MySampark
Get started

Terms & policies

Privacy PolicyTerms & Conditions

Privacy Policy

Effective May 30, 2026 · Version 1.0

Updated May 30, 2026

1. Introduction & Data Controller Information

This Privacy Policy explains how Saurabh Infosys ("we", "our", "us", or the "Company"), the Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and data controller under applicable international privacy laws, collects, uses, stores, processes, discloses, and protects personal data when you use MY SAMPARK ("Platform"), a web-based social media scheduling, AI content generation, and multi-platform publishing service.

This Privacy Policy applies to all users of the Platform, including individuals, businesses, and authorized agents who access or use our services. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

MY SAMPARK integrates with the following social media platforms: X (Twitter), LinkedIn, Instagram, Facebook, Pinterest, and YouTube. By connecting your social accounts, you authorize us to access and use data from these platforms strictly as described in this policy.

This Privacy Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (India), General Data Protection Regulation (EU/EEA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws.

2. Definitions

In this Privacy Policy:

  • "Personal Data" means any data about you that is identifiable by or in relation to such data, as defined under the DPDP Act, 2023
  • "Sensitive Personal Data" includes financial data, health data, biometric data, and any data classified as sensitive under applicable law
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, and deletion
  • "Data Principal" means the individual to whom the personal data relates, as defined under the DPDP Act, 2023
  • "Data Fiduciary" means Saurabh Infosys, which determines the purpose and means of processing personal data
  • "Consent Manager" means an entity registered with the Data Protection Board of India that manages consent on behalf of Data Principals

3. Information We Collect

We collect the following categories of personal data. The specific data collected depends on how you use the Platform:

a. Identifiers & Account Information

  • Email address and/or phone number for account creation, login, and OTP-based verification
  • Full name, profile picture, and role associated with your account
  • Account credentials (stored securely)

b. Business Profile Information

  • Business name, industry, description, and contact details
  • Business address, website URL, and products/services offered
  • Business logo and branding assets
  • Social media profile URLs for all connected platforms

c. Connected Social Media Account Data

When you connect a social media account via OAuth, we collect the following from each platform:

X (Twitter)

  • Account handle, display name, profile image, and account ID
  • OAuth access tokens for posting and scheduling
  • Permission to post, read, and manage tweets on your behalf

LinkedIn

  • Profile name, email, profile photo, and LinkedIn member ID
  • OAuth access tokens for posting and scheduling
  • Access to LinkedIn Pages you administer
  • Permission to post, read, and manage content on your profile and pages

Instagram

  • Instagram account username, account ID, and profile picture
  • OAuth access tokens for posting and scheduling
  • Access to Instagram Business/Creator account insights
  • Permission to publish posts, reels, and stories on your behalf

Facebook

  • Facebook account name, user ID, and profile picture
  • OAuth access tokens for posting and scheduling
  • Access to Facebook Pages you administer
  • Permission to publish posts, manage pages, and access page insights

Pinterest

  • Pinterest account username, user ID, and profile information
  • OAuth access tokens for posting and scheduling
  • Access to your boards and pins for content publishing
  • Permission to create pins and manage boards on your behalf

YouTube

  • Google account name, email, profile picture, and YouTube channel ID
  • OAuth access tokens for uploading and managing videos
  • Permission to upload videos (shorts and standard), manage video metadata, and access basic channel analytics

d. Uploaded & Generated Content

  • Images, logos, captions, videos, and other media you upload or create through the Platform
  • AI-generated content created using our content generation features
  • Campaign details, scheduling preferences, post configurations, and first comments

e. Usage & Device Information (Automatically Collected)

  • Log data including IP address, browser type, operating system, and access timestamps
  • Pages visited, features used, and interaction patterns within the Platform
  • Device identifiers and referral URLs
  • Error logs and performance diagnostics

f. Payment & Subscription Information

  • Subscription plan details, billing status, and credit balance
  • Payment transactions processed through secure third-party payment processors
  • We do not store full credit/debit card numbers on our servers

g. Communications

  • Support requests, feedback, and inquiries you submit to us
  • Transactional emails (OTP codes, account alerts, subscription updates)

