Legal

Privacy policy

Last updated: June 2026

1. Information we collect

We collect information you provide when you create an account, connect social accounts, or contact us — including your name, email address, and OAuth access tokens for connected platforms.

When you publish content through Tawaslo, we process your media files and captions to deliver them to the relevant platform via their respective APIs.

2. Social platform data we access

Tawaslo is designed for professional and business use. Due to platform API restrictions, only business-type accounts can be connected and managed. Depending on which platforms you connect, we may access the following data on your behalf:

Facebook — page name, page ID, profile picture, follower count, and the ability to publish posts and media to your page. Requires a Facebook Page. Personal profiles cannot be connected via the API.
Instagram — username, profile picture, follower count, and the ability to publish posts, reels, and stories via the Meta Graph API. Requires an Instagram Business or Creator account linked to a Facebook Page. Personal accounts cannot be connected.
TikTok coming soon — account username, display name, and the ability to upload and publish videos via the TikTok Content Posting API. Requires a TikTok Business account. Personal accounts are not supported.
LinkedIn coming soon — organization name and the ability to create posts via the LinkedIn Marketing API. Requires a LinkedIn Company or Organization page. Personal profiles are not supported.

We only request the minimum permissions required to deliver the service. We never read your followers' private data or direct messages.

3. How we use your information

To authenticate you and manage your account
To publish content to your connected social accounts on your behalf
To store your media files securely via Supabase Storage
To generate AI captions via Anthropic's API on your request
To provide analytics and reporting on your published content
To improve and maintain the platform

4. Access token storage & retention

OAuth access tokens are stored securely in our database and are used solely to perform actions you explicitly request. Long-lived tokens (e.g. Meta 60-day tokens) are stored for the duration of your connection. Tokens are permanently deleted when you disconnect an account or delete your Tawaslo account.

5. Third-party services

Tawaslo integrates with Meta (Facebook & Instagram), TikTok, LinkedIn, Supabase, and Anthropic. Each service operates under its own privacy policy. We do not sell your data to any third party.

6. Data deletion

You may request deletion of your account and all associated data at any time by emailing support@tawaslo.com. We will process your request within 30 days.

For Facebook/Instagram users: in compliance with Meta's Platform Terms, you may also use our Data Deletion Request endpoint. Upon receiving a deletion request, we remove all stored tokens, media, and account data linked to your Facebook user ID.

7. Contact

Questions about this policy? Email us at support@tawaslo.com