Privacy Policy

Last updated: 2026-04-29

This Privacy Policy explains how Buzzator (“Buzzator”, “we”, “us” or “our”) collects, uses, shares and protects personal data in connection with the Buzzator social-media content generation, scheduling, publishing, analytics and team-collaboration platform (the “Service”) and the websites at buzzator.com and related sub-domains (the “Site”). It applies to visitors to the Site, account holders, members of customer Brand workspaces, prospects, event attendees, and anyone else who interacts with us. By using the Site or the Service you acknowledge this Policy. For our contractual terms, see our Terms of Service.

1. Who We Are (Data Controllers)

Buzzator is operated by two affiliated entities under common ownership. References to “Buzzator” mean both, except where a specific entity is named:

Buzzator LLC — a limited liability company organised under the laws of the State of Wyoming, United States; registered office at 30 N Gould St, Ste N, Sheridan, WY 82801, United States. Buzzator LLC holds the developer accounts and platform-side approvals with the third-party social-media platforms whose APIs the Service uses (Instagram, Facebook, LinkedIn, X / Twitter, TikTok, YouTube, Pinterest, Threads, Bluesky and others we may add). In this role Buzzator LLC acts as the integrating party with those platforms and processes the OAuth credentials, scopes and platform-side metadata required to publish on your behalf.
AI Global Reach LLC — a limited liability company organised under the laws of the United States; registered office at 8 The Green, Ste B, Dover, Kent County, DE 19901, United States. AI Global Reach LLC is the contracting party for paid subscriptions, the recipient of subscription revenue, and the primary data controller for account, billing, customer-support, marketing and Service-usage data.

For all privacy questions, requests and complaints you can reach us at [email protected]. Postal contact details for both entities are set out at the end of this Policy.

2. The Service in Brief

Buzzator lets you connect 9+ social-media channels and centrally schedule, publish, analyse and collaborate on content. The platform includes:

a calendar and scheduling engine,
a media library and image editor,
a publishing queue,
analytics,
AI-assisted content and campaign generation,
a “Brand Intelligence” engine that indexes your brand assets to keep generated content aligned with your brand,
an AI-assisted unified inbox for direct messages and comments,
team and Multi-Brand workspace management, and
integrations with third-party platforms.

Some features depend on your plan, on the platforms you choose to connect, and on the brand assets you choose to upload.

3. The Data We Collect

3.1 Account & identity data

Name, email address, password (stored as a salted hash), profile picture, organisation name, role, language and timezone preferences.
If you sign in via a supported third-party identity provider, the basic profile fields and email returned by that provider.
Brand workspace and team membership, invitations sent and accepted, and the permissions granted within a Brand workspace.

3.2 Connected platform data

When you connect a third-party social or messaging account to Buzzator we receive and store, via that platform’s API:

OAuth access and refresh tokens, encrypted at rest using authenticated symmetric encryption; the scopes you granted; the platform username and identifier; and account-level metadata (e.g. profile picture, follower counts, page IDs, channel IDs).
Content and engagement data needed to provide the Service: posts you create or schedule, posts already published, comments, replies, direct messages where you have explicitly enabled the inbox feature, post-level analytics (impressions, clicks, reach, engagement), and audience-level aggregates the platform exposes.

For YouTube specifically, the Service uses YouTube API Services. Your use of those features is also subject to the YouTube Terms of Service at https://www.youtube.com/t/terms and the Google Privacy Policy at https://policies.google.com/privacy. You can review and revoke Buzzator’s access to your Google data at any time at https://security.google.com/settings/security/permissions.

For Meta Platforms (Instagram, Facebook, Threads) specifically, the Service uses Meta’s Graph API and related APIs. Your use of those features is also subject to:

the Meta Terms of Service at https://www.facebook.com/legal/terms,
the Instagram Terms of Use at https://help.instagram.com/581066165581870, and
the Meta Privacy Policy at https://www.facebook.com/privacy/policy.

You can review and revoke Buzzator’s access to your Meta data at any time at https://accounts.meta.com/ (Apps and Websites) or, on a per-platform basis, at https://www.facebook.com/settings?tab=business_tools and https://www.instagram.com/accounts/manage_access/.

