BotOffice, including the social media scheduler at post.botoffice.io, is a product of Carapace Capital Ltd. We collect essential operational data, protect OAuth tokens at rest, do not sell personal information, and delete eligible personal data upon request, subject to legal retention obligations. Contact: privacy@carapace.capital
Carapace Capital Ltd
Company registration: HE 483413
Registered office: Agamemnonos 14, CITY HOME 61, 2nd floor, Flat/Office 202, 1041 Nicosia, Cyprus
Jurisdiction: Republic of Cyprus (European Union)
Contact: privacy@carapace.capital
This Privacy Policy explains how Carapace Capital Ltd ("Carapace", "BotOffice", "we", "us") collects, uses, shares, and protects personal data in connection with:
The policy does not apply to third-party platforms (Meta, X, LinkedIn, etc.) which operate under their own privacy policies.
BotOffice lets approved business customers, professional creators, agencies, and teams connect social media accounts, prepare post drafts, upload media, schedule publication, and review publishing status from one workspace. Some integrations and features depend on the customer's plan, region, platform approval status, and the social platforms the customer chooses to connect.
For account, billing, security, support, and service administration data, Carapace acts as controller. For customer content and connected-platform data processed on a customer's instructions, Carapace acts as processor or service provider, subject to applicable platform rules and any signed Data Processing Addendum.
Where required, customers may request our Data Processing Addendum, including EU Standard Contractual Clauses where applicable, by contacting privacy@carapace.capital.
Registration requires an email address and hashed password. Administrators may store names provided during invitations. If you sign in with Google, we process the Google account information needed to authenticate you, such as your email address, Google account identifier, and profile name or avatar if provided. Google Sign-In is used only for authentication and account security, not advertising or profiling.
When authorizing BotOffice for publishing:
Post content (text, images, video) uploaded or scheduled is stored temporarily until publication and briefly afterward for audit purposes.
Standard server logs capture IP addresses, request timestamps, HTTP methods, URLs, and user-agent strings for security and error diagnosis. Maximum retention: 12 months.
Where paid plans are purchased through Stripe, Stripe handles payment processing. We receive a customer identifier and subscription status but never store full card numbers, CVV codes, or bank account details.
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing scheduling service — authentication, account storage, post publishing | Performance of contract (Art. 6(1)(b)) |
| Transactional emails (invitations, password resets, confirmations) | Performance of contract (Art. 6(1)(b)) |
| Security logging and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Billing and subscription management | Performance of contract / Legal obligation (Art. 6(1)(b)(c)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
We do not use data for advertising, profiling, or unlisted purposes.
BotOffice connects only to the social platforms enabled for a customer's workspace and for which BotOffice has configured or approved API access. Enabled integrations may include Meta (Facebook Pages and Instagram Business), X, LinkedIn, TikTok, YouTube, Pinterest, Reddit, and Bluesky. Availability varies by account, region, plan, platform approval status, and each platform's API rules. A platform name on this page does not imply endorsement, partnership, or that every customer has access to that integration.
Tokens follow each platform's expiration policies. Upon expiration, users are prompted to re-authenticate. Tokens are deleted from active systems when accounts are disconnected or deletion is requested. Residual copies may remain in encrypted operational backups until backup expiry, unless retention is legally required.
Use of connected platforms is governed by each platform's terms of service, privacy policy, and developer policies. Please review the policies for any platform you connect to BotOffice. Connecting your account confirms that you are authorized to use that account with BotOffice. You can revoke BotOffice's access to a connected platform at any time from BotOffice account settings, where available, or directly from that platform's app or permissions settings. Revocation stops future scheduled posts to that platform.
When you connect a YouTube account, we access and store only the YouTube data needed to provide scheduling and publishing: OAuth tokens, your YouTube channel ID and channel display name, scheduled video files and metadata you provide, video titles, descriptions, thumbnail information, selected visibility/privacy status, scheduled publish time, YouTube video ID after upload, upload status, and API error/status information needed to show publication results. We do not access watch history, subscriptions, comments, analytics, playlists, or other YouTube data unless a future BotOffice feature clearly asks for that permission and you authorize it. BotOffice uses YouTube API Services. Your use of YouTube features is also subject to the YouTube Terms of Service and the Google Privacy Policy. You can revoke BotOffice's access from your Google account security permissions. Our use of data obtained from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements: data is used solely to provide the scheduling service and is not used for advertising, profiling, or any purpose beyond operating the Service.
