Legal

Privacy Policy

Effective date: 4 May 2026  ·  Last updated: 4 May 2026

Organik (“we”, “our”, or “us”) provides a social media scheduling and content creation platform at organik.so. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our services. By using Organik you agree to the practices described here.

1.Information We Collect

We collect information you provide directly, information generated automatically through your use of the service, and information from third-party integrations.

Account & Profile Information

When you register, we collect your name, email address, and a hashed password. If you sign up via a third-party identity provider (e.g. Google), we receive your name and email from that provider.

Billing & Payment Information

Payments are processed by Stripe. We do not store your full card number or CVV. We receive a Stripe customer identifier and your subscription status to manage your plan.

Connected Social Account Credentials

When you connect a social media account (Instagram, LinkedIn, X / Twitter, Facebook, TikTok, Pinterest, and others), we store the OAuth access token and basic profile metadata (username, display name, avatar URL, page / account IDs) required to publish on your behalf. We do not store your social media passwords.

Content You Create

Posts, captions, images, videos, scheduled dates, drafts, and any other content you create or upload within Organik are stored in order to deliver the service.

Usage & Technical Data

We automatically collect anonymised data such as pages visited, features used, session duration, browser type, operating system, device type, IP address, and referring URL. This data helps us diagnose issues and improve the product.

2.How We Use Your Information

  • Deliver the service — scheduling and publishing posts to connected social accounts at your specified times.
  • Account management — authentication, subscription management, billing, and customer support.
  • Communications — transactional emails (publishing confirmations, billing receipts, password resets). We do not send marketing emails without your explicit consent.
  • Product improvement — analysing anonymised usage patterns to fix bugs, optimise performance, and prioritise new features.
  • Security & fraud prevention — detecting abuse, unauthorised access, and violations of our Terms.
  • Legal compliance — meeting obligations under applicable law, court orders, and regulatory requests.

We do not sell your personal data or the content you create to any third party, and we do not use your content to train AI models.

3.How We Share Information

We share data only as described below. We do not sell your information.

Service Providers

We use the following sub-processors who handle data on our behalf under data processing agreements:

ProviderPurpose
SupabaseDatabase, authentication infrastructure
StripePayment processing & subscription management
Cloudflare R2Media file storage (images and videos)
ResendTransactional email delivery
VercelApplication hosting & edge delivery

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or to protect the rights, safety, or property of Organik, our users, or the public.

Business Transfers

If Organik is acquired, merged, or sells substantially all of its assets, your data may be transferred as part of that transaction. We will notify you via email or prominent notice before your data is transferred and becomes subject to a different privacy policy.

4.Connected Social Platforms

Organik integrates with social media platforms via their official APIs. By connecting a platform, you authorise us to act on your behalf within the scope of your OAuth grant. Each platform governs its own data practices:

You can disconnect any social account at any time from your Organik account settings. Upon disconnection, stored access tokens for that account are deleted promptly.

5.Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies — session management and keeping you signed in.
  • Preference cookies — remembering your settings and interface preferences.
  • Analytics — anonymised product usage data to understand how the service is used and where to improve it.

We do not use third-party advertising cookies or cross-site tracking cookies. You can control cookies through your browser settings; disabling essential cookies will affect functionality.

6.Data Retention

We retain your personal data for as long as your account is active or as needed to deliver the service. Specifically:

  • Account data — retained until you delete your account, then purged within 30 days.
  • Content & media — deleted within 30 days of account deletion.
  • Billing records — retained for up to 7 years as required by tax law.
  • Anonymised analytics — may be retained indefinitely as they cannot be used to identify you.

7.Security

We take security seriously and implement the following measures:

  • All data is encrypted in transit using TLS/HTTPS.
  • Sensitive credentials (OAuth tokens, passwords) are encrypted at rest.
  • Database access is governed by row-level security policies.
  • We apply the principle of least privilege to internal team access.
  • We conduct regular access reviews and security audits.

No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to hello@organik.so before public disclosure.

8.Your Privacy Rights

Depending on your jurisdiction you may have the following rights. EEA, UK, and Swiss residents have these rights under the GDPR / UK GDPR:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to restrict processing in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any right, email hello@organik.so with the subject line Privacy Request. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9.Children's Privacy

Organik is not directed to children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with their data, please contact us immediately and we will delete it promptly.

10.International Transfers

Organik is operated from Australia and uses infrastructure providers in the United States and European Union. If you are located outside these regions, your data may be transferred to and processed in countries with different data protection laws.

Where we transfer data from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate protection.

11.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or via a prominent notice in the app at least 14 days before they take effect. The effective date at the top of this page reflects the most recent version.

12.Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us: