SocialHQ

Privacy Policy

Last updated: June 30, 2026

SocialHQ is a messaging sales CRM that brings your WhatsApp, Instagram, and Facebook conversations into one inbox, where an AI engine scores, summarizes, and suggests next steps so you can close more deals. This policy explains what data we process when you use SocialHQ, why, and the choices you have. In it, "we" means SocialHQ and "you" means the business owner or team member using the service. For the messages and contacts you bring in from connected platforms, you are the data controller and SocialHQ acts as a processor on your behalf.

Information we collect

We collect data in four buckets:

  • Account data — your name, email address, hashed password, organization (business) name, role, and login sessions.
  • Connection credentials — the access tokens and app secrets for the WhatsApp, Instagram, and Facebook accounts you connect. These are encrypted at rest (AES-256-GCM) and never shown again after you save them.
  • Customer messaging data — the messages, comments, and mentions your customers send to your connected accounts, plus contact details we derive from them (display name, platform handle/ID, tags, pipeline stage, and an AI lead score). This arrives through the platforms' official webhooks when a customer messages you.
  • Billing data — your plan, subscription status, and a Stripe customer reference. Card details are handled directly by Stripe; we never see or store full card numbers.

How we use your data

We use your data only to operate the service for you: to deliver customer conversations into your inbox; to score, summarize, tag, and suggest a next step for each conversation; to flag hot deals that have gone quiet; to let you (and only you) review and send replies; to manage team seats and billing; and to send you transactional email such as invites, password resets, and email verification. We do not use your data for advertising and we do not sell it.

AI processing

To score and summarize a conversation, we send its contents to our AI provider, Anthropic, via the Claude API for a single structured analysis per conversation. The AI enriches your inbox — it scores, summarizes, drafts, and nudges — but it never sends a message to your customer. You review and send every reply yourself. Conversation data sent to the Claude API is processed to return the analysis and is not used to train models.

Connected platforms (Meta)

When you connect WhatsApp, Instagram, or Facebook, we exchange data with Meta through its official APIs and receive inbound messages through Meta webhooks. Your use of those connections is also governed by Meta's terms and policies. We respect each platform's messaging window rules and only capture the sources you choose (direct messages, comments, mentions). We do not capture WhatsApp groups or personal chats.

Sub-processors

We rely on a small set of vendors to run the service, each acting under contract on our behalf:

  • Anthropic — AI analysis of conversations (Claude API).
  • Meta Platforms — messaging delivery for WhatsApp, Instagram, and Facebook.
  • Stripe — subscription billing and payment processing.
  • Our email (SMTP) provider — sending transactional email.
  • Our hosting, database, and queue infrastructure — storing and processing your workspace data.

Storage, security & retention

Your data is stored in a multi-tenant database where every record is scoped to your organization, so one workspace cannot read another's. Connection credentials are encrypted at rest with AES-256-GCM and passwords are stored only as salted hashes. We retain your data for as long as your account is active. When you close your account or ask us to delete your data, we delete or anonymize it, except where we must retain limited records to meet legal or accounting obligations.

Sharing

We do not sell your data or share it for others' marketing. We share it only with the sub-processors listed above to operate the service, or where required by law, legal process, or to protect the rights and safety of users and the public.

Your rights

You can access, correct, export, or delete your account data — contact us using the details below. If you are an end customer whose messages were captured through a connected account, the business that uses SocialHQ is the controller of that data; please contact that business to exercise your rights, and we will assist them as their processor.

International transfers

Our sub-processors may process data in countries other than your own. Where data is transferred across borders, we rely on those providers' safeguards and standard contractual protections.

Children

SocialHQ is a business tool and is not directed to children under 16. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy as the service evolves. When we do, we will revise the "Last updated" date above and, for material changes, notify you in the app or by email.

Contact

Questions about this policy or your data? Email us at privacy@socialhq.org.

Privacy Policy — SocialHQ