We are committed to safeguarding your personal information.
Effective date: 11 December 2025
Last updated: 11 December 2025
Controller / Platform owner: 3 Worx IT and Media Solutions (Pty) LTD
Platform: One Simple Social — https://onesimplesocial.com
Support / Data protection contact: support@3worxsolutions.com
Phone: +27-69-257-3045
This Privacy Policy explains how One Simple Social (“we”, “our”, “us”, “Platform”) collects, uses, discloses, retains and protects personal information when you visit or use the Platform and related services (web, mobile, API), how we meet key regulatory and platform-partner requirements (for example for Google and Meta/Facebook app review), and the choices and rights available to you. The Policy describes the data practices for all users globally and includes specific references to legal obligations and rights under the laws and standards that commonly apply to our customers and partners (for example the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/CPRA, South Africa’s POPIA, and U.S. children’s privacy rules such as COPPA). Where regional differences exist, we explain them in the relevant sections below.
We host this policy on our publicly accessible domain and link to it from our home page and any OAuth consent or app configuration pages to meet platform verification and app-review requirements.
This Policy applies to:
Visitors of https://onesimplesocial.com and related subpages;
Registered users and account holders (agents, businesses, agencies and their team members) using the One Simple Social SaaS dashboard;
API and OAuth clients and collaborators who access Platform functionality via integrations (for example Google, Facebook/Meta, X, Instagram or other social networks);
End clients and customers for whom Platform users manage social accounts.
It covers personal data (any information relating to an identified or identifiable person) and aggregated or de-identified information derived from personal data.
We collect personal information that is necessary to provide, improve, secure and support the Platform and your account. Categories include:
Name, username, business name, job title, email address, telephone number, billing and payment contact details and billing address.
Passwords (stored hashed), OAuth tokens and refresh tokens (encrypted), API keys and social network account tokens where users connect external social accounts to the Platform.
Organization details, social account handles, connected social profiles, profile images, website URLs and public bios.
Posts, captions, images, videos, scheduled times, RSS feed items, media files uploaded by you (or your clients), metadata and performance metrics for posts.
IP address, device identifiers, browser and operating system, connection metadata, logs (access times, pages visited, errors), cookies and remote identifiers, and analytics events.
Payment method tokenized details (we use third-party payment processors), invoices, VAT/TAX information and billing history.
Support emails, chat transcripts, user feedback, bug reports and optional survey responses.
Data imported from third-party services you connect (for example Google, Meta/Facebook, Instagram, Twitter/X, TikTok, YouTube), including the limited profile and permissioned data those services provide under each platform’s API/consent model.
We do not intentionally collect sensitive personal data (race, health, religious or political beliefs, biometric identifiers, sexual orientation) unless you explicitly submit it as content (for example in a post). If we ever require such data for a lawful, documented purpose, we will obtain explicit consent and document the lawful basis.
When GDPR applies (EU/EEA data subjects) we process personal data under one or more lawful bases:
Performance of contract: to provide the Platform, deliver services, billing and support.
Legal obligation: to comply with legal requests, tax or regulatory obligations.
Legitimate interests: for Platform security, fraud prevention, analytics, product improvement, and direct communications where such interests are not overridden by your rights. We document balancing tests for these uses.
Consent: when necessary (for example, optional marketing messages, newsletters, or when required by specific integrations). You may withdraw consent at any time where permitted.
Where other regional privacy laws apply (for example CCPA/CPRA or POPIA) we rely on similar permitted processing bases (contractual necessity, legal obligation, legitimate interests, consent) and implement the applicable consumer rights and safeguards described in this Policy.
We use personal information to:
Provide, operate, maintain and improve the Platform and services (including scheduling, publishing, analytics, team workflows, integrations and reports).
Authenticate accounts, authorize access, manage API and OAuth tokens.
Communicate with you (support, account notices, transactional emails, security alerts).
Process payments, billing, subscriptions and refunds.
Personalize your experience (recommended post times, content suggestions and template suggestions).
Conduct research, analytics and product development (aggregated and pseudonymized where possible).
Ensure Platform and information security, prevent abuse and fraud, and enforce terms of service.
Comply with legal obligations and respond to lawful requests from regulators, courts or law enforcement.
Provide integrations and automations (e.g., posting to social networks or importing analytics) according to the permissions you grant to the Platform.
