Privacy Policy

Schematix AI ("Schematix", "we", "us", "our") operates Social Media Reply Manager ("the Service"), a SaaS platform that lets you configure automated responses to events on third-party social media platforms.

This Privacy Policy explains what information we collect when you use the Service, how we use it, who we share it with, and the choices you have. It applies to the Service marketed at ssmrm.schematixcorp.com and any related Schematix-hosted endpoints.

Account information. When you sign up we collect your name, email address, and a hashed password. You may also choose to verify your email; we store verification tokens until they expire or are consumed.

Social platform connections. When you connect a third-party social platform (e.g. Instagram, Messenger, TikTok) we receive an OAuth access token, refresh token, token expiry, and basic account metadata (account id, handle, profile name). Tokens are stored encrypted at rest.

Social platform events. Once a platform is connected, the Service receives webhook events the platform sends to us (comments, mentions, direct messages, story mentions, shares). We normalize these into an internal event format, retain the original payload for diagnostics, and use them to evaluate the automation rules you have configured.

Automation activity. Each time a rule fires we log the rule, the matching event, the action taken, and the resulting platform response (success, failure, error message). You can view this activity from your dashboard.

Billing information. Subscription billing is handled by Stripe. We do not store full card details; we receive and retain a Stripe customer id, plan identifier, subscription status, and payment metadata sufficient to reconcile your account.

Technical data. Standard server logs (IP address, user agent, timestamps, error traces) are retained for operational and security purposes.

• Operate the Service — authenticate you, run your automation rules, deliver replies on your behalf.
• Communicate with you — send transactional email such as verification, password resets, payment receipts, and important service updates.
• Bill you — process subscription payments via Stripe and reconcile invoices.
• Secure the Service — detect abuse, prevent fraud, debug failures, comply with the policies of the social platforms you connect.
• Improve the Service — analyze aggregated usage to prioritize features and fix reliability issues.

We share information only with the third parties needed to run the Service:

• Social media platforms (Meta Platforms, TikTok, X, Google/YouTube, LinkedIn) — we send and receive data via their APIs solely to fulfill the actions you configure. Their use of your data is governed by their own privacy policies.
• Stripe — payment processing.
• Email delivery — transactional email is sent via our configured SMTP provider.
• Infrastructure providers — cloud hosting, managed databases, and logging services.
• Authorities — when required by law, valid legal process, or to defend our rights.

We do not sell your personal information, and we do not share it with advertisers or data brokers.

We retain your account, connected platform credentials, and automation configurations for as long as your account is active. Webhook events and execution logs are retained for diagnostic and audit purposes for up to 12 months.

When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law (for example, tax records related to payments) or for the establishment, exercise, or defense of legal claims.

Depending on where you live, you may have rights to access, correct, port, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, email us at privacy@schematixcorp.com. We will respond within the period required by applicable law.

You can disconnect any social platform from your dashboard at any time; this revokes our stored OAuth credentials for that platform and stops further event processing for the disconnected account.

We use encryption in transit (TLS) for all traffic between you and the Service. OAuth access and refresh tokens for connected social platforms are encrypted at rest. Passwords are stored hashed; we do not have access to your plaintext password. Despite reasonable safeguards, no internet-based service can be guaranteed completely secure.

The Service uses cookies and similar browser storage to keep you signed in, remember your preferences, and operate basic site functionality. We do not use third-party advertising cookies. You can disable cookies in your browser, but parts of the Service may not function correctly without them.

The Service is operated from the United States. If you access it from elsewhere, you understand that your information will be transferred to, stored, and processed in the United States and any other country where our infrastructure or processors operate.

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes we will update the effective date above and, where required, notify you by email or in-product notice. Continued use of the Service after a change indicates your acceptance of the updated policy.

Questions or requests? Email privacy@schematixcorp.com.

See also our Terms of Service.