Privacy Policy
Effective Date: March 18, 2026
Last Updated: March 18, 2026
Alpha Version Data Notice
status: 200 | uploads is currently in alpha development. Data handling processes may change as we improve our systems. While we implement industry-standard security measures, please be aware that the platform is under active development. We recommend not storing critical or sensitive content during this alpha phase.
Welcome to status: 200 | uploads ("Service," "Platform," "we," "us," or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our social media automation platform at status200uploads.com, including our web application, API, and all related services.
By creating an account, connecting social media accounts, uploading media, or using our API, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.
1. Information We Collect
We collect information in several ways depending on how you interact with our Service:
1.1 Account Information
When you create an account, we collect:
- Email address
- Password (stored in hashed form; we never store or have access to your plaintext password)
- Full name
- Account creation date and timestamps
1.2 Social Media Account Data
When you connect social media accounts via OAuth authorization, we collect and store the following data from each platform:
TikTok
- OAuth access token and refresh token
- Token expiration timestamps
- TikTok Open ID (unique account identifier)
- Display name and username
- Granted permission scopes (user.info.basic, video.upload, video.publish)
- OAuth access token (long-lived, approximately 60-day validity)
- Instagram User ID
- Username, account type, profile picture URL
- Granted permission scopes (instagram_business_basic, instagram_business_content_publish)
- User access token (exchanged for long-lived token)
- Facebook Page ID and Page name
- Page profile picture URL and page category
- Granted permission scopes (pages_manage_posts, pages_read_engagement, pages_show_list)
YouTube
- OAuth access token and refresh token
- YouTube Channel ID and channel title
- Channel thumbnail URL
- Subscriber count and video count
- Token expiration timestamps
- Granted permission scopes (youtube.upload, youtube.readonly)
X (Twitter)
- OAuth 2.0 access token and refresh token
- X User ID and username
- Display name and profile image URL
- Follower count and tweet count
- Token expiration timestamps and PKCE code verifier
- Granted permission scopes (tweet.read, tweet.write, users.read, offline.access)
- OAuth 2.0 access token and refresh token
- LinkedIn Member ID (unique account identifier)
- Name and profile picture URL (via OpenID Connect)
- Email address (via OpenID Connect)
- Token expiration timestamps
- Granted permission scopes (openid, profile, w_member_social)
- OAuth tokens (access token, refresh token)
- Profile information (username, profile image URL)
- Board information (board IDs, board names)
- Token expiration timestamps
- Granted permission scopes (boards:read, pins:read, pins:write, user_accounts:read)
Threads
- OAuth tokens (access token, refresh token)
- Threads user ID and username
- Threads profile picture URL
- Published Threads post IDs and permalinks
- Engagement metrics (views, likes, replies, reposts, quotes) for your posts
- Token expiration timestamps
- Granted permission scopes (threads_basic, threads_content_publish, threads_manage_insights)
1.3 Media and Content Data
When you upload media or create posts, we collect:
- Uploaded image and video files (JPEG, PNG, WebP, MP4, MOV, WebM)
- File metadata including file name, file size, file type, and upload timestamp
- Post content including captions, hashtags, mentions, and platform-specific metadata (e.g., YouTube video titles, descriptions, tags, privacy settings, categories)
- Scheduling preferences such as post time, target platforms, and posting settings (e.g., TikTok privacy levels, branded content flags, comment/duet/stitch toggles)
1.4 Payment Information
When you subscribe to a paid plan:
- We do NOT collect or store your credit card number, CVV, or other payment card details
- All payment processing is handled by Whop, Inc., our third-party payment processor
- We store your Whop membership ID and user ID to link your payment account
- We store subscription metadata including plan type, subscription status, billing period dates, and plan ID
- Whop webhook event records are processed for billing reconciliation
1.5 API Usage Data
When you use our REST API, we collect:
- API key used for authentication
- API endpoint and HTTP method called
- Request body and response body
- IP address and User-Agent header
- HTTP status code and response time
- Error messages (if any)
- Request timestamp
1.6 Automatically Collected Data
When you access the Service, we may automatically collect:
- IP address
- Browser type and version
- Operating system
- Referring URLs
- Pages visited and features used within the Service
- Date and time of access
2. How We Use Your Information
We use the information we collect for the following purposes:
- Account Management: Create and manage your user account, authenticate your identity, and maintain your session
- Service Delivery: Connect to your social media accounts, upload and store your media files, schedule and publish posts on your behalf, and provide API access
