deploy.social
Last updated: July 3, 2026

Privacy Policy

deploy.social is a tool for publishing short-form video to multiple platforms from one upload. This page explains what information we handle, why, and what control you have over it. No legalese — if anything here is unclear, email hello@deploy.social and a human will explain it.

The short version

We store your account, your videos, and encrypted credentials for the platform accounts you connect — because that’s literally what the product does. We don’t sell your data, we don’t run ads, we don’t mine your content, and we don’t use it to train AI. When you delete something, it’s deleted.

Who we are

deploy.social is built and operated by its owner in Bozeman, Montana, USA. Contact: hello@deploy.social.

What we collect and why

Google user data (YouTube)

If you connect a YouTube channel, we request Google OAuth scopes that let us see your channel identity (name, ID, avatar), upload videos to your channel, set their title/description/tags/visibility, check processing status, and — if you use the feature — post a first comment.

That access is used only to provide the features you actively use, and for nothing else. We don’t read your subscriptions, watch history, or anything beyond what the publishing flow needs. Your Google tokens are encrypted at rest and are never shared with anyone except Google itself when we make API calls on your behalf.

deploy.social’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

Other platforms (Meta, TikTok, Bluesky, X)

The same principle applies to every platform you connect: we access only what the publishing flow needs (your account identity, the ability to upload and publish, and post status), we use it only when you trigger it, and the credentials are encrypted at rest. Each platform also has its own privacy policy that governs what happens to your content once it’s published there — that part is between you and them.

Who else touches your data

We run on a small set of infrastructure providers (“subprocessors”):

That’s the whole list. Nobody else gets your data. We will update this list if it changes.

How long we keep things, and how to delete them

Security

Platform credentials are encrypted at rest (AES-256-GCM envelope encryption). Everything moves over TLS. Access to production systems is limited to the operator. No system is perfect; if we ever have a breach that affects you, we’ll tell you promptly and plainly.

Cookies

We use session cookies to keep you signed in. That’s it — no third-party tracking cookies.

Kids

deploy.social isn’t intended for anyone under 13, and we don’t knowingly collect information from children.

Changes to this policy

If we change this policy in a way that matters, we’ll note the new date at the top and, for significant changes, email you. We won’t quietly weaken it.

Contact

hello@deploy.social — a human reads this.