Meet partner/platform verification requirements (for example enabling OAuth consent screens for Google and app review requirements for Meta/Facebook). We maintain public documentation, privacy pages and demonstration flows to satisfy those verification processes.
We use third-party service providers to operate the Platform (hosting, storage, payments, email, analytics, monitoring, CDN, security scanning). We enter written agreements (Data Processing Agreements or equivalent) requiring subprocessors to implement appropriate technical and organizational measures.
Examples of processor categories: cloud hosting providers, object storage, payment processors (tokenized), email delivery, analytics vendors and customer support tools.
When you connect social accounts (Google, Meta/Facebook, Instagram, X/Twitter, TikTok, YouTube, LinkedIn etc.), we receive the profile and permissioned data those networks allow under their APIs. That data is used to provide posting, scheduling and analytics according to the permissions you grant and the OAuth scopes you approve.
We may disclose personal information to comply with law, respond to lawful requests, defend legal claims, protect rights or safety, and to enforce policies. Where possible and permitted, we will notify account holders of compelled disclosures.
If we are involved in a merger, acquisition, sale of assets or other change of control, personal information may be transferred as part of that transaction. We will require the acquirer to honor this Policy.
One Simple Social is operated globally and stores and processes information in jurisdictions where we and our subprocessors operate. When personal information is transferred internationally (for example, from the EU to servers outside the EEA) we rely on lawful mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions where applicable, or other permitted transfers and will implement appropriate safeguards and technical controls.
We and our service providers use cookies, local storage and similar technologies for authentication, session management, preferences, analytics and marketing. You will be offered clear choices about cookies and tracking where required by regional law. Cookie/control options include blocking non-essential cookies and opting out of targeted advertising where applicable.
We retain personal information for as long as necessary to provide the Platform, for legitimate business purposes (fraud prevention, analytics, legal compliance), or as required by law. Retention periods differ by data category and are documented internally. When data is no longer required we delete it or render it irreversibly anonymous.
You may request account deletion; upon verified request we will delete your personal data from active systems within a reasonable period and notify you, subject to exceptions (legal holds, transactional record-keeping for tax or regulatory reasons). Backups may retain information for a limited additional period; such data is removed according to our backup retention schedule.
Depending on your jurisdiction, you have rights regarding your personal data. Examples include:
Access: request a copy of personal data we hold about you.
Rectification: correct inaccurate or incomplete data.
Deletion: request deletion of personal data (“right to be forgotten”), subject to legal exceptions.
Portability: request your data in a structured, machine-readable format.
Restrict processing: ask us to limit the processing of your data.
Object: object to processing based on legitimate interests.
Consent withdrawal: withdraw consent where processing relies on consent.
Opt-out of sale/sharing (California): the right to opt out of sale or sharing of personal information where applicable.
Lodge complaints with supervisory authorities: EU residents may lodge complaints with their local Data Protection Authority; South African data subjects may contact the Information Regulator (SA).
How to exercise your rights: contact us at support@3worxsolutions.com or call +27-69-257-3045. We will verify your identity and process requests in accordance with applicable law. We do not charge a fee for making requests unless allowed by law for excessive or manifestly unfounded requests.
Our Platform is intended for business and agency use, not for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information of a child under 13, we will promptly delete it unless we have parental consent as required by law.
If your organization’s use of the Platform targets minors or you collect data from children, you must ensure you have the lawful basis or parental consents necessary and you must notify us so we can apply appropriate safeguards. COPPA and similar regional laws impose strict parental notice and consent requirements for children under 13. If your operation involves children, we will work with you and document the legal basis.
We implement industry-standard technical and organizational measures to protect personal data, including:
Strong encryption in transit (TLS) and at rest for sensitive data (where appropriate).
Secure storage and tokenization of payment information via third-party PCI-compliant processors.
Regular vulnerability scanning, patching, secure development lifecycle practices and periodic third-party security assessments.
Access controls, role-based access, audit logging and least-privilege administrative practices.
Incident response plan and breach notification procedures.
Although we implement strong security practices, no system is completely secure. In the unlikely event of a data breach that creates a risk to your rights and freedoms, we will notify affected individuals and regulators as required by applicable law.
We use automated tools for features such as content suggestions, scheduling recommendations, and other productivity features. These tools use models to analyze content, post performance and engagement signals to suggest optimal times and copy. We aim to be transparent about the use of automated decisions:
You may request an explanation of significant automated decisions about you and challenge the results where required by law.
