Legal

Privacy policy

Effective July 7, 2026

The plain-English version

Unbusied schedules and publishes social media posts on your behalf. To do that we store your account details, the content you compose, and the platform permissions (OAuth tokens) you grant us. We use this data to run the service, nothing else.

We don’t sell your data, we don’t run ads, we don’t use your content to train AI models, and we don’t keep your heavy video files longer than the job requires. Delete your account and we hard-delete your data. Questions? Get in touch and a human (the founder) reads and answers it.

Who we are

Unbusied is operated by MXVEN, LLC, a United States company (“Unbusied,” “we,” “us”). The service consists of this website (unbusied.com) and the application at app.unbusied.com. This policy describes what personal data we collect, why, how long we keep it, and the choices you have. It applies to the service only; the social platforms you connect have their own privacy policies.

Data we collect

  • Account information. Your email address and the name you provide. We use passwordless sign-in links, so we never store a password.
  • Content you compose. The posts, captions, photos, and videos you create or upload for scheduling and publishing.
  • Connected-account data.When you connect a social account we store the OAuth access credentials the platform issues, plus basic profile details (account ID, username, display name, avatar) needed to show you what’s connected and to publish on your behalf.
  • Publishing and analytics data. Delivery results for each post (published, failed, and why), links to the published posts, and periodic snapshots of follower/subscriber counts and post performance metrics from your connected accounts.
  • Billing information. Payments are processed by Stripe. We store your subscription status and Stripe customer reference. We never see or store your full card number.
  • Support correspondence. The name, email, and message you send through our contact form, or any emails you send us.
  • Website usage data. On the public marketing site only, Google Analytics collects standard usage data (pages visited, approximate location, device and browser type) so we can see which pages are useful. See the cookies section below.
  • Technical logs. Standard server logs (IP address, browser type, timestamps) kept briefly for security and debugging.

How we use your data

We use the data above solely to:

  • Operate the service: schedule and publish your content to the platforms you connect, at your direction.
  • Notify you: sign-in links, failed-post alerts, disconnected-account alerts, billing notices, and replies to your support emails.
  • Bill you: manage your subscription through Stripe.
  • Keep the service working: debugging, security, and abuse prevention.

We do notsell or rent your personal data, use it for advertising, or use your content or data to train AI models. We don’t send marketing email unless you’ve asked for it.

Platform permissions (OAuth scopes) and why we request them

Unbusied only works because you grant it permission to act on your social accounts. On each platform we request the minimum scopes needed to (a) publish the content you schedule, (b) read basic profile information so the app can show what’s connected, and (c) read follower counts and post metrics for your analytics. Specifically:

  • Instagram & Facebook (Meta).Permission to publish content (including Reels and their cover images) to the Instagram professional accounts and Facebook Pages you choose, and to read those accounts’ basic details and follower counts.
  • Threads. Permission to publish posts to your Threads profile and read its basic details.
  • YouTube (Google). Permission to upload videos to your channel at your direction and to read basic channel details and subscriber counts. See the dedicated YouTube section below.
  • TikTok. Permission to post content to your TikTok account and to read basic profile information and follower statistics.
  • LinkedIn. Permission to post on your behalf and read your basic profile.
  • X.Permission to post on your behalf, including offline access so scheduled posts can publish while you’re away.

OAuth credentials are stored with strict access controls (they are never sent to your browser or to other users), encrypted at rest by our database provider, and deleted when you disconnect the account. You can revoke Unbusied’s access at any time, either by disconnecting the account inside Unbusied or from the platform’s own security settings. See data deletion for step-by-step instructions.

YouTube API Services

Unbusied uses YouTube API Services to upload the videos you schedule to your own YouTube channel and to read basic channel information and statistics. By connecting a YouTube account you agree to be bound by the YouTube Terms of Service. Google’s handling of your data is described in the Google Privacy Policy.

