Privacy Policy

How We Collect, Use & Protect Your Data

Effective Date: June 9, 2026

1. Introduction

1HeroSocial ("we", "us", "our") is committed to protecting the privacy of Studio clients, their staff, and their customers' leads. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use the 1HeroSocial Platform.

By using the Platform, you consent to the data practices described in this Privacy Policy. If you are a Studio using our Platform, you acknowledge that you act as a data controller in respect of your customers' Lead data, and we act as your data processor.

2. Data We Collect

2.1 Account & Registration Data

  • Full name, email address, and hashed password of Studio Admins and staff.
  • Studio name, brand assets (logo, brand colour), and business identifiers.
  • Billing information (processed and stored by our payment processor; we do not store card details).
  • IP addresses and device information during login.

2.2 Lead & Customer Data (on behalf of Studios)

When prospective customers submit enquiry forms on Studio lead-capture pages, we collect on behalf of the Studio:

  • Name, email address, phone number.
  • Campaign source and referral attribution data.
  • Conversation history via WhatsApp and other integrated channels.
  • Lead status and pipeline progression events.

2.3 Usage & Operational Data

  • Platform activity logs (pages visited, features used, actions taken).
  • API request logs including request IDs and tenant identifiers.
  • Performance and error telemetry.
  • Integration data synced to Google Sheets and other connected services.

2.4 AI Processing Data

When you use our AI Services, the content you provide (messages, campaign briefs, lead notes) is processed by our AI models to generate responses and recommendations. We do not use your Studio's or your customers' personal data to train our AI models without explicit consent.

3. How We Use Your Data

3.1 Platform Operation

  • Authenticating users and enforcing role-based access controls.
  • Provisioning and managing Studio accounts and multi-tenant isolation.
  • Delivering the Lead management pipeline, messaging inbox, and campaign tracking features.
  • Syncing data to connected integrations (Google Sheets, WhatsApp, Ads platforms).

3.2 AI & Automation Features

  • Generating marketing content, reply drafts, and lead nurture sequences.
  • Scoring leads and recommending next-best actions.
  • Routing and attributing leads to campaigns and channels.

3.3 Communications

  • Sending transactional emails (account alerts, system notifications).
  • Sending product updates and feature announcements (you may opt out).
  • Responding to support requests.

3.4 Security & Compliance

  • Detecting and preventing fraud, abuse, and unauthorized access.
  • Maintaining immutable audit logs of privileged administrative actions.
  • Complying with applicable legal obligations and responding to lawful requests.

3.5 Analytics & Improvement

  • Aggregated, anonymized usage analytics to improve the Platform.
  • Performance monitoring and infrastructure optimization.

4. Data Sharing & Disclosure

We do not sell your personal data. We share data only in the following circumstances:

4.1 Service Providers

We engage trusted third-party processors to help operate the Platform, including cloud hosting (AWS), payment processing, email delivery, and analytics. These processors are contractually bound to handle data only as instructed by us.

4.2 Third-Party Integrations

When you connect integrations (Google Sheets, Meta WhatsApp, Ads platforms), data is shared with those providers subject to your own configuration and their terms. You are responsible for ensuring lawful basis for such data transfers.

4.3 Legal Requirements

We may disclose data if required by law, court order, or governmental authority, or to protect the rights, safety, or property of 1HeroSocial, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

5. Data Retention

  • Account data is retained for the duration of your subscription plus 7 years for compliance purposes.
  • Lead data is retained as long as your Studio account is active, and for 30 days after account termination to allow data export.
  • Audit logs and activity records are retained for 7 years.
  • AI processing logs are retained for 90 days and then anonymized.
  • You may request deletion of personal data subject to legal retention obligations.

6. Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including:

  • AES-256 encryption for data in transit and at rest.
  • HTTP-only cookies and JWT-based session management.
  • Row-level security ensuring strict multi-tenant data isolation.
  • Immutable audit logs for all privileged operations.
  • Regular security assessments and penetration testing (roadmap).

Despite these measures, no system is entirely secure. You are responsible for maintaining the security of your account credentials.

7. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact us at 1herosocialai@gmail.com. We will respond within 30 days.

8. Account Deletion

You can delete your account permanently at any time:

  1. Go to Settings → Security → Delete Account
  2. Enter your email address to confirm
  3. Click "Permanently Delete Account"
  4. Your account and all associated data will be deleted within 24 hours

Warning: This action is irreversible. All your data, conversations, and subscription information will be permanently deleted.

For assistance with account deletion, contact 1herosocialai@gmail.com.

9. Cookies & Tracking

The Platform uses HTTP-only cookies for session management and authentication. We do not use third-party advertising cookies on the admin platform. Public lead-capture forms may use minimal analytics cookies where required by Studio configuration. You can manage cookie preferences through your browser settings.

10. Children's Privacy

The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us immediately and we will delete it.

11. International Transfers

Our servers are currently hosted in AWS regions. If you are located outside of the hosting region, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email and by posting the updated policy on the Platform. Your continued use of the Platform following such notice constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, data subject requests, or concerns, please contact:

1HeroSocial — Data Privacy

Email: 1herosocialai@gmail.com

Website: https://1herosocial.com

GDPR Compliance: For users in the EU, this privacy policy complies with GDPR requirements. You have additional rights to file complaints with your local data protection authority.