4. How We Collect Information

We collect personal data through the following methods:

  • Directly from you: When you create an account, fill out your business profile, upload content, connect social media accounts, make a purchase, or contact support
  • Automatically: Through cookies, server logs, and similar technologies when you access or use the Platform (see Section 16 — Cookies & Tracking Technologies)
  • From social media platforms: When you authorize OAuth connections with X (Twitter), LinkedIn, Instagram, Facebook, Pinterest, or YouTube, we receive data from those platforms as described in Section 3(c)
  • From third-party service providers: Payment processors, analytics providers, and infrastructure partners may share limited data with us as necessary to provide their services

5. Purpose of Processing & Legal Basis

We process your personal data only for specific, lawful purposes and only when we have a valid legal basis. The list below describes each purpose and the applicable legal basis:

  • Account Creation & Authentication — We use your email/phone and name to create your account, verify your identity via OTP, and manage your session. Legal Basis: Consent (DPDP Act); Performance of a contract (GDPR Article 6(1)(b)).
  • Service Delivery & Platform Operation — We use your account data, business profile, and connected social accounts to provide scheduling, publishing, AI content generation, and analytics features. Legal Basis: Consent (DPDP Act); Performance of a contract (GDPR Article 6(1)(b)).
  • Social Media Publishing — We use OAuth tokens to transmit your scheduled content to connected platforms (X, LinkedIn, Instagram, Facebook, Pinterest, YouTube). Legal Basis: Consent (DPDP Act); Performance of a contract (GDPR Article 6(1)(b)).
  • Billing & Subscription Management — We use payment and subscription data to process transactions, manage your plan, and maintain billing records. Legal Basis: Performance of a contract (GDPR Article 6(1)(b)); Legal obligation (GDPR Article 6(1)(c)) for tax/financial records.
  • Communications & Support — We use your contact information to send transactional messages (OTP, account alerts), respond to support requests, and communicate about service updates. Legal Basis: Consent (DPDP Act); Legitimate interest (GDPR Article 6(1)(f)).
  • Security & Fraud Prevention — We use log data and device information to detect unauthorized access, prevent fraud, and ensure platform security. Legal Basis: Legitimate interest (GDPR Article 6(1)(f)); Compliance with law (DPDP Act Section 7).
  • Platform Improvement & Analytics — We use usage data to understand how the Platform is used, identify issues, and improve features and performance. Legal Basis: Legitimate interest (GDPR Article 6(1)(f)).
  • Legal Compliance — We retain and process data as required by applicable laws, regulations, and legal processes. Legal Basis: Legal obligation (DPDP Act; GDPR Article 6(1)(c)).

We do not: Use your personal data for targeted advertising, sell or rent your personal data to third parties, or use your data for automated decision-making that produces legal effects.

6. Consent & Notice

In compliance with Section 6 of the DPDP Act, 2023, we obtain your consent before processing your personal data. Our consent is:

  • Free: Given voluntarily without coercion or undue influence
  • Specific: Obtained for each defined purpose of processing
  • Informed: Provided after giving you a clear notice describing what data is collected, why it is processed, and your rights
  • Unconditional: Not bundled with unrelated services
  • Unambiguous: Given through a clear affirmative action (e.g., checking a consent box, clicking "Agree")

You may withdraw your consent at any time by contacting us at [email protected] or through the Platform settings. Withdrawal of consent will be processed as easily as the original consent mechanism. Upon withdrawal, we will cease processing your personal data for the purposes for which consent was withdrawn, unless retention is required by law.