You can manage and revoke connected apps for the other platforms at:

TikTok — https://www.tiktok.com/setting/manage-connected-apps
LinkedIn — https://www.linkedin.com/psettings/permitted-services
X / Twitter — https://x.com/settings/connected_apps
Pinterest — https://www.pinterest.com/settings/apps
Bluesky — https://bsky.app/settings/app-passwords

You can revoke Buzzator’s access to any connected platform at any time, either from your account settings inside the Service or directly from the platform-specific permissions pages above.

3.3 Brand Intelligence data

The Brand Intelligence engine is the source of truth for content generation. To populate it you may upload, or instruct the Service to ingest, materials such as:

brand guidelines and style guides,
tone-of-voice documents,
logos, colour palettes and fonts,
sample posts,
product descriptions,
audience descriptions,
websites, and
other reference documents

(collectively, “Brand Assets”). We process Brand Assets to extract embeddings and metadata, store them in a brand-scoped index, and retrieve relevant passages at generation time so that AI outputs follow your established visual and verbal guidelines. Brand Assets are isolated to the Brand workspace they are uploaded to.

3.4 Content you upload or generate

Text, images, video, audio, captions, prompts, hashtags, links, schedules, comments, approval notes, calendar metadata, edits made in the in-app image editor, and any other content you upload to or generate within the Service.

3.5 Billing data

Plan, subscription status, invoice history, billing email, billing address and tax identifiers. Card details and bank-account details are collected and stored directly by our payment processor; Buzzator only receives a tokenised reference, the last four digits, the brand of the card, and the expiry month/year.

3.6 Logs, usage and device data

IP address, user-agent, browser type and version, operating system, device identifiers, referrer URL, language preference, approximate location derived from IP (country/region).
Application telemetry: pages visited, features used, posts created/published/failed, jobs queued and completed by background workers, API calls made, error reports, performance metrics and crash data.
Session and authentication data, including login timestamps, session tokens and security events (e.g. password changes, MFA enrolment, OAuth re-consent prompts).

3.7 Communications and support data

Messages you send to us by email, in-app chat, support ticket or community channel; surveys, feedback and feature requests; and engagement metrics for the marketing emails you receive (open rate, click rate, link clicked) where you have opted in to receive them.

3.8 Marketing-consent data

Where you sign up for the Service, we record whether you opted in to marketing communications, the timestamp of that consent, and the version of the consent text shown to you. This record is kept to demonstrate compliance with GDPR Article 7 and equivalent laws and to honour withdrawal of consent.

3.9 Cookies and similar technologies

We use cookies, local storage, pixels and SDKs for authentication, security, preferences, analytics and (on the Site) marketing attribution. Categories include strictly-necessary, functional, analytics and marketing cookies. You can manage non-essential cookies through the in-page consent banner or your browser settings; disabling strictly-necessary cookies will break parts of the Service.

4. How We Use the Data and Legal Bases

We process the data described above for the purposes below. Where the GDPR (or UK GDPR) applies, the legal basis for each purpose is shown in brackets.

Provide the Service — authenticate users, create and manage your account and Brand workspaces, ingest your Brand Assets into the Brand Intelligence index, run AI generation pipelines, store and publish your content to connected platforms, return analytics, deliver the unified inbox, and provide customer support. (Performance of contract.)
Bill and collect payment — issue invoices, manage subscriptions, prevent payment fraud, comply with tax law. (Performance of contract; legal obligation.)
Secure the Service — detect and prevent abuse, fraud, account takeover, brute-force attacks, spam and infrastructure attacks; investigate incidents; enforce the Terms; validate URLs before making outbound HTTP requests on your behalf (SSRF protection). (Legitimate interests in keeping the Service safe; legal obligation.)
Operate, maintain and improve the Service — debug, monitor uptime, measure performance, A/B-test features, build aggregated usage analytics. (Legitimate interests in running and improving a reliable Service.)
Communicate with you — send service-related messages (receipts, security alerts, post-failure notices, scheduled-post confirmations, OAuth re-consent prompts) and, where you have opted in or where permitted, marketing communications. (Performance of contract; consent or legitimate interests, depending on the message and your jurisdiction.)
Comply with law — respond to lawful requests, enforce our rights, defend claims. (Legal obligation; legitimate interests.)

