Your data, on your terms.
How we collect, use, and protect your information — including data from the social accounts you choose to connect.
Last updated: June 17, 2026
Who we are
CopilotVerse ("we", "us", "our") operates CopilotVerse and its products, including Social Verse — a tool that lets you compose content once and publish it to your own connected social accounts. This policy explains what we collect, why, and your choices. You can reach us at hello@copilotverse.io.
Information you provide
When you create an account we collect your email address and authentication identifiers. When you use our products you provide the content you write (drafts, posts, replies), along with any settings and preferences you configure.
Connected social accounts
When you connect a social platform (X, LinkedIn, Reddit, Instagram, or Discord), you authorize us — via that platform’s official OAuth flow — to act on your behalf. We store the access tokens required to publish and to read engagement on your own posts. We never receive or store your social-platform password.
How we use social-platform data
We use your connected accounts solely to: (1) publish content you create and explicitly approve in our app; (2) confirm a post published and link to it; (3) display your connected handle/profile so you know which account is active; and (4) read engagement metrics and incoming comments/mentions on your own posts so we can show analytics and help you reply. We do not scrape other users’ data, sell platform data, use it for advertising or model training, or share it with third parties beyond what is required to provide the service.
Data from the platforms’ APIs
Our use of information received from X, Meta (Instagram), LinkedIn, Reddit, and Discord APIs adheres to each platform’s Developer Agreement, Developer Policy, and applicable Limited Use requirements. We request the minimum scopes needed (for example, on X: tweet.read, tweet.write, users.read, offline.access) and retain platform data only as long as needed to provide the feature you enabled.
How we store and protect data
Data is stored with our infrastructure providers (including Supabase/PostgreSQL) under access controls and row-level security. Access tokens are stored in records that are not readable by normal authenticated sessions and are used only server-side. We use encryption in transit (HTTPS) and restrict internal access.
Data sharing
We share data only with service providers that help us operate (hosting, database, email, payments, analytics), each bound to process data only on our instructions. We do not sell your personal data. We may disclose data if required by law.
Data retention and deletion
You can disconnect any social account at any time, which revokes our stored tokens for that account. You can request deletion of your account and associated data by emailing hello@copilotverse.io; we delete personal data within 30 days except where retention is legally required.
Revoking access
In addition to disconnecting inside our app, you can revoke our access directly from each platform’s settings (e.g. X “Connected apps”, LinkedIn “Permitted services”, Meta “Business integrations”, Reddit “Authorized applications”, Discord “Authorized apps”).
Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Contact us at hello@copilotverse.io to exercise these rights.
Changes to this policy
We may update this policy as our products evolve. We will revise the “last updated” date above and, for material changes, provide additional notice.
Questions about your privacy?
Email us at hello@copilotverse.io or reach out through the contact page.