: Deleted data cannot be recovered. Connected social platform posts that were already published will remain on those platforms and must be deleted directly on each platform.

14. Cookies and Tracking

SocialMate uses the following types of cookies:

  • Essential / Authentication Cookies: Required for you to log in and use the Service. Cannot be disabled. These include session tokens managed by Supabase Auth.
  • Preference Cookies: Remember your settings like dark/light mode.
  • Analytics Cookies (Vercel): Privacy-friendly, cookieless analytics from Vercel. No personal identifiers, no cross-site tracking.

We do not use: advertising cookies, Google Analytics, Facebook Pixel, retargeting cookies, or any third-party tracking cookies.

15. Children's Privacy

SocialMate is not directed at, designed for, or intended to be used by children under the age of 13. We do not knowingly collect personal information from children under 13.

Users between 13 and 17 years of age must have verifiable parental or legal guardian consent prior to using the Service. By using the Service, users in this age range represent that they have obtained such consent.

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at socialmate.updates@gmail.com. We will promptly delete such information.

16. Do Not Track

Some browsers transmit "Do Not Track" signals. Because there is no consistent industry standard for how to respond to these signals, SocialMate does not currently alter its data collection practices based on Do Not Track signals. Our use of analytics is limited to the privacy-friendly Vercel Analytics described in Section 14.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send a notification email to all registered users at least 30 days before changes take effect
  • Display a prominent in-app notice for material changes

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with the changes, you must stop using the Service and may request account deletion.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

18. Contact Us

For any privacy-related questions, concerns, or requests, please contact us:

Gilgamesh Enterprise LLC

Privacy Team

Email: socialmate.updates@gmail.com

Website: socialmate.studio

Wyoming, United States

We commit to responding to all privacy inquiries within 30 days. For urgent data breach concerns or requests relating to children's data, please mark your email "URGENT".