We do not use the content of your scheduled posts, your Brand Assets, your connected-platform content, or your inbox messages to send you advertising, and we do not sell that data.

5. AI-Assisted Features

The Service is built around AI-assisted generation. To produce captions, image briefs, scene plans, images, campaign chains, inbox replies, analytics summaries and similar outputs, we transmit your prompts and the inputs you choose to include — which may include retrieved passages from your Brand Intelligence index — to third-party AI model providers acting as our sub-processors. The set of model providers may change over time as the underlying technology evolves; on request, and where contractually permitted, we will provide the current list. We instruct these providers, by contract or by their default enterprise terms, not to use your inputs or outputs to train their models. AI outputs are generated probabilistically and may be inaccurate; you remain responsible for reviewing them before publishing.

You retain control over the level of automation at all times. You may have the AI auto-generate posts end-to-end, refine an AI draft, edit manually or via our image editor, or compose entirely from scratch.

6. Buzzator as Controller vs Processor

For account, billing, Site analytics, marketing, security, telemetry and Brand Intelligence administration data, Buzzator acts as a data controller.

For the content you publish through the Service and the personal data of your audience, followers, customers and message contacts that flows through Buzzator on your instructions, Buzzator acts as a data processor on your behalf, and you are the controller. You are responsible for having a lawful basis for that processing, for providing notices and obtaining consents from your end-users, and for honouring their rights. On request we will sign our standard Data Processing Addendum (DPA), which incorporates the EU Standard Contractual Clauses (and the UK Addendum) where relevant; email [email protected] to request it.

7. Who We Share Data With

We do not sell personal data and we do not rent it to third parties. We share data only with:

Our affiliated entity — Buzzator LLC and AI Global Reach LLC share data between themselves to operate the Service jointly. In particular, the OAuth tokens and platform-side metadata held by Buzzator LLC are used by AI Global Reach LLC’s scheduling and worker pipelines to publish on your behalf.
Sub-processors and infrastructure providers — including third-party cloud hosting and storage providers, managed database providers, content-delivery and caching services, identity providers, third-party AI model providers, payment processors, transactional email providers, and error-monitoring, analytics and customer-support vendors. We require these vendors to provide adequate security and to process data only on our instructions and for the agreed purposes. On request we will provide the current list of material sub-processors.
Connected third-party platforms — when you schedule or publish content, we transmit it to the platform you selected; when you request analytics, we receive it from that platform. Each platform’s own privacy policy governs what it does next.
Other members of your Brand workspace — Brand Assets, content, schedules, drafts, comments and approval activity are visible to other people in the Brand workspaces you join, according to the role and permissions assigned to them.
Professional advisors — accountants, auditors, lawyers, insurers and similar advisors, under confidentiality.
Authorities — when we are legally required to disclose data (court order, valid law-enforcement request, regulatory request) or when disclosure is necessary to investigate or prevent fraud, abuse, security threats or harm to people. Where lawful we will attempt to redirect the request to you first.
Successor entities — in the event of a merger, acquisition, financing, reorganisation or sale of assets, in which case we will require the recipient to honour this Policy or provide notice of any new policy.

8. International Data Transfers

Buzzator is operated from the United States. Our primary infrastructure runs on third-party cloud providers, and we use sub-processors in the United States, the European Union, the United Kingdom and other jurisdictions. As a result, personal data we process may be transferred to and stored in countries outside your own, including countries that may not have been recognised as providing an “adequate level of protection” by the European Commission, the UK ICO or other regulators.

Where personal data subject to the GDPR or UK GDPR is transferred to a country without an adequacy decision, we rely on the European Commission Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by additional technical and organisational measures (encryption in transit and at rest, access controls, contractual restrictions on sub-processor use of the data). You may request a copy of the relevant safeguards by emailing [email protected].

