FeedloopFeedLoop

Privacy Policy

Last updated: May 13, 2026

This Privacy Policy explains how Feedloop ("we", "us", "our") collects, uses, stores, and shares information when you use our service at feedloophq.com and app.feedloophq.com (the "Service"). We've written this in plain English. If anything here is unclear, email support@feedloophq.com and we'll explain.

1. Who we are

Feedloop is a social media automation tool built and operated from Ethiopia. We help people publish content from a single source (an RSS feed, blog, or connected social account) to multiple social networks automatically.

2. The information we collect

2.1 Information you give us directly

  • Account data — your name, email address, and a password (stored hashed, never in plain text) when you sign up.
  • Profile preferences — your timezone, locale, and display settings.
  • Billing information — we don't store your card details. Payments are processed by Chapa (for Ethiopian Birr) or Polar (for global currencies, acting as our Merchant of Record); we only store the transaction reference, plan, and status they return.
  • Content you create — automations you configure, post templates, hashtag rules, posting schedules, and any media (images, videos) you upload.

2.2 Information from connected social accounts

When you connect a social account (Facebook, Instagram, LinkedIn, Mastodon, Pinterest, X, etc.) we receive an OAuth access token issued by that platform, along with the public profile information the platform sends us (typically: username, display name, avatar URL, and account ID).

We encrypt all OAuth tokens at rest using AES-256-GCM before writing them to our database. We never receive or store your social-platform passwords.

When you connect a feed as an input (e.g., your Mastodon account, an Instagram feed, an RSS URL), we additionally fetch the recent posts from that feed in order to syndicate them. We store the fetched content (post text, link, media URL, publish date) so we can deduplicate and queue it.

2.3 Information we collect automatically

  • Usage logs — request method, path, status code, timestamp, and IP address. Used for security, abuse prevention, and debugging. Retained for 30 days.
  • Analytics snapshots — for each connected social account, we record daily snapshots of follower count, post count, and engagement metrics (likes, reblogs) that the platform exposes through its API. These are shown on your Stats dashboard.
  • Session cookies — a single secure, HTTP-only session cookie set by our authentication system. No third-party tracking cookies, no analytics pixels, no advertising trackers.

3. How we use your information

  • To operate the Service: poll your sources, format posts per platform, deliver them to your connected accounts on schedule.
  • To authenticate you and keep your account secure.
  • To bill you on the plan you've chosen (via Chapa or Polar).
  • To communicate with you about your account, billing events (receipts, failures), and material changes to the Service.
  • To improve the Service by analyzing aggregated, anonymized usage patterns.
  • To comply with legal obligations and respond to lawful requests from competent authorities.

We do not sell, rent, or trade your personal information. We do not use your content to train AI models. We do not show you advertising.

4. Who we share information with

  • The social platforms you connect — when you create an automation that posts to, e.g., Facebook, the post content and media are sent to Facebook's API. This is the entire point of the Service.
  • Payment processors — Chapa and Polar receive the transaction data necessary to process your subscription.
  • Infrastructure providers — our server (currently Contabo in the European Union) and our database run in Europe. No customer data is moved outside the EU without your consent.
  • Authorities — only when compelled by a valid legal process, and only to the minimum extent required.

5. Where your data lives

Our application servers and database run in the European Union (Frankfurt region). Encrypted backups are retained for 10 days. The encryption key for OAuth tokens is held only in our application environment and never stored alongside the data it encrypts.

6. How long we keep your data

  • Account data: as long as your account exists.
  • Content (automations, posts, uploads): as long as your account exists, unless you delete the items.
  • Request logs: 30 days.
  • Billing records: 7 years (required by tax law).
  • After account deletion: we delete personal data and content within 30 days, except billing records (above) and items we are legally required to retain.

7. Your rights

Regardless of where you live, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct any information that's wrong.
  • Delete your account and the data associated with it.
  • Export your data in a machine-readable format.
  • Withdraw consent for connected social accounts by disconnecting them in the dashboard.
  • Object to specific processing or restrict it.

To exercise any of these rights, email support@feedloophq.com from the email address on your account. We respond within 30 days.

If you're in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

8. Security

We protect your data with industry-standard measures, including:

  • TLS (HTTPS) for all traffic between you and us.
  • AES-256-GCM encryption at rest for all OAuth tokens.
  • Hashed passwords (we never store, log, or transmit plain-text passwords).
  • Rate limiting and abuse detection on every public endpoint.
  • Restricted, audited access for our own staff.

No system is perfectly secure. If we discover a breach affecting your data, we will notify affected users within 72 hours of confirmation, as required by applicable law.

9. Children

Feedloop is not intended for users under the age of 16. We do not knowingly collect data from children. If we learn we have, we delete it immediately.

10. Third-party platforms

When you connect a social platform to Feedloop, that platform's own privacy policy governs how it handles your data. We are not responsible for, and do not control, those platforms' practices. You can review and revoke our access through each platform's account settings at any time.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you by email and post a notice on the dashboard at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

Questions, requests, or complaints about this policy or your data:
Email: support@feedloophq.com