- Token Management: Store and automatically refresh OAuth tokens to maintain active connections to your social media accounts
- Payment Processing: Process subscription payments through Whop, manage your billing status, and enforce plan-based feature limits
- API Rate Limiting: Monitor and enforce API usage limits based on your subscription plan, including daily post counts and API key quotas
- Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity
- Service Improvement: Analyze usage patterns to improve the Service, fix issues, and develop new features
- Communication: Send service-related notifications, updates, security alerts, and support messages
- Legal Compliance: Comply with applicable laws, regulations, and legal processes
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We share your data only in the following circumstances:
3.1 Social Media Platforms
When you publish content through the Service, we transmit your media files, captions, and post metadata to the target social media platform(s) via their official APIs. This includes sending data to:
- TikTok (ByteDance Ltd.) -- via TikTok Content Posting API v2
- Instagram (Meta Platforms, Inc.) -- via Facebook Graph API
- Facebook (Meta Platforms, Inc.) -- via Facebook Graph API
- YouTube (Google LLC) -- via YouTube Data API v3
- X (Twitter) (X Corp.) -- via X API v2
- LinkedIn (LinkedIn Corporation/Microsoft) -- via LinkedIn API
- Pinterest (Pinterest, Inc.) -- via Pinterest API
- Threads (Meta Platforms, Inc.) -- via Threads API
Each platform has its own privacy policy governing how they handle data received through their APIs. We encourage you to review their privacy policies (linked in Section 5).
3.2 Payment Processor
Payment information is shared with Whop, Inc. for processing subscription payments. Whop collects and processes payment details directly. We do not have access to your full card details. See the Whop privacy policy at whop.com/privacy.
3.3 Infrastructure Providers
We use Supabase for authentication, database hosting, file storage, and serverless functions. Your data is stored on Supabase-managed infrastructure. See the Supabase privacy policy at supabase.com/privacy.
3.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency), or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a legal request.
4. Data Storage and Security
4.1 Where We Store Data
- Account data, social media connection data, post logs, and API logs are stored in a PostgreSQL database hosted by Supabase
- Uploaded media files (images and videos) are stored in Supabase cloud storage
- Payment data is stored by Whop on their secure infrastructure
- OAuth access tokens and refresh tokens are stored in our database alongside connection metadata
4.2 Security Measures
We implement the following security measures to protect your data:
- All data in transit is encrypted using TLS/HTTPS
- Passwords are hashed using industry-standard algorithms and are never stored in plaintext
- Database access is protected by Row Level Security (RLS) policies ensuring users can only access their own data
- API keys are generated using cryptographically secure random generation
- OAuth state parameters are used to prevent CSRF attacks during social media account connection
- Supabase JWT-based authentication protects all authenticated endpoints
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
4.3 Data Retention
- Account data is retained for as long as your account is active
- Social media connection data (including tokens) is retained until you disconnect the account or delete your account
- Uploaded media files may be subject to automatic cleanup after a retention period
- Post history and API request logs are retained for operational and compliance purposes
- Payment and subscription records are retained as required for tax and legal compliance
- Upon account deletion, we will delete or anonymize your personal data within a reasonable timeframe, except where retention is required by law
5. Third-Party Platform Privacy Policies
Our Service integrates with third-party platforms that have their own privacy policies governing how they collect, use, and share data. We strongly encourage you to review these policies:
TikTok (ByteDance Ltd.)
- Privacy Policy: https://www.tiktok.com/legal/privacy-policy
- Developer Privacy Policy: https://developers.tiktok.com/doc/tiktok-api-privacy-policy
Instagram & Facebook (Meta Platforms, Inc.)
- Meta Privacy Policy: https://www.facebook.com/privacy/policy/
- Instagram Privacy Policy: https://privacycenter.instagram.com/policy
- Meta Platform Terms: https://developers.facebook.com/terms/
YouTube & Google (Google LLC)
- Google Privacy Policy: https://policies.google.com/privacy
- YouTube API Services Terms: https://developers.google.com/youtube/terms/api-services-terms-of-service
- Google API User Data Policy: https://developers.google.com/terms/api-services-user-data-policy
You can revoke YouTube/Google access at any time: https://myaccount.google.com/permissions
X / Twitter (X Corp.)
- X Privacy Policy: https://x.com/en/privacy
- X Developer Agreement: https://developer.x.com/en/developer-terms/agreement
- X Developer Policy: https://developer.x.com/en/developer-terms/policy
You can revoke X access at any time via your X account settings under Apps and sessions.