7. Social Media Platform Integrations

MY SAMPARK integrates with six social media platforms through their authorized APIs. When you connect a social account, you grant us limited permissions via OAuth. The table below summarizes the data accessed and actions performed for each platform:

PlatformData AccessedActions Performed
X (Twitter)Handle, name, profile image, account ID, OAuth tokensPost, schedule, and manage tweets
LinkedInProfile name, email, photo, member ID, page IDs, OAuth tokensPost, schedule content to profile and pages
InstagramUsername, account ID, profile picture, OAuth tokens, insightsPublish posts, reels, and stories
FacebookAccount name, user ID, profile picture, page IDs, OAuth tokensPublish posts, manage pages, access insights
PinterestUsername, user ID, profile info, boards, OAuth tokensCreate pins, manage boards
YouTubeGoogle account name, email, photo, channel ID, OAuth tokensUpload videos (shorts/standard), manage metadata, access analytics

LinkedIn-Specific Terms: Our use of LinkedIn data is governed by the LinkedIn API Terms of Use and LinkedIn's Privacy Policy. We access and use LinkedIn data solely to provide the publishing, scheduling, engagement, and analytics features you request. We do not use LinkedIn data for advertising, do not sell or transfer it to third parties, and do not combine it with data from other sources for purposes unrelated to the service. Posting to an individual LinkedIn profile occurs only with the explicit consent of the member who owns that profile and only at their direction. We will delete LinkedIn-derived data when you disconnect your LinkedIn account, when you delete your My Sampark account, or when LinkedIn requires such deletion.

Important: We do not access private messages, personal conversations, or contact lists from any connected social media platform. OAuth tokens are stored securely using industry-standard safeguards. You may disconnect any social account at any time from the "Connected Accounts" section, which immediately revokes our access to that platform.

8. AI-Generated Content

MY SAMPARK provides AI-generated content as a productivity and creative aid. Regarding AI features:

  • Data Used for AI: AI content generation uses your business profile information, uploaded content, and prompts you provide to generate relevant content
  • No Training on Your Data: Your data is not used to train, fine-tune, or improve external AI models. AI processing is performed solely to deliver the content generation feature you request
  • AI Service Providers: AI processing may be performed by third-party AI service providers under strict data processing agreements that prohibit using your data for model training
  • User Responsibility: Users are solely responsible for reviewing, editing, and ensuring that AI-generated content complies with applicable platform policies, intellectual property rights, and laws
  • No Guarantees: We do not guarantee the accuracy, originality, or legal compliance of AI-generated output

9. Data Sharing & Third-Party Service Providers

We do not sell, rent, or trade your personal information. We share data only in the following circumstances and with the following categories of third-party service providers:

a. Service Providers

We engage trusted third-party vendors to assist in operating the Platform. These providers are contractually bound to protect your data and may not use it for any purpose other than supporting our Service:

  • Cloud Hosting & Infrastructure: Server hosting, data storage, and CDN providers
  • Payment Processing: Secure payment gateway providers for subscription billing
  • Analytics: Platform usage analytics and performance monitoring
  • Email & Communication: Transactional email delivery and notification services
  • AI Service Providers: Third-party AI APIs for content generation (data processed solely for generating your requested content)
  • Customer Support: Support ticketing and helpdesk tools

b. Social Media Platforms

When you schedule or publish content, we transmit the content and associated metadata to the respective social media platform (X, LinkedIn, Instagram, Facebook, Pinterest, YouTube) via their authorized APIs. This transmission is necessary to deliver the service you request.

c. Legal Requirements

We may disclose your information when required by law, regulation, legal process, or enforceable governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

d. Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

12-Month Disclosure Statement: In the preceding 12 months, we have not sold or shared (as defined under CCPA) any personal information of consumers to third parties for cross-context behavioral advertising or other purposes.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers from the EEA
  • Data Processing Agreements: Contractual obligations requiring third-party providers to protect your data to standards equivalent to GDPR
  • Adequacy Decisions: Where applicable, transfers to countries recognized by the European Commission as providing adequate data protection
  • DPDP Act Compliance: Cross-border transfers comply with the DPDP Act and are permitted to all countries not restricted by the Central Government

