๐ Privacy Policy
Qeloria Content Publisher โ Last updated: June 8, 2026
Summary: Qeloria Content Publisher is a content-management tool that uploads, publishes, edits, and manages videos, photos, and text posts on the user's own Facebook Pages, Instagram Business accounts, and TikTok account. It also enables the user to reply to audience comments on the content they have published. We collect the minimum data necessary to perform these actions on the user's behalf. We do not sell, share, or rent personal information to any third party.
1. Data Controller & Contact
Application name: Qeloria Content Publisher
Operator / Data controller: Qeloria
Contact email: awadbot1@gmail.com
Data Protection contact (EU/UK): awadbot1@gmail.com
For all privacy-related requests โ including data access, correction, deletion, portability, and objection โ please email us at the address above. We respond within 30 days.
2. What This App Does (Authorized Use Cases)
The only purposes for which Qeloria Content Publisher uses the platform APIs are the following operations performed on the user's own accounts, on the user's explicit instruction:
โ
Authorized use cases (Meta + TikTok):
- Uploading videos to the user's Facebook Pages, Instagram Business/Creator account, and TikTok account.
- Publishing posts โ including text posts, photo posts, and video posts (including Reels) โ to the user's Facebook Pages, Instagram, and TikTok account.
- Editing videos โ basic in-app video editing (trimming, cropping, adding text overlay, merging clips) on the user's own device or our server, applied to videos the user uploads, before publication.
- Editing video metadata โ changing the video title, caption / description, hashtags, thumbnail / cover image, and privacy / visibility settings of content the user has already published via the app.
- Replying to audience comments โ posting replies (text replies, hidden / deleted comments) on the user's own published posts and videos on Facebook Pages, Instagram, and TikTok.
Every action listed above is initiated by the user from within the Qeloria Content Publisher interface. The app does not perform any of these actions autonomously, in bulk, on behalf of a third party, or for any user who has not authorized the app.
3. What This App Does NOT Do (Prohibited Use Cases)
To make our scope explicit โ and to comply with Meta Platform Terms ยง3 and TikTok API Terms โ the app is strictly prohibited from performing any of the following:
โ Prohibited use cases:
- Reading, collecting, scraping, or exporting any user's friends list, followers, contact list, private messages, or any data of users who have not authorized the app.
- Performing automated mass actions (e.g. mass-following, mass-liking, mass-commenting) or any behaviour that resembles spam, fake engagement, or platform-integrity violations.
- Reading or sharing non-public profile fields, sensitive personal data (race, religion, health, sexual orientation, political views), or financial / government ID data of any user.
- Reselling, syndication, or transferring any data obtained through the platform APIs to any third party, data broker, advertising network, or AI training pipeline.
- Targeting users with advertising, retargeting, lookalike modelling, or attribution measurement.
- Performing surveillance, background checks, facial recognition, or any biometric processing.
- Acting on a Page, Profile, or account that the connecting user does not own or have explicit written authorization to manage.
These prohibitions are enforced both technically (the app's backend only accepts requests for the actions listed in ยง2) and contractually (violation by an end user terminates their account under the Terms of Service).
4. Information We Collect
We collect only the data necessary to authenticate with the integrated platforms and to perform the authorized use cases listed in ยง2. We do not collect any data passively (no analytics SDKs, no advertising identifiers, no fingerprinting).
4.1 Account & authentication data
- TikTok: OAuth 2.0 access token, refresh token, open_id, and the scopes you authorized (currently:
user.info.basic, video.publish, video.upload, video.list, comment.list, comment.post, comment.reply).
- Facebook: OAuth 2.0 user access token, app-scoped user ID, Page access token(s) for Pages the user manages, and the permissions you granted (currently:
public_profile, email, pages_show_list, pages_manage_posts, pages_read_engagement, pages_manage_engagement).
- Instagram (via Facebook Graph): IG user/business account ID linked to the authorized Facebook Page, and a Page access token with the
instagram_basic, instagram_content_publish, and instagram_manage_insights permissions.
4.2 Content data you provide
- Video files (mp4) โ uploaded for editing, publishing, or scheduling.
- Photo files (jpg / png) โ uploaded for photo posts.