LinkedIn (LinkedIn Corporation/Microsoft)
- LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- LinkedIn API Terms of Use: https://www.linkedin.com/legal/l/api-terms-of-use
- LinkedIn Developer Agreement: https://legal.linkedin.com/developer-agreement
You can revoke LinkedIn access at any time via your LinkedIn account settings under Permitted Services.
Pinterest (Pinterest, Inc.)
- Pinterest Privacy Policy: https://policy.pinterest.com/en/privacy-policy
Threads (Meta Platforms, Inc.)
- Threads Supplemental Privacy Policy: https://help.instagram.com/515230437301944
- Meta Privacy Policy: https://www.facebook.com/privacy/policy
- Threads API Terms: https://developers.facebook.com/docs/threads
You can revoke Threads access at any time via your Threads account settings under Website Permissions.
Whop (Whop, Inc.)
- Privacy Policy: https://whop.com/privacy
Supabase (Supabase, Inc.)
- Privacy Policy: https://supabase.com/privacy
6. OAuth Permissions and Data Access
When you connect a social media account, you are redirected to the respective platform's authorization page where you grant specific permissions. We only request the minimum permissions necessary to provide the Service:
| Platform | Permissions Requested | Purpose |
|---|---|---|
| TikTok | user.info.basic, video.upload, video.publish | Display account info, upload and publish videos/photos |
| instagram_business_basic, instagram_business_content_publish | Display business profile info, publish content | |
| pages_manage_posts, pages_read_engagement, pages_show_list | Manage page posts, read engagement, list pages | |
| YouTube | youtube.upload, youtube.readonly | Upload videos, read channel information |
| X (Twitter) | tweet.read, tweet.write, users.read, offline.access | Read profile info, post tweets, upload media |
| openid, profile, w_member_social | Read profile info (name, picture, email), share posts | |
| boards:read, pins:read, pins:write, user_accounts:read | Board names and IDs, pin creation, basic profile info | |
| Threads | threads_basic, threads_content_publish, threads_manage_insights | Display profile info, publish threads on your behalf, retrieve engagement insights for your posts |
Access tokens are automatically refreshed to maintain active connections. You can revoke our access at any time by disconnecting the account within the Service, or by revoking permissions directly through the respective platform's settings.
7. Cookies and Tracking
The Service uses essential cookies and local storage mechanisms for:
- Authentication: Session tokens to keep you logged in and manage your authenticated state
- Preferences: User interface preferences and settings
We do not use third-party advertising cookies or tracking pixels. We do not sell or share data with advertising networks.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
Right to Access
You may request a copy of the personal data we hold about you, including account information, connected social media accounts, stored media, and usage logs.
Right to Rectification
You may request that we correct any inaccurate or incomplete personal data. You can also update your account information directly through the Service.
Right to Erasure (Right to be Forgotten)
You may request the deletion of your personal data. This includes your account, stored media, connected social media tokens, post history, and API keys. Some data may be retained where required by law.
Right to Data Portability
You may request a machine-readable copy of your personal data in a structured, commonly used format.
Right to Restrict Processing
You may request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Right to Object
You may object to the processing of your personal data for certain purposes, such as direct marketing.
Right to Withdraw Consent
Where we rely on consent for data processing, you may withdraw consent at any time. You can disconnect social media accounts, delete your uploaded media, or delete your account entirely.
To exercise any of these rights, please contact us at info@status200uploads.com. We will respond to your request within 30 days.
9. GDPR Compliance (European Economic Area)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following applies:
- Legal Basis: We process your data based on: (a) your consent (connecting social media accounts, uploading content); (b) contractual necessity (providing the Service you subscribed to); (c) legitimate interests (security, fraud prevention, service improvement); and (d) legal obligations
- Data Transfers: Your data may be transferred to and processed in countries outside the EEA where our service providers operate. We ensure appropriate safeguards are in place for such transfers
- Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority
10. CCPA Compliance (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: You can request deletion of your personal information, subject to certain exceptions
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
- No Sale of Personal Information: We do not sell personal information to third parties as defined by the CCPA
11. Children's Privacy
The Service is not intended for use by individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at info@status200uploads.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Effective Date" and "Last Updated" date at the top of this page
- Post a prominent notice on the Service
- Send an email notification to the address associated with your account for significant changes
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
status: 200 | uploads -- Privacy Inquiries
Email: info@status200uploads.com
General Support: info@status200uploads.com
Website: status200uploads.com
We aim to respond to all privacy-related inquiries within 30 days.