Privacy Policy

Last updated: 13 June 2026

ScheduleKaro ("we", "us", "our") is a social media scheduling service operated from India. We respect your privacy and are transparent about the data we hold. This policy explains what we collect, why we collect it, and your rights over it.

1. What data we collect

  • Account information — your name, email address, a hashed password (we never see your password in plain text), and an optional profile photo.
  • Content you create — the text, images, videos, and scheduling details of the posts you build inside ScheduleKaro.
  • Connected social accounts— when you click "Connect Facebook", we receive (a) basic profile details of the Facebook Pages and Instagram Business accounts you choose to link, (b) an access token that lets us publish on your behalf, and (c) Meta's app-scoped user id so we can honor Facebook data deletion callbacks. Access tokens are encrypted at rest using AES-256-GCM with a key derived from a server-only secret.
  • Usage data — basic logs (timestamps, post IDs, success/failure outcomes) that let the scheduler run reliably and help us debug issues.

2. How we use your data

  • To run the service — letting you create, schedule, and publish posts.
  • To publish content to your connected Facebook Pages and Instagram Business accounts at the time you schedule.
  • To send you in-app and email notifications when a post is published or fails.
  • To refresh post-performance metrics such as reach, impressions, likes, comments and shares when you use analytics.
  • To prevent abuse, comply with legal obligations, and improve reliability.

We do not sell your data, share it with advertisers, or use it to train machine learning models.

3. Third-party services we use

  • Meta (Facebook / Instagram Graph API)— to publish posts, read basic account info, refresh post insights, and receive signed data deletion requests, governed by Meta's own policies.
  • Google Gemini API — when you use the AI Tools page, the prompt (and optional image) you type is sent to Google for generation. We do not store the prompt after the response is delivered.
  • Cloudflare — for DNS and email routing (info@schedulekaro.com mail forwarding).
  • Hostinger — our hosting provider for the server and database.

4. How long we keep your data

We keep your account and content for as long as your ScheduleKaro account is active. If you delete your account, we delete your personal data, posts, uploaded media, and stored social-account tokens within 30 days. See the Data Deletion page for how to request deletion.

5. Your rights

  • You can access, edit, or delete your account at any time from /dashboard/settings.
  • You can disconnect a social account at any time from /dashboard/accounts — this revokes our stored token immediately.
  • You can request a copy of, or full deletion of, your data by emailing info@schedulekaro.com.

6. Security

Passwords are hashed (Better Auth, bcrypt). Social-account access tokens are encrypted with AES-256-GCM before they touch the database. The site is served only over HTTPS. We do our best to follow industry standards, but no service can guarantee perfect security.

7. Children

ScheduleKaro is not directed at children under 13 (or the equivalent minimum age in your country). We do not knowingly collect data from children.

8. Changes to this policy

We may update this policy as the service evolves. We will post the new version here with an updated "Last updated" date. If the change is significant, we will notify you in-app or by email.

9. Contact

Questions, requests, or complaints: info@schedulekaro.com.