- Text content โ captions, descriptions, post bodies, hashtags, and comment replies you author.
- Editing parameters โ trim points, crop dimensions, text-overlay positions, thumbnail selection, applied filters or effects.
- Metadata edits โ updated title, description, tags, privacy setting for previously published content.
- Publishing configuration โ which TikTok / Facebook Page / Instagram account to post to, the schedule calendar, and your draft-vs-publish choices.
4.3 Operational data
- Publish logs (timestamps, post IDs returned by each platform, success/failure status).
- Edit logs (which post ID was modified, what field changed, old-vs-new value for metadata edits).
- Comment-reply logs (post ID, comment ID, reply text, timestamp).
- Application errors (sanitized โ no tokens or passwords ever logged).
4.4 What we DO NOT collect
- Your TikTok / Facebook / Instagram password (we never see it; OAuth is used).
- Private messages, friend lists, followers, or contacts of any user โ including yours.
- Browsing history, device identifiers, advertising IDs, or precise location data.
- Biometric, financial, or government-identification data.
- Data of any user who has not authorized our app.
5. How We Use Your Information (Lawful Basis, mapped to use cases)
| Authorized use case (ยง2) | Data used | Legal basis (GDPR) |
|---|
| Upload videos | Video file, OAuth token, target Page / IG / TikTok ID | Contract performance (Art. 6(1)(b)) |
| Publish posts (text / photo / video) | Post body, photo/video file, OAuth token, target ID | Contract performance (Art. 6(1)(b)) |
| Edit videos (trim, crop, text overlay, merge) | Source video file, editing parameters | Contract performance (Art. 6(1)(b)) |
| Edit video metadata (title, description, tags, thumbnail) | OAuth token, post ID, new title / description / tags / thumbnail | Contract performance (Art. 6(1)(b)) |
| Reply to audience comments | OAuth token, post ID, comment ID, reply text | Contract performance (Art. 6(1)(b)) |
| Publish logs & error logs | Timestamp, post ID, status | Legitimate interest (Art. 6(1)(f)) |
| Support emails | Email address, message body | Consent (Art. 6(1)(a)) |
We do not use any of this data for automated decision-making, profiling, or advertising.
6. Third-Party Services & API Permissions
To perform the authorized use cases in ยง2, our backend servers make calls to the following third-party APIs. Your use of each platform is governed by that platform's own terms.
6.1 TikTok โ Content Posting API
- Endpoint providers: TikTok (ByteDance Ltd.)
- Permissions used:
user.info.basic โ read display name and avatar.video.publish / video.upload โ upload and publish videos (ยง2.1, ยง2.2).video.list โ list your previously published videos so the app can show them in the editing interface (ยง2.4).comment.list, comment.post, comment.reply โ read and reply to comments on your videos (ยง2.5).
- Data shared with TikTok: video file, photo, caption, hashtags, comment reply text, and the access token identifying you.
- Data received from TikTok: post ID, video ID, comment ID, publish status, basic profile (display name, open_id).
- Privacy policy: https://www.tiktok.com/legal/privacy-policy
6.2 Meta (Facebook & Instagram) โ Graph API
- Endpoint providers: Meta Platforms, Inc.
- Facebook permissions used (each maps to a use case in ยง2):
public_profile, email โ basic identity.pages_show_list โ list Facebook Pages you manage.pages_manage_posts โ create, edit, and delete posts and Reels on your Pages (ยง2.1, ยง2.2, ยง2.4).pages_read_engagement โ read comments on your Page posts so you can see and reply to them (ยง2.5).pages_manage_engagement โ post replies to comments on your Page posts (ยง2.5).
- Instagram permissions used (via Business Login):
instagram_basic โ read IG business account profile.instagram_content_publish โ publish Reels and posts to IG (ยง2.1, ยง2.2).instagram_manage_insights โ read post performance metrics.instagram_manage_comments โ read and reply to comments on your IG posts (ยง2.5).
- Data shared with Meta: video file, photo, caption, the target Page ID / IG user ID, comment reply text, and the access token identifying you.
- Data received from Meta: post ID, comment ID, publish status, Page name, Page ID, IG user ID, and basic profile (name, email if granted).
