Legal

Privacy Policy

Effective: May 10, 2026 · Operator: Sky Vista Consulting · Contact: dev@skyvistaconsulting.com

See also our Terms of Service, which govern your use of the Service.

At a glance

  • · We collect only what we need to run audits for you: your email, the content you ask us to analyze, and (if you connect them) read-only access tokens for your social accounts.
  • · We never post on your behalf, never sell your data, and never share it with advertisers.
  • · You can disconnect any social account from Connections at any time. Tokens are deleted immediately.
  • · You can request full account deletion by emailing dev@skyvistaconsulting.com. We process deletions within 30 days.

1. Who we are

SociLynx is operated by Sky Vista Consulting ("we", "us", or "our"). The service is accessible at https://socilynx.skyvista360.com and helps creators, agencies, and marketers analyze their social media content against an AI-powered viral scoring system, and receive suggestions for improvement.

This policy explains what personal information we collect when you use the service, why we collect it, how we use it, who we share it with, and the choices you have. If anything here is unclear, email dev@skyvistaconsulting.com and a real human will reply.

2. Information we collect

Account information. When you sign up we collect your email address, optionally your full name, and a password that we store as a one-way bcrypt hash (we cannot read or recover your password). If you sign in with Google we instead store a Google account identifier and your email; no password is created.

Content you submit. When you run an audit we store the caption, hashtags, optional engagement metrics (likes, comments, shares, views, follower count, posted hour), the source URL if you provide one, and the audit result that our analyzer produces. This is the data the service exists to process.

Connected social accounts. If you choose to connect a YouTube, Facebook, Instagram, or TikTok account, we store the OAuth access token and refresh token (when provided) issued by that platform, along with the linked account's public display name and provider user ID. Tokens are stored encrypted at the application boundary and used only to read public metadata of content you ask us to analyze.

Billing information. If you subscribe to a paid plan we store a Stripe customer identifier and your subscription status. Card numbers, CVC, and billing addresses are handled directly by Stripe and never touch our servers.

Email reports. Free-tier users receive their audit reports by email. Sending happens via Resend; the recipient address is your own account email. We do not send marketing email.

Cookies and session. We set a single HTTP-only session cookie (named va_session) that keeps you logged in. If reCAPTCHA is enabled on signup, Google will set its own cookies for bot detection — see Google's policy for those. We do not run third-party analytics or advertising trackers.

Server logs. Our hosting provider records standard web server logs (IP address, request URL, user agent, timestamp). These are kept for at most 30 days and used solely for security, debugging, and abuse prevention.

3. How we use your information

  • To run the audit service: scoring your content, generating suggestions, building PDF reports.
  • To fetch the post or video metadata you ask us to analyze from a connected platform, using the OAuth scopes you granted.
  • To deliver transactional email — your audit report, billing receipts (via Stripe), and security notifications.
  • To bill you and apply plan limits (number of audits per month) when you subscribe.
  • To detect abuse, debug errors, and improve the service. We do not train AI models on your content.
  • To comply with legal obligations and respond to lawful requests from authorities.

4. Service providers we share data with

We share narrowly-scoped data with the following processors so that the service can function. None of them sell your data.

  • DigitalOcean — hosting infrastructure (servers in the United States).
  • Stripe, Inc. — payment processing for paid-plan subscriptions. Stripe is the controller of your card data; we receive only a customer ID and subscription metadata.
  • Resend — transactional email delivery for audit reports.
  • Anthropic, PBC — when AI-powered analysis is enabled, the caption, hashtags, and engagement metrics you submit are sent to Anthropic's Claude API to generate suggestions. Anthropic does not train its models on data submitted via API. See Anthropic's privacy and usage policies for details.
  • Amazon Web Services (S3) — when enabled, paid-tier PDF reports are archived in S3 for re-download.
  • Google LLC — for "Sign in with Google" and the YouTube Data API. We receive only the public profile, email, and YouTube data the OAuth scopes permit.
  • Meta Platforms, Inc. — Facebook and Instagram Graph API access via OAuth, scoped to Pages you administer.
  • TikTok Pte. Ltd. — TikTok Login Kit and Display API, scoped to your own video metadata.

We will disclose information when required by law (subpoena, court order, lawful authority request) and may transfer information as part of a corporate event such as a merger or acquisition; in that case we will give you prior notice and the opportunity to delete your account.

