✨ Start for free • Upgrade anytime with 3 free AI video creditsView Plans
Surf LogoSurf

Privacy Policy

Last Updated: December 27, 2025

1. Introduction

Surf Video Scheduler is a platform that enables users to create, edit, and schedule short-form videos for posting across multiple social media platforms including TikTok, Instagram, YouTube Shorts, LinkedIn, Facebook Pages, and Bluesky. This Privacy Policy explains how we collect, use, and protect your information when you use our video scheduling service.

2. Information We Collect

2.1 Account Information

  • Email Address: Used for account creation, authentication, and important service notifications
  • Password: Securely hashed and stored using industry-standard encryption
  • Profile Information: Optional display name and user preferences

2.2 Social Media Connection Data

  • OAuth Tokens: Access and refresh tokens for connected social media accounts
  • Platform Username/ID: Your username or user ID on connected platforms
  • Page Information: Details about Facebook Pages or other accounts you manage
  • Token Expiration Data: To enable automatic token refresh

2.3 Content You Create

  • Videos: Video files you upload or create using our platform
  • Captions & Descriptions: Text content you write or generate using our AI tools
  • Scheduling Data: Dates, times, and platform selections for your scheduled posts
  • Edit History: Records of modifications made to your content

2.4 Usage Information

  • Log Data: IP address, browser type, device information, and access times
  • Usage Statistics: Features used, number of videos created, posts scheduled
  • Performance Data: Error logs and debugging information to improve service quality

3. How We Use Your Information

3.1 Core Service Functionality

  • Authenticating your account and managing your session
  • Storing and processing your video content
  • Scheduling and posting content to your connected social media accounts
  • Providing AI-powered features like caption generation and video editing
  • Managing your subscription and billing

3.2 Social Media Integration

We use your OAuth tokens to post content on your behalf to TikTok, Instagram, YouTube Shorts, LinkedIn, Facebook Pages, and Bluesky according to your scheduling preferences.

3.3 Service Improvement

  • Analyzing usage patterns to improve our platform
  • Monitoring performance and fixing bugs
  • Developing new features based on user needs
  • Sending service updates and feature announcements

4. Data Storage and Security

4.1 Data Storage

  • Database: User data stored in Supabase (PostgreSQL) with encryption at rest
  • Video Storage: Videos stored in S3-compatible object storage
  • Location: Data stored in secure data centers
  • Retention: Data retained while your account is active and for 30 days after deletion

4.2 Security Measures

  • Encryption: All data transmission uses HTTPS/TLS encryption
  • Password Security: Passwords hashed using bcrypt
  • Token Protection: OAuth tokens encrypted at rest
  • Access Control: Row-level security policies enforce data isolation
  • Monitoring: Regular security audits and vulnerability assessments

5. Data Sharing and Third Parties

5.1 Social Media Platforms

We share your content with social media platforms only when you explicitly schedule posts. We do not share your data with these platforms for any other purpose.

5.2 Service Providers

We work with trusted third-party service providers:

  • Supabase: Database and authentication services
  • Cloud Storage: S3-compatible storage for video files
  • Stripe: Payment processing
  • AssemblyAI: AI-powered transcription and content analysis

5.3 We Do NOT

  • Sell your personal information to third parties
  • Share your videos or content without your consent
  • Use your content to train AI models
  • Post to your social media accounts without explicit scheduling by you

6. Your Rights and Controls

6.1 Account Management

  • Access: View all your personal data through your account dashboard
  • Edit: Update your profile information and preferences anytime
  • Delete: Request complete account deletion (processed within 30 days)
  • Export: Download your data in a portable format

6.2 Social Media Connections

  • Disconnect: Remove connected social media accounts at any time
  • Revoke Access: Revoke OAuth permissions through platform settings
  • Token Management: View and refresh connection tokens

6.3 Content Control

  • Delete Videos: Remove individual videos from storage
  • Cancel Schedules: Cancel scheduled posts before they publish
  • Modify Content: Edit captions and scheduling details

7. Cookies and Tracking

7.1 Cookies Used

  • Authentication Cookies: Keep you logged in securely
  • Session Cookies: Maintain your session state
  • Preference Cookies: Remember your settings and preferences

7.2 Analytics

We use minimal analytics to understand how users interact with our platform. We do not use third-party advertising cookies.

8. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

9. International Users

Your information may be transferred to and processed in the United States. By using our service, you consent to the transfer of your information to countries outside your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated through:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending email notifications for significant changes

11. GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we use your data
  • Right to Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your personal data

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know: What personal information we collect and how we use it
  • Opt-Out: Opt out of sale of personal information (we do not sell personal information)
  • Access: Request access to your personal information
  • Delete: Request deletion of your personal information
  • Non-Discrimination: Not be discriminated against for exercising your rights

13. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours. The notification will include:

  • Description of what data was affected
  • Steps we are taking to address the breach
  • Recommendations for protecting your account

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]
Website: https://surf.to

We will respond to all requests within 30 days.

Privacy Commitment Summary

We are committed to:

  • Collecting only data necessary to provide our service
  • Never selling your personal information
  • Implementing strong security measures
  • Giving you control over your data
  • Being transparent about our practices
  • Complying with all applicable privacy regulations