- Privacy policy: https://www.facebook.com/privacy/policy/
- Instagram-specific: https://privacycenter.instagram.com/policy
6.3 No other third parties
We do not embed any analytics, advertising, or social-tracking SDKs. We do not share your data with data brokers, marketing partners, or any other third party not listed above.
7. Data Storage & Security
- OAuth tokens are stored encrypted at rest (AES-256) on private servers with restricted access.
- All HTTP traffic uses TLS 1.2+ (HTTPS).
- Video and photo files are stored only as long as needed to complete the requested operation (publish, edit, or schedule) โ typically deleted within 24 hours of successful completion.
- Access to production data is restricted to the app operator and protected by multi-factor authentication.
- We perform periodic security reviews and rotate keys on a documented schedule.
No method of transmission or storage is 100% secure. If a breach occurs, we will notify affected users and the relevant supervisory authority within 72 hours, in line with GDPR Art. 33.
8. Data Retention
- OAuth tokens: retained until you revoke access or delete your account. Refresh tokens are deleted on logout.
- Source video / photo files (before publish): deleted within 24 hours of a successful publish, or immediately upon a failed publish.
- Edited video outputs (kept for your re-use): kept for 30 days, then deleted, unless you delete them earlier.
- Publish / edit / reply logs (post ID, comment ID, status, timestamp): retained for 12 months for debugging, then anonymized.
- Support emails: retained for 24 months, then deleted.
9. Your Rights
Regardless of where you live, you have the following rights:
- Access: request a copy of all data we hold about you.
- Correction: ask us to fix inaccurate data.
- Deletion: ask us to erase all your data โ performed within 30 days.
- Portability: receive your data in a machine-readable format.
- Object / restrict processing: opt out of any optional processing.
- Withdraw consent: at any time, with no retroactive effect.
- Lodge a complaint: with your local data-protection authority.
9.1 How to exercise these rights
Email awadbot1@gmail.com with the subject line "Privacy Request". We verify identity before acting and respond within 30 days.
9.2 How to revoke platform access (Meta & TikTok requirements)
- TikTok: TikTok app โ Profile โ Menu โ Settings and privacy โ Security โ Manage app permissions โ Qeloria Content Publisher โ Remove.
- Facebook: Settings & privacy โ Settings โ Business integrations โ Qeloria Content Publisher โ Remove.
- Instagram: Settings โ Account Center โ Your information and permissions โ Apps and websites โ Qeloria Content Publisher โ Remove.
Revoking access through the platform immediately invalidates our stored tokens. We additionally delete the token record from our database within 24 hours.
10. Data Deletion Request (Meta App Review requirement)
Per Meta's Platform Terms, we provide the following self-service data-deletion endpoint and instructions:
Data Deletion Instructions
You may request deletion of all data we hold about you at any time by either:
- Using our in-app "Delete my data" button, OR
- Emailing
awadbot1@gmail.com with the subject "Delete my data" from the email address associated with your Qeloria account.
We will delete your account, OAuth tokens, source video / photo files, edited video outputs, publish / edit / reply logs, and support emails within 30 days and send a confirmation email.
11. Children's Privacy
Our service is intended for adult content creators. We do not knowingly collect data from children under 13 (COPPA) or under 16 (GDPR). If you believe a child has used our service, contact us and we will delete the data within 7 days.
12. International Data Transfers
Our servers are located in the European Union. When we call TikTok or Meta APIs, data may be transferred to and processed in the United States, Singapore, or other jurisdictions where these providers operate. We rely on the European Commission's Standard Contractual Clauses (SCCs) and the providers' respective Data Privacy Framework certifications for such transfers.
13. Compliance
This policy and our practices are designed to comply with:
- GDPR (EU 2016/679) and the UK GDPR
- CCPA / CPRA (California)
- COPPA (children under 13, US)
- Meta Platform Terms & Meta Developer Policy
- TikTok Developer Terms of Service & Content Posting API Terms
14. Changes to This Policy
We may update this policy. Material changes will be announced by email (if you have an account) and by posting the updated version on this page with a new "Last updated" date. Continued use after a change constitutes acceptance.
15. Contact
Privacy questions, deletion requests, and any concerns:
Email: awadbot1@gmail.com
Response time: within 30 days