For Facebook Page publishing, BotOffice may request pages_show_list and pages_read_engagement to let you select Pages and verify publishing access, and pages_manage_posts to create, update, or delete user-authorized Page posts. If required for the feature you use, BotOffice may also request publish_video or other Meta-documented publishing dependencies. For Instagram professional accounts, BotOffice may request instagram_business_basic and instagram_business_content_publish when using Instagram Login, or instagram_basic and instagram_content_publish with Meta-documented Page dependencies when using Facebook Login for Business. These permissions are used only to identify the connected account and publish user-created, user-authorized organic content. We do not access personal direct messages, follower data, or data beyond what is required for connected account selection and publishing. Our use of Meta APIs complies with the Meta Platform Terms.
X: BotOffice publishes only content that you create, review, schedule, and authorize for publication. Connecting an X account does not by itself authorize any post. If BotOffice stores X post identifiers, post status, or other X Content, we delete or update it as soon as reasonably possible and within 24 hours after a valid request from X or the applicable X account owner, unless retention is legally required. Users may opt out of future X posting by cancelling scheduled posts, disconnecting the X account, or requesting deletion. We do not use X API data or X Content to train, fine-tune, or improve foundation or frontier AI models.
LinkedIn: LinkedIn features are available only where BotOffice has the LinkedIn API permissions or program approval required for the customer's intended use. We store LinkedIn OAuth tokens, member/account identifiers, and user-created scheduled post content only as needed to provide the Service. We do not periodically refresh LinkedIn profile data except as needed while you are using the Service. When a LinkedIn OAuth token expires, we require re-authentication before further LinkedIn API access. Upon user request, account closure, disconnection, or LinkedIn request, we delete LinkedIn API Content, Member Tokens, and OAuth Access Tokens unless legally required to retain them.
TikTok: For TikTok Direct Post, users must review the TikTok account, caption/title, content preview, privacy setting, interaction settings, commercial-content disclosure, and AI-generated-content disclosure before publication. BotOffice retrieves TikTok creator information where required, displays the available privacy options returned by TikTok, does not preselect TikTok privacy or interaction settings where TikTok requires manual selection, and sends content to TikTok only after the user expressly consents to upload or publish. BotOffice passes TikTok commercial-content settings and the AI-generated-content flag where required by TikTok APIs and does not add BotOffice promotional watermarks, logos, or preset text that users cannot edit.
Pinterest: BotOffice uses Pinterest API access only to provide the authorized scheduling workflow for the connected Pinterest account. Users choose each Pin to be published. We do not store information retrieved from Pinterest API responses except OAuth authorization data, account/board identifiers needed for publishing, and user-created Pin drafts or media uploaded directly to BotOffice for scheduling. We do not use Pinterest API information for ad targeting outside Pinterest, benchmarking, scraping, resale, or data brokerage.
Reddit: Reddit integration is available only where BotOffice has the API permissions or written approvals required by Reddit for the customer's intended use, including any approval required for commercial or monetized use. If those permissions are unavailable, Reddit publishing may be disabled. BotOffice uses Reddit data only for authorized scheduling and posting functionality. Users may request deletion or modification of Reddit-related app content stored in BotOffice by contacting privacy@carapace.capital. We delete Reddit Services and Data when it is no longer necessary for the approved functionality, when Reddit requests deletion, when the applicable user requests deletion, when the Reddit integration is disconnected, or when required by law. We do not use Reddit Services, Reddit Data, or Reddit public content for AI model training, profiling, surveillance, ad targeting, or resale.
BotOffice offers optional AI writing assistance (e.g. caption suggestions). When you use these features, the post content you enter may be transmitted to:
These providers process the content under their applicable commercial/API terms and data processing terms. API content is not used to train their models by default unless BotOffice or the customer opts in or submits provider feedback, and provider-side retention follows the applicable provider policies. AI features are opt-in and do not activate unless you explicitly request a suggestion.
AI-assisted features do not receive Meta OAuth tokens, app secrets, Page or Instagram account IDs, app-scoped user IDs, profile metadata, Google or YouTube API Data obtained through OAuth, or other platform authorization data. Only user-provided draft content that you explicitly submit for a caption suggestion is sent to the selected AI provider.
Payment processor: Where Stripe Checkout is used, payments are processed by Stripe Payments Europe, Limited and/or Stripe, Inc., depending on your location and payment flow. Users are directed to Stripe-hosted payment pages. We do not store full card numbers, CVV codes, or bank account credentials.
