Privacy Policy
Last updated: 06/15/2026
1. Data controller
The controller of personal data collected through RRSS.Leukasoft (hereinafter, "the application") is:
- Holder: Antonio Sánchez Fernández
- Tax ID (NIF): 33499597M
- Address: Filet de Dins 38, 03203 Elche, Spain
- Email: info@leukasoft.com
- Website: leukasoft.com
2. Data we collect directly
- Telegram identifier and public name, used to authenticate the user.
- OAuth access tokens issued by social networks the user voluntarily connects. Tokens are stored encrypted with AES-256 in the database and are never written to logs.
- Campaign content created by the user (texts, images, videos).
- Technical access logs of application usage (date, IP, actions performed) for security and diagnostics.
3. Data obtained from third-party platforms
When the user connects an external account, the application obtains and processes the following data via the official APIs of each platform, solely to provide the requested service:
| Platform | Data | Purpose |
|---|---|---|
| Meta (Facebook Pages) | Page ID and name, page token | Publish content on the chosen page |
| Meta (Facebook Pages) | Post insights (reach, reactions) | Display metrics to the user |
| Meta (Instagram Business) | Professional account ID, token, media ID | Publish posts and Reels |
| Meta (Instagram Business) | Insights (impressions, reach, interactions) | Display metrics to the user |
| Meta (Threads) | Profile ID, token, thread IDs | Publish threads, reply and manage reply settings |
| Meta (Threads) | Thread insights (views, likes, replies) | Display metrics to the user |
| Profile or organization ID, token | Publish content | |
| TikTok | Account ID, token, public metrics | Publish videos and display metrics |
| Account/board ID, token | Publish pins |
4. Purpose and legal basis
Data is processed to allow the user to create, schedule and publish campaigns on the connected social networks, and to review the metrics of those publications. The legal basis for processing is the consent given by the user when connecting their accounts (art. 6.1.a GDPR) and the performance of the requested service (art. 6.1.b GDPR).
5. Prohibited uses of platform data
The application complies with the Meta Platform Terms and the Meta Developer Policies. In particular, we expressly state that we do not use data obtained through Meta or other platform APIs to:
- Resell or transfer it to third parties for commercial purposes.
- Build advertising profiles, segment audiences or sell ads to third parties.
- Build credit scoring, evaluate creditworthiness, or take employment, housing or insurance decisions.
- Conduct surveillance, biometric facial recognition or person identification.
- Train artificial intelligence models or automated algorithms.
- Enrich commercialized databases or data-broker pipelines.
6. Recipients and sub-processors
Published content is sent only to the official APIs of the social networks selected by the user (Meta / Facebook and Instagram, TikTok, LinkedIn, Pinterest). The following sub-processors are involved in the technical operation of the service:
- DigitalOcean LLC — server and database hosting. Region: Amsterdam (Netherlands), within the European Economic Area.
- Telegram FZ-LLC — delivery of messages from the authentication bot. Processed under the European Commission Standard Contractual Clauses and Telegram's privacy policy.
No other international data transfers occur outside the EEA except those inherent to the use of the public APIs of the listed social networks, which the user expressly authorizes when connecting their accounts.
7. Retention period
- User account and OAuth tokens: while the account remains active. Removed within a maximum of 30 calendar days from the deletion request or from the disconnection of the application in the external platform settings.
- Campaigns and content stored internally: while the account remains active. Removed upon termination.
- Stored metrics: we retain only the historical aggregate for 24 months to allow time-series evolution; data is anonymized after that period.
- Technical logs: 90 days, unless a longer legal retention obligation applies.
8. User rights
Users may exercise their rights of access, rectification, erasure, objection, restriction and portability by writing to info@leukasoft.com. They are also entitled to lodge a complaint before the Spanish Data Protection Agency (www.aepd.es).
For full deletion of data please follow the instructions on the Delete my data page.
9. Security
Social network OAuth tokens are stored encrypted with AES-256 at rest and are never included in application logs. Connections always run over HTTPS. Only strictly necessary personnel have access to the production environment.
10. Minimum age
The application is intended for users over 14 years old, in accordance with article 7 of Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights. Minors below this age must not use the service.
11. Cookies
The application uses only technical cookies strictly necessary for maintaining the user's session. No advertising or tracking cookies are used.
12. Modifications
We reserve the right to modify this policy to adapt it to legal or functional changes. The current version is always the one published on this page.