By using the Platform, you acknowledge that your data may be transferred to countries outside your country of residence, subject to the safeguards described above.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. The following table outlines our retention periods by data category:

Data CategoryRetention PeriodReason
Account information (name, email, phone)Duration of account + 30 days after deletionService delivery and account management
Business profile dataDuration of account + 30 days after deletionService delivery
OAuth tokens (social accounts)Until disconnected or account deletedSocial media publishing
Uploaded content & mediaDuration of account + 30 days after deletionContent delivery
Campaign data & schedulesDuration of account + 30 days after deletionService delivery
Log & usage data12 months from collectionSecurity, performance monitoring
Payment & billing records7 years from transactionLegal and tax compliance
Support communications3 years from resolutionQuality assurance and dispute resolution

Upon account deletion, we initiate removal of your data within 30 days. In compliance with the DPDP Rules 2025, personal data, traffic data, and processing logs are retained for a minimum of one year from the date of collection for specified purposes. Some data may be retained in encrypted backups for up to 90 days for disaster recovery purposes before permanent deletion.

12. Data Security & Safeguards

In compliance with the DPDP Act, 2023 and other applicable laws, we implement reasonable security safeguards to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

a. Technical Safeguards

  • Industry-standard encryption for data in transit and at rest
  • Secure session management using signed tokens with appropriate cookie policies
  • Access controls and authentication mechanisms to prevent unauthorized access
  • Intrusion detection systems and security monitoring
  • Regular security audits and vulnerability assessments

b. Organizational Safeguards

  • Role-based access controls for internal systems
  • Employee training on data protection and privacy
  • Confidentiality obligations for all personnel handling personal data
  • Regular review of security policies and procedures

c. Breach Notification

In the event of a personal data breach, we will:

  • Notify the Data Protection Board of India (DPBI) and relevant supervisory authorities without delay and within 72 hours of becoming aware of the breach, as required by the DPDP Act and GDPR Article 33
  • Provide a detailed report including the nature of the breach, categories and approximate number of Data Principals affected, likely consequences, and remedial measures taken
  • Notify affected individuals promptly via their registered communication channels
  • Take immediate steps to contain and remediate the breach

While we strive to protect your data, no method of electronic transmission or storage is completely secure. We encourage users to use strong, unique passwords and protect their account credentials.

13. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

a. Rights Under DPDP Act, 2023 (India)

  • Right to Access (Section 11): Request a summary of your personal data being processed and the processing activities undertaken
  • Right to Correction (Section 11): Request correction or updating of inaccurate or incomplete personal data
  • Right to Erasure (Section 11): Request deletion of your personal data where consent has been withdrawn or the data is no longer necessary for the purpose
  • Right to Grievance Redressal (Section 11): Raise a grievance regarding the processing of your personal data
  • Right to Nomination (Section 11): Nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity
  • Right to Withdraw Consent: Withdraw consent at any time, with the withdrawal process being as simple as the original consent process

b. Rights Under GDPR (European Economic Area, UK, and Switzerland Residents)

  • Right of Access (Article 15): Request a copy of the personal data we hold about you
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Request limitation of how we process your data
  • Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format
  • Right to Object (Article 21): Object to processing of your personal data based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority

c. Rights Under CCPA/CPRA (California Residents)

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, sources, purposes, and third parties with whom it is shared
  • Right to Delete: Request deletion of personal information collected from you, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: Direct us not to sell or share your personal information (Note: We do not sell or share personal information as defined under CCPA)
  • Right to Limit Use of Sensitive Personal Information: Direct us to limit the use and disclosure of your sensitive personal information (Note: We do not use sensitive personal information for purposes other than those authorized by law)
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

d. Additional Rights Under Other Jurisdictions

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, or other jurisdictions with applicable privacy laws, you may have similar rights including the right to access, delete, correct, opt-out of targeted advertising, and opt-out of profiling. We honor all applicable rights regardless of jurisdiction.

