Privacy Policy
1. Who we are
OndaDev is the controller of personal data processed by the internal content-management tool at posts.ondadev.com. Contact: gianmarco@ondadev.com.
2. What we collect
When you connect a social account (e.g. TikTok, Instagram, YouTube) we receive, via the platform's OAuth flow:
- The account's public identifier and display name.
- An access/refresh token allowing us to publish content drafts on your behalf, scoped to the permissions you grant.
- Aggregate analytics about content you publish through the tool (views, likes, comments, shares) — drawn from the platform's public API.
We do not receive or store your social-platform password.
3. How we use it
The data is used solely to operate the tool — connecting the account, drafting and scheduling posts, and surfacing analytics to authorised operators. We do not sell or share personal data with third parties for marketing.
4. Where it's stored
Tokens and account metadata are stored on infrastructure we operate (Hetzner, EU). Access is restricted to authorised OndaDev personnel via authenticated dashboards. Tokens are encrypted at rest.
5. Sub-processors
We rely on the following sub-processors to operate the service: Hetzner Online (hosting, EU); Google Firebase (authentication and metrics database, EU); Apify (public profile metrics retrieval, EU); RevenueCat (in-app subscription analytics, US); and the social platforms whose OAuth you authorise.
6. Retention
We retain account-connection data for as long as the account is connected. When you disconnect an account through the tool, the access token is revoked at the platform and removed from our storage within 30 days. Aggregate analytics may be retained longer in anonymised form.
7. Your rights
Under the GDPR you have the right to access, rectify, or erase your personal data, restrict or object to its processing, and request portability. Send any such request to gianmarco@ondadev.com. You also have the right to lodge a complaint with your local supervisory authority.
8. Disconnecting an account
You can disconnect any social account from the tool at any time; this revokes the OAuth token. You can also disconnect from the platform's own settings (TikTok > Settings > Manage account > Authorised apps; equivalent flows on the other platforms).
9. Changes
We may update this policy; the updated version is published at this URL with a new "last updated" date.