Beyond the OAuth credential and the channel details described above, we do not store YouTube user data. You can revoke Unbusied’s access to your Google account at any time via Google’s security settings. Revocation immediately invalidates our stored credential, and we delete it along with the connected account record.

Service providers (subprocessors)

We use a small set of infrastructure providers to run Unbusied. Each processes data only as needed to provide its function:

  • Supabase: database, authentication, and storage (your account, posts, connected-account records).
  • Cloudflare: application hosting, media storage (R2), video processing (Stream), image resizing, and the Turnstile bot check on our contact form.
  • Stripe: payment processing and subscription billing.
  • Mailgun: transactional email delivery (sign-in links, alerts, and contact-form messages).
  • Google Analytics: website analytics on the public marketing site only (see the cookies section). Never runs inside the app.
  • Post for Me (Postforme):publishing infrastructure partner. Some posts and their media currently pass through Post for Me’s API for delivery to the social platforms while we complete our migration to fully in-house publishing, after which this provider will be removed.

We’ll update this list if providers change. Unbusied is operated from the United States and your data is processed there.

How long we keep media (retention)

We deliberately keep as little of your media as the service needs. Our standing policy:

  • Posters, covers, and display-resolution images are kept indefinitely, because they're needed to render your post history inside the app.
  • Video files (your original upload and our normalized copy) are purged once every delivery for a post has succeeded, plus a grace period of about 7 days (about 30 days if a delivery failed, so retries remain possible).
  • Media for failed or canceled posts is kept about 30 days for retry/reschedule, then purged. Draft media lives as long as the draft.
  • A storage lifecycle rule automatically deletes original uploads after about 90 days as a backstop, even if an app-side deletion was missed.

In short: you keep your own originals, and we are not an archive. Non-media records (your posts’ text, delivery history, analytics snapshots) are kept while your account is active so your history renders, and deleted when you delete your account.

Deleting your data

When you disconnect a social account, we delete its stored credentials and account record. When you delete your Unbusied account, we hard-delete your rows from our database and purge your media from storage. This is real deletion, not a soft-delete flag. Full instructions, including how to revoke access from each platform’s side, are on the data deletion page. Deletion requests are honored within 30 days; limited billing records are retained where tax and accounting law requires.

Your rights

Wherever you live, we extend the same rights: you can request access to the personal data we hold about you, a copy of it (export), correction, or deletion. If you’re in the EU/UK, these correspond to your GDPR rights; if you’re in California, to your CCPA rights (and note: we don’t sell personal information, so there’s nothing to opt out of). Get in touch from your account address and we’ll handle it, with no forms and no runaround.

Cookies and analytics

The app at app.unbusied.com uses only essential cookies: the session cookies that keep you signed in. It runs no advertising trackers and no analytics.

The public marketing site (unbusied.com) uses Google Analytics 4 to understand which pages are useful and how visitors find us. Google Analytics sets cookies and processes usage data (pages visited, approximate location from a shortened IP address, device and browser type) on our behalf. It runs only on the marketing pages, never inside the app, and we never use it for advertising or sell what it collects. You can opt out for every site with Google’s browser add-on, and Google’s own handling is described in the Google Privacy Policy.

Our contact form is protected by Cloudflare Turnstile, a privacy-friendly bot check that verifies you’re human without tracking you across the web.

Security

All traffic is encrypted in transit (TLS) and data is encrypted at rest by our providers. Access to production data is restricted, and sensitive records like OAuth credentials carry additional service-level access controls so they are never exposed to browsers or other users. No system is perfectly secure, so if we ever learn of a breach affecting your data, we’ll notify you promptly.

Children

Unbusied is a business tool and is not directed at children. You must be at least 16 (and old enough to hold the social accounts you connect) to use it. We don’t knowingly collect data from children; if you believe a child has created an account, contact us and we’ll delete it.

Changes to this policy

If we make material changes, we’ll update the effective date above and notify active subscribers by email before the changes take effect.

Contact

MXVEN, LLC. Reach us through the contact formand you’ll get a reply from Jeff, the person who runs Unbusied.