Data stored from Stripe: Stripe Customer ID, subscription plan and status, billing history (invoice amount and date). Raw card data is never stored. Stripe's privacy policy.
| Recipient | Purpose | Safeguard |
|---|---|---|
| Social media platforms (Meta, X, LinkedIn, TikTok, YouTube, Pinterest, Reddit, Bluesky) | Publishing posts via official APIs | OAuth token and content only; platform developer agreements apply |
| Google Ireland Limited / Google LLC | Google Sign-In and YouTube API Services | User-authorized OAuth flow; Google API Services User Data Policy applies |
| Stripe Payments Europe, Limited / Stripe, Inc. | Payment processing, where Stripe Checkout is used | Standard Contractual Clauses (SCCs); PCI Service Provider Level 1 |
| Resend, Inc. / Plus Five Five, Inc. | Transactional email delivery | Data Processing Addendum/SCCs; recipient email address, delivery metadata, and transactional email content only |
| Hetzner Online GmbH | Cloud hosting (Falkenstein, Germany) | EU-based; GDPR-compliant contract |
| Anthropic / OpenAI | AI-assisted content features (caption suggestions, optional) | Commercial/API data processing terms; user-submitted draft content only |
We do not sell personal data or share it with data brokers, advertising networks, or analytics providers.
We do not enable email open or click tracking for transactional emails unless disclosed separately.
Primary infrastructure is hosted at Hetzner Online GmbH in Germany (EU/EEA). Sub-processors including Stripe and Resend are headquartered in the United States. Transfer mechanism: Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c), and where applicable, the EU–US Data Privacy Framework. Request transfer safeguard copies by contacting privacy@carapace.capital.
| Data Type | Retention Period |
|---|---|
| Account data (email, hashed password) | Duration of active account + 30 days after deletion |
| OAuth tokens and social account identifiers | Until disconnection or deletion request — then permanently removed |
| Scheduled post content and media | Until published + 90 days, or until account deletion |
| Security and operational logs | Up to 12 months |
| YouTube API data | Retained only while needed for scheduling/publication and no longer than 30 calendar days unless refreshed with active authorization. Deleted from active systems within 7 calendar days after BotOffice disconnection, deletion request, or account deletion. Disaster-recovery backups expire on their normal cycle and are not used to restore deleted YouTube API data except where required for security or legal reasons; if restored, deleted data is re-deleted. |
| Billing records | 7 years (Cyprus law accounting requirement) |
| Operational backups | Deleted data may persist in encrypted backups until the backup expires or is overwritten. Backups are used only for disaster recovery, security, and integrity purposes. |
Response timeframe: 30 days. Submit to privacy@carapace.capital. Supervisory authority: Office of the Commissioner for Personal Data Protection, Cyprus.
YouTube Data Deletion and Revocation: You may disconnect YouTube in BotOffice, request deletion by emailing privacy@carapace.capital with subject "YouTube Data Deletion Request", or revoke BotOffice access from your Google account security permissions. If you disconnect YouTube in BotOffice, we revoke the OAuth token with Google and delete stored YouTube Authorized Data as soon as possible and within 7 calendar days. If you revoke access through Google's security settings, we delete related YouTube API Data as soon as possible and within 30 calendar days after we detect that authorization can no longer be refreshed. Deleting YouTube API data from BotOffice does not delete data stored by YouTube. To delete data on YouTube, use YouTube or another authorized YouTube client.
Meta Data Deletion: This Privacy Policy is BotOffice's Meta Data Deletion Instructions URL. If you connected a Facebook Page or Instagram professional/business account, you may request deletion of Meta Platform Data we store by: (1) disconnecting the account in BotOffice; (2) emailing privacy@carapace.capital with the subject "Meta Data Deletion Request"; or (3) removing BotOffice from Facebook under Settings & privacy > Settings > Apps and Websites and using Send Request where available. We delete Meta access tokens, Page and Instagram account identifiers, profile metadata used for account selection, scheduled or unpublished Meta post content and media, and related non-legal audit records as soon as reasonably possible, unless retention is required by law. Revocation stops future publishing access. We will confirm receipt and provide request-status information or a confirmation code where applicable. Deleting data from BotOffice does not delete posts already published to Facebook or Instagram; manage published content in Meta products or another authorized client.
Submit with "CCPA Request" in subject to privacy@carapace.capital. Response timeframe: 45 days.
BotOffice is a B2B service not directed at individuals under 16. We do not knowingly collect data from minors. Report suspected inadvertent collection to privacy@carapace.capital for immediate deletion.
We do not use analytics cookies or advertising pixels. The Service may use strictly necessary cookies, local storage, or similar technologies for authentication, security, and session continuity. These technologies do not track you across other sites.
TLS encryption in transit, industry-standard protection for OAuth tokens at rest, password hashing, and network isolation. No transmission or storage method is 100% secure. Report vulnerabilities to security@carapace.capital.
Material changes trigger updates to the "Last updated" date and email notification where legally required. Continued use constitutes acceptance. Previous versions available upon request.
Carapace Capital Ltd
Agamemnonos 14, CITY HOME 61, 2nd floor, Flat/Office 202, 1041 Nicosia, Cyprus
Privacy and data deletion: privacy@carapace.capital
Security reports: security@carapace.capital
Data deletion instructions: Carapace data deletion instructions