We do not currently rely solely on automated decisions that produce legal or similarly significant effects without human review.
Where we use third-party AI or ML services, we document the vendor and processing activities in a data processing register and ensure contracts require appropriate safeguards.
To support integrations, OAuth flows and app reviews required by platform partners (for example Google OAuth verification and Meta/Facebook App Review), we adhere to the verification requirements these platforms publish:
Our homepage and privacy policy are hosted on the verified domain for the app and are linked from the OAuth consent screen and app configuration pages. We provide clear functionality descriptions and live demonstration or screencast material when required by the app review processes. (Google Help)
We limit requested OAuth scopes to the minimum necessary, document the use of each scope within our privacy policy and in the app verification materials, and ensure tokens are securely managed and revocable. (Google for Developers)
If you are a California resident, you have the right to opt out of the sale or sharing of your personal information as defined under California law. One Simple Social does not sell personal information for third-party advertising; however, if we engage in activities that constitute “sale” or “sharing” under applicable law, we will make a clear and conspicuous “Do Not Sell or Share My Personal Information” link available on our site and honor opt-out requests. We will also honor verifiable consumer requests to know, delete and correct personal information as required by California law. (oag.ca.gov)
As an organization operating from South Africa, we comply with the Protection of Personal Information Act (POPIA). We follow POPIA’s conditions for lawful processing, including accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation. You may contact our Information Officer via support@3worxsolutions.com for POPIA-related requests. (POPIA)
You can opt out of promotional communications at any time by using the unsubscribe link in marketing emails or by contacting support@3worxsolutions.com. Transactional messages (service announcements, security alerts, billing notices) are necessary to operate the Platform and cannot be opted out of.
In case of a data breach affecting personal information, we will follow our incident response procedures and, where required by law, notify affected individuals and relevant regulators promptly and in accordance with applicable timeframes.
Our Platform may include links to third-party websites, widgets and applications. This Policy does not cover third parties’ privacy and data practices. We encourage you to read the privacy notices of any third party you interact with.
We may update this Policy to reflect changes in legal or platform partner requirements, product features, or data practices. When we make material changes, we will post a prominent notice on our Platform and update the “Last updated” date. Continued use after the change constitutes acceptance of the updated Policy.
For questions about this Policy or our privacy practices, to exercise your rights or to lodge a complaint, contact:
Email: support@3worxsolutions.com
Phone: +27-69-257-3045
Controller: 3 Worx IT and Media Solutions (Pty) LTD
If you are located in the EU/EEA and believe we have not resolved your complaint satisfactorily, you may also lodge a complaint with your local Data Protection Authority. South African data subjects may contact the Information Regulator (South Africa).
To support app verification and platform review processes (for example Google OAuth and Meta/Facebook App Review) we confirm:
Our privacy policy is hosted at https://onesimplesocial.com/privacy (or equivalent) and is accessible from the homepage and the OAuth consent screen. The privacy policy aligned with our app description and home page will be identical and reachable from any domain used in the OAuth consent. (Google Help)
We provide sample accounts, screencasts or test users for app reviewers upon request; demo data is scrubbed of real personal information and indicated as test/demo. (Facebook for Developers)
OAuth scopes requested are justified in the OAuth consent form and the privacy policy; tokens are stored securely and can be revoked by users. (Google for Developers)
Encryption: TLS for data in transit; AES-class encryption for credentials and sensitive fields at rest where required.
Auth & tokens: Passwords hashed (bcrypt or equivalent); OAuth tokens stored encrypted and rotated when requested.
Backups: Encrypted backups retained under a defined retention policy; backups are periodically tested for restore.
Logging & monitoring: Access logs, alerting and anomaly detection for unusual access patterns.
Pen testing: Regular internal and third-party security assessments.
Vendor controls: Written DPA with subprocessors; minimum contractual security obligations.
By using One Simple Social and its services, you acknowledge that you have read this Privacy Policy and agree to its terms. If you do not agree, do not use the Platform and contact support@3worxsolutions.com to request account closure and data deletion.
If you would like, I can:
Produce a short privacy notice for the OAuth consent screen (plain concise summary for Google/Meta review).
Produce a POPIA-specific privacy statement to include in onboarding for South African customers.
Produce a cookie banner text and cookie policy that meets regional consent rules.
Would you like me to generate any of those documents now?
The easiest way to manage all my social channels in one place. It saves me hours every week!
© 2025, All Rights Reserved