5. TikTok-specific disclosures

When you connect a TikTok account to SociLynx, we comply with TikTok's Developer Terms of Service and Login Kit guidelines. Specifically:

  • What we access: only the scopes you grant during the consent screen — currently user.info.basic (your display name, avatar, open ID) and video.list (titles, descriptions, public statistics of your own videos).
  • What we do with it: we use this data exclusively to populate the audit form when you ask us to analyze a specific TikTok video. We do not aggregate it, resell it, or share it with third parties beyond the processors listed in section 4.
  • Token storage: access and refresh tokens are stored in our database and used only to fetch the metadata of videos you submit for an audit. Tokens never leave our backend.
  • Revoking access: you can disconnect TikTok at any time from /dashboard/connections — this deletes the tokens immediately. You may also revoke access from your TikTok account settings under "Manage app permissions."
  • Deletion requests: emailing dev@skyvistaconsulting.com with the subject "TikTok data deletion" will purge all TikTok-derived data (tokens, fetched video metadata stored in audits) from our systems within 30 days. We will confirm completion by reply.

SociLynx is not endorsed by, sponsored by, or affiliated with TikTok. TikTok and the TikTok logo are trademarks of their respective owner.

6. Google and Meta-specific disclosures

Google API Services User Data Policy. Our use of information received from Google APIs (YouTube Data API, Google Sign-In) adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use YouTube data only to provide the in-product features described above (auto-filling audit forms with public video metadata) and do not use it to display advertising.

Meta Platform Terms. When you connect a Facebook Page or Instagram Business account, we comply with Meta's Platform Terms and Developer Policies. We process Page and Instagram media metadata only to fulfill the audit feature you initiate, retain it only as long as the corresponding audit row exists, and delete it on disconnect or account deletion.

7. Data retention

  • Account data is kept for as long as your account is active.
  • Audit history is kept until you delete it or close your account.
  • OAuth tokens for connected accounts are deleted within minutes of you disconnecting that account.
  • Subscription records are retained for as long as required by tax and accounting law (typically up to 7 years), with personal identifiers minimized after the subscription ends.
  • Server logs are kept for at most 30 days and are then automatically purged.

When you delete your account, we erase your account record, all of your audits, all OAuth tokens, and any cached fetched metadata. Backups are overwritten on a 30-day cycle, after which residual copies are gone.

8. Your rights

No matter where you live, we honor the following rights for everyone using SociLynx:

  • Access — request a copy of the data we hold about you.
  • Correction — fix anything inaccurate yourself in your account, or email us if you can't.
  • Deletion — close your account and have associated data erased within 30 days.
  • Portability — receive your audit history in a machine-readable format.
  • Withdraw consent — disconnect a social account, cancel a subscription, or delete the account at any time.
  • Object / restrict processing — for users in the EU, EEA, UK, and Switzerland under the GDPR.
  • Do not sell my personal information — for California residents under CCPA/CPRA. We never sell or "share" personal information for cross-context behavioral advertising.

To exercise any of these, email dev@skyvistaconsulting.com. We respond within 30 days. If you are in the EEA you also have the right to lodge a complaint with your local supervisory authority.

9. Security

All traffic to and from socilynx.skyvista360.com is encrypted with TLS 1.2+. Passwords are stored as bcrypt hashes with a random salt. Session tokens are signed JWTs in HTTP-only, SameSite=Lax cookies. OAuth tokens are restricted to the minimum scopes required and stored only on our application server. Stripe handles cardholder data — it never reaches our infrastructure.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to dev@skyvistaconsulting.com. We will acknowledge within 72 hours.

10. Children's privacy

SociLynx is not directed at children under 13 (or 16 in the EEA, UK, and certain other jurisdictions). We do not knowingly collect personal information from children. If you believe a child has signed up, email us and we will delete the account.

11. International data transfers

Sky Vista Consulting operates from the United States. By using the service, you consent to your information being processed in the United States. For users in the EEA, UK, and Switzerland, transfers occur under appropriate safeguards (Standard Contractual Clauses or equivalent) where required.

12. Changes to this policy

When we make a change that materially affects how we handle your information, we will update the effective date at the top, post the updated policy at this URL, and email registered users at least 14 days before the change takes effect. Continued use of the service after that date is your acceptance of the updated policy.

13. Contact us

If you have questions, requests, or complaints about this policy or about how your information is handled, email us at dev@skyvistaconsulting.com.

Sky Vista Consulting · Operator of SociLynx · socilynx.skyvista360.com

This page is the operating privacy policy of SociLynx as of the effective date above. It describes our actual data handling practices honestly. If you are a customer evaluating SociLynx for compliance-sensitive use, contact us for a Data Processing Addendum.