Privacy Policy
Last updated: 5 July 2026
This Privacy Policy explains how Seflora ("Seflora", "the Service", "we", "us") collects, uses, stores, and shares information. Seflora is operated by IDEA8LAB, a business registered in Nigeria ("IDEA8LAB", the entity legally responsible for the Service). By creating an account or connecting a social media account to Seflora, you agree to the practices described here.
If you do not agree with this Policy, do not use the Service or connect your accounts.
1. Who we are and how to contact us
Seflora is a social media content scheduling service operated by IDEA8LAB. For any privacy request — including access, correction, or deletion of your data — contact us at idea8labs@gmail.com.
2. Information we collect
2.1 Account information
When you register, we collect the information needed to create and secure your account, which may include your name, email address, and authentication credentials managed by our authentication provider.
2.2 Connected social media accounts and access tokens
When you connect a social media account (for example Facebook, Instagram, or TikTok), the relevant platform grants Seflora an OAuth access token and, where applicable, a refresh token. We store:
- the OAuth access and refresh tokens issued by the platform;
- platform account identifiers returned during authorization (for example a TikTok
open_id, a Facebook Page ID, or an Instagram Business account ID); - the scopes (permissions) you granted;
- basic profile information the platform returns, such as your username or display name.
These tokens exist for one purpose: to publish content to your connected accounts on your instruction, and to display the connection status back to you. We do not use them to read, collect, or store data from your accounts beyond what is required to operate the Service and to satisfy each platform's own requirements (for example, TikTok requires us to retrieve your current account posting settings immediately before a post so that the correct privacy option is applied).
Access and refresh tokens are stored encrypted at rest. They are never exposed to your browser or to any client-side code.
2.3 Content and campaign data
We store the content you create or generate through the Service (post text, captions, images, and any media), together with your campaign configuration such as schedule, posting frequency, target platforms, and whether a campaign uses automatic or manual (review-based) publishing.
2.4 Technical and usage data
We may collect standard technical data such as log records, timestamps, and error information generated when the Service operates, for the purposes of security, debugging, and reliability.
3. How we use information
- To operate the Service: generating, scheduling, and publishing content to the social media accounts you connect, in either automatic or manual mode as you configure.
- To authenticate you and secure your account.
- To send you transactional notifications you have enabled, such as "post ready for review", "post published", or "publishing failed" emails.
- To maintain, debug, and improve the reliability and security of the Service.
- To comply with the terms and technical requirements of the social media platforms you connect.
We do not sell your personal information, and we do not use your connected-account tokens for advertising or for any purpose other than operating the Service as described.
4. How we share information
We share information only as necessary to operate the Service. Recipients include, but are not limited to, the following categories:
- Social media platforms you connect — including Meta (Facebook and Instagram) and TikTok. When you publish or schedule a post, the content and associated metadata are transmitted to the relevant platform through its official API. Your use of each connected platform is also governed by that platform's own terms and privacy policy.
- Hosting, database, and storage providers — we use third-party infrastructure providers to host the Service and store data, including our database, authentication, and file storage provider.
- AI content-generation providers — where you use content-generation features, the prompts and related inputs are processed by a third-party AI provider (including Google's Gemini models) to produce the requested content.
- Email delivery providers — transactional notification emails are sent through a third-party email delivery provider.
- Legal and safety — where required by law, legal process, or to protect the rights, safety, and security of users, the public, or IDEA8LAB.
We may update the specific providers within these categories over time. Material changes will be reflected by updating this Policy and its "Last updated" date.
5. Data retention
We retain your account information, connected-account tokens, and content for as long as your account is active or as needed to provide the Service. When you disconnect a social media account or delete your Seflora account, the associated tokens and connection data are deleted as described in Section 6. We may retain limited records where required for legal, security, or audit purposes.
6. Your rights: disconnecting accounts and deleting data
You control your connected accounts and your data:
- Disconnect a social account: You can disconnect any connected social media account from within the Service at any time. On disconnection, we delete the stored OAuth access and refresh tokens for that account. You may additionally revoke Seflora's access directly in the settings of the relevant platform (for example, in your Facebook or TikTok app-permissions settings).
- Delete your account and data: You may request deletion of your Seflora account and associated personal data at any time by contacting idea8labs@gmail.com. On verified request, we delete your account information, stored tokens, and content, subject to any limited records we are required to retain by law.
- Access and correction: You may request a copy of the personal data we hold about you, or ask us to correct inaccurate data, by contacting the address above.
Disconnecting an account or deleting your data does not remove content that was already published to a social media platform before deletion; such content is controlled by that platform and by you through your account there.
7. Security
We apply technical and organizational measures to protect your data, including encryption of OAuth tokens at rest and server-side-only handling of all credentials and secrets. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Children
The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from them. If you believe a minor has provided us with personal information, contact us so we can delete it.
9. International users
The Service is operated from Nigeria. If you access the Service from another jurisdiction, you understand that your information may be processed in Nigeria and in the locations where our infrastructure providers operate.
10. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.
11. Governing law
This Policy is governed by the laws of the Federal Republic of Nigeria, and any disputes are subject to the jurisdiction of the courts of Lagos State, Nigeria.
12. Contact
For any question or request regarding this Policy or your data, contact IDEA8LAB at idea8labs@gmail.com.