e. Your Data Control Within the Platform

  • Disconnect Social Accounts: You can disconnect any connected social media account at any time from the "Connected Accounts" page
  • Update Profile: You can update your personal and business information through the Profile and Business Settings pages
  • Delete Account: You can request complete account deletion by contacting us (see Section 14)

14. How to Exercise Your Rights

You may exercise any of the rights described in Section 13 by contacting us using the methods below:

a. Submitting a Request

  • Email: [email protected] — include "Privacy Data Request" in the subject line
  • In-App: Use the Settings page to update or manage your data directly

b. Verification Process

To protect your privacy, we must verify your identity before processing any data request. We may ask you to:

  • Confirm information associated with your account (e.g., registered email address)
  • Complete an OTP verification step
  • Provide additional information if we cannot verify your identity

c. Response Timelines

  • DPDP Act: We will respond to your request within a reasonable timeframe, as prescribed by the Data Protection Board of India
  • GDPR: We will respond within 30 days, extendable by an additional 60 days for complex requests with notification
  • CCPA: We will respond within 45 days, extendable by an additional 45 days when reasonably necessary, with notification

d. Authorized Agents

You may designate an authorized agent to submit a request on your behalf. The agent must provide written authorization signed by you, and we may still verify your identity directly before processing the request.

e. Grievance Redressal

For any grievance regarding the processing of your personal data, please contact our Grievance Officer at [email protected]. We will acknowledge your grievance and endeavor to resolve it within a reasonable timeframe. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India (DPBI).

f. Account Deletion Process

To request complete account deletion, email us at [email protected] with the subject line "Account Deletion Request" and your registered email address. Upon deletion:

  • All social media connections (X, LinkedIn, Instagram, Facebook, Pinterest, YouTube) will be immediately disconnected
  • All OAuth tokens will be revoked and deleted
  • All personal and business profile data will be permanently erased
  • All uploaded content, campaigns, and AI-generated content will be deleted
  • Your account will be permanently deactivated and cannot be recovered
  • We will send confirmation once deletion is complete

15. Children's Privacy

MY SAMPARK is not intended for users under the age of 18. In compliance with the DPDP Act, 2023, we do not knowingly process personal data of children (individuals under 18 years of age) without verifiable parental or guardian consent. We do not engage in behavioral monitoring or targeted advertising directed at children.

If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us immediately at [email protected].

16. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. Below is a description of the cookies we use:

a. Essential Cookies

Required for the Platform to function properly. These cookies handle authentication, session management, and security. You cannot opt out of essential cookies as the Platform will not function without them.

b. Functional Cookies

Remember your preferences and settings to enhance your experience. These cookies are optional.

c. What We Do Not Use

  • We do not use advertising or targeting cookies
  • We do not use third-party tracking pixels for advertising purposes
  • We do not use cross-site tracking technologies

d. Managing Cookies

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Platform from functioning properly. We honor Global Privacy Control (GPC) browser signals where applicable.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform features. When we make material changes:

  • We will notify you via email or through a prominent notice on the Platform before the changes take effect
  • The "Last Updated" date at the top of this policy will be revised
  • Where required by law, we will obtain your consent to material changes
  • The updated policy will be available in English and any relevant languages as required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

  • Saurabh Infosys
  • Data Fiduciary / Data Controller for MY SAMPARK
  • Grievance Officer / Data Protection Officer: [email protected]

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection supervisory authority. For DPDP Act-related inquiries, you may file a complaint with the Data Protection Board of India (DPBI).

This Privacy Policy was last updated on May 30, 2026.

Do less manual work. Grow more every day.

Start with MySampark
FAQ

Questions?
We've got answers.

Still researching? Ask AI what MySampark can do for your business.

MySampark is an AI social media automation platform for businesses. It helps teams create campaigns, schedule posts, automate comment-to-DM replies, answer product questions with AI, manage inbox conversations, and track analytics from one workspace.