9. Data Retention

Account data — kept for as long as your account is active. After account closure, retained for up to 90 days to allow recovery, then deleted or anonymised, except where longer retention is required (see below).
Brand Assets and the Brand Intelligence index — kept while the Brand workspace is active. When you delete a Brand Asset we remove it from the live index promptly; deleting a Brand workspace removes the underlying assets and embeddings within a reasonable period.
Scheduled content not yet published — kept until published or until you delete it.
Published-post records and analytics — kept while your account is active, so historical analytics remain available.
OAuth tokens — kept while the connection is active; revoked tokens are deleted promptly. You can disconnect a platform at any time from your account settings or from the third-party platform.
Inbox messages and replies — kept while your account is active; you can delete individual conversations at any time.
Billing records — retained for the period required by tax and accounting law in the relevant jurisdictions (typically 7 years).
Logs — operational and security logs are typically retained for up to 12 months.
Backups — encrypted backups roll off on their normal schedule (typically within 30–90 days) after deletion from the live system.

Where retention is required for legal, regulatory, dispute-resolution or fraud-prevention reasons, we may keep data longer than the periods above.

10. Security

We maintain administrative, technical and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include:

encryption of data in transit (TLS) and of sensitive data at rest;
encryption of OAuth tokens using authenticated symmetric encryption with keys held only by the Service;
password hashing with a modern algorithm;
role-based access controls and least-privilege provisioning;
URL validation on outbound HTTP requests to mitigate SSRF;
bounded timeouts on external service calls;
isolation of jobs into background workers via managed message queues;
audit logging;
multi-factor authentication for staff access to production systems;
vendor security reviews and contractual data-protection commitments; and
incident-response procedures.

No system is fully secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on where you live, you may have the right to:

access the personal data we hold about you and receive a copy in a portable format;
request correction of inaccurate or incomplete data;
request deletion of your data, subject to retention obligations;
object to or restrict certain processing, including direct marketing;
withdraw consent where processing is based on consent (for example marketing emails captured at sign-up), without affecting the lawfulness of processing already carried out;
opt out of the “sale” or “sharing” of personal information for cross-context behavioural advertising — Buzzator does not sell personal data and does not share it for cross-context behavioural advertising as those terms are defined under the California Privacy Laws;
lodge a complaint with your supervisory authority (in the EU/UK) or with another competent authority in your jurisdiction.

Most account changes can be made by signing in to your account and editing your profile, billing or Brand workspace settings, or by disconnecting a platform from the integrations page. To exercise rights that cannot be handled in-product, email [email protected]. We will respond within the timeframe required by applicable law (typically 30 days, extendable for complex requests). We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the “California Privacy Laws”) gives you the rights summarised in Section 11, including the right to know what categories of personal information we collect about you and the purposes for which we use them (described in Sections 3 and 4), the right to delete, the right to correct, the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights. Buzzator does not sell personal information and does not share it for cross-context behavioural advertising. To exercise your California rights, email [email protected].

13. Children

The Service is intended for business use and is not directed to children under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Marketing and Cookies Choices

You can unsubscribe from marketing emails at any time using the unsubscribe link in any such email, or by withdrawing your marketing consent in your account settings. Unsubscribing from marketing does not stop transactional and account-related emails, which are necessary while your account is active. You can manage cookie preferences via the consent banner on the Site (where displayed) or your browser settings.

15. Third-Party Sites and Services

The Site and the Service link to and integrate with third-party services. Their handling of your data is governed by their own privacy policies, not this one. We encourage you to review the privacy policy of any platform you connect to Buzzator, including:

Meta (Instagram, Facebook, Threads) — https://www.facebook.com/privacy/policy
LinkedIn — https://www.linkedin.com/legal/privacy-policy
X / Twitter — https://x.com/en/privacy
TikTok — https://www.tiktok.com/legal/page/row/privacy-policy/en
YouTube / Google — https://policies.google.com/privacy
Pinterest — https://policy.pinterest.com/en/privacy-policy
Bluesky — https://bsky.social/about/support/privacy-policy

16. Changes to this Policy

We may update this Privacy Policy from time to time. If a change is material we will provide reasonable notice (for example by email or in-product notice) before it takes effect. The date the Policy was last updated is shown at the top of this page; we encourage you to review it periodically.

17. Contact Us

For privacy questions, requests, or complaints, email [email protected], or write to us at:

Buzzator LLC — 30 N Gould St, Ste N, Sheridan, WY 82801, United States.
AI Global Reach LLC — 8 The Green, Ste B, Dover, Kent County, DE 19901, United States.