SocialPuffSocialPuff
Log in Start free
Legal

Privacy policy

This policy explains what personal data SocialPuff collects, how we use it, who we share it with, and the rights you have over it. Last updated on the date shown below.

Effective date: 1 November 2025

1. Who we are

SocialPuff ("we", "us", "our") is a product operated by Mithtech Innovative Solutions Private Limited, a company incorporated in India with its registered office at Rajajinagar, Bangalore, Karnataka 560010 (GSTIN 29AAKCM4907B1ZI). We are the data controller for the information described in this policy. You can reach our privacy team at privacy@socialpuff.in.

2. Scope

This policy covers the SocialPuff website (socialpuff.in), the SocialPuff application (app.socialpuff.in), and any related services operated by Mithtech. It does not cover third-party platforms (Facebook, Instagram, email providers, SMS providers, payment gateways) that you connect to your workspace — those platforms have their own privacy policies.

3. Data we collect

We collect data in three broad categories:

  1. Account data — your name, email, phone number, billing address, company name, and password (hashed). Provided by you at signup and updated from your profile.
  2. Workspace data — your bot flows, broadcasts, subscribers, tags, media uploads, orders, products and reports. This is the data you create while using SocialPuff.
  3. Usage data — device type, browser, IP address, referrer, pages visited, in-app clicks, error logs, and performance metrics. Used to secure the service and improve the product.

We process subscriber data (names, IDs, messages, tags) on your behalf as a processor. You are the controller of that data in your workspace.

4. How we use your data

  • To operate your SocialPuff workspace — authenticate you, render the dashboard, send messages you configure, process payments.
  • To provide support — when you email or chat with us, we use your account context to help you faster.
  • To send service communications — billing notices, security alerts, policy updates, and essential product updates.
  • To send marketing communications — only if you have opted in; you can opt out any time.
  • To prevent abuse and fraud — detect unusual activity, rate-limit malicious requests, and comply with platform policies (Meta, payment networks).
  • To comply with law — when required by a valid legal request.

We do not sell your data. We do not use your subscriber messages or broadcasts to train advertising models.

5. Third-party platforms

When you connect Facebook Pages, Instagram Business accounts, SMS providers, email providers, or payment gateways, SocialPuff exchanges data with those platforms on your instruction. Examples: we fetch a list of your Facebook Pages when you connect them, we call Meta's Graph API to send a Messenger message, we call Razorpay to process a payment. Each such platform has its own privacy policy and terms. You are responsible for ensuring your use of SocialPuff complies with the terms of those platforms, including Meta's Platform Terms and Developer Policies.

6. Cookies

We use cookies and similar technologies for authentication (keeping you logged in), security (CSRF protection), and analytics (understanding aggregate usage). You can disable non-essential cookies in your browser; essential cookies are required to use the app.

7. Sharing

We share data only with the following categories of recipients:

  • Sub-processors (hosting, email, SMS, payments, analytics, error monitoring) — bound by contract to process data only on our instructions.
  • Professional advisors (accountants, auditors, lawyers) — bound by confidentiality.
  • Authorities — only when legally compelled or when necessary to protect safety.

A current list of our material sub-processors is available on request.

8. Data location & retention

SocialPuff is primarily hosted in India. Some sub-processors (for example, email and analytics) may process data outside India; we ensure appropriate safeguards are in place. We retain account data for as long as your workspace is active, and for up to 90 days after cancellation to support reactivation and legal holds. Workspace data is deleted on request (see your rights below).

9. Security

  • Transport encryption (HTTPS / TLS) on all customer-facing endpoints.
  • Password hashing with industry-standard algorithms.
  • Role-based access inside the application; least-privilege access inside our operations.
  • Regular backups and disaster-recovery drills.
  • Security incident response process — affected customers are notified without undue delay.

No system is perfectly secure, but we hold ourselves to the standards expected of an enterprise SaaS provider.

10. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion ("right to be forgotten") subject to our legal retention obligations.
  • Object to or restrict certain processing.
  • Export your data in a portable format.
  • Withdraw consent you have given.
  • Lodge a complaint with the relevant data protection authority.

To exercise any of these, email privacy@socialpuff.in from the address associated with your account. We respond within 30 days.

11. Children

SocialPuff is not designed for, or directed at, children under 18. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy as the product or law evolves. Material changes will be announced via email and in the app. The "effective date" at the top tells you when the latest version took effect.

13. Contact

Mithtech Innovative Solutions Pvt. Ltd.
Rajajinagar, Bangalore, Karnataka 560010, India
privacy@socialpuff.in · +91 90087 70738