Social Scheduler – Privacy Policy

Updated: 16/05/2018 for GDPR
Created: 17/10/2014
We keep our privacy policy under review; any changes to our privacy notice will be placed on this website.

Privacy Statement

We are committed to protecting your privacy. We will not sell, share, or rent your personal information to any third party, or use your e-mail address for unsolicited email. Any mails sent will be transactional or through opting in with our Mailchimp newsletters.

This policy applies to all users of our Social Scheduler website ( and services.

Any identified offences and unauthorized actions against Devology’s computer systems and data will be investigated and passed onto local authorities to prosecute/or to take civil proceedings to recover damages against those responsible.

Should you have any questions, comments or requests about the information that we collect from you, or the way in which we will use such information please contact or if your enquiry is Social Scheduler related


  • A. “Non-Personal Information” is information that is in no way personally identifiable and that is obtained automatically through your simple use of the website with a web browser or the Service.
  • B. “Personally Identifiable Information” is non-public information that is personally identifiable and obtained in connection with providing a product or service to You. It may include information such as name and address.

Social Scheduler is a tool developed by Devology that enables you to schedule social media posts to Facebook, Twitter, LinkedIn, Instagram and Pinterest. This section explains the specific details regarding privacy in context to Social Scheduler and is additive to those mentioned in the context of Devology.

Information We Hold

The lawful basis for data processing are set out in Article 6 of the GDPR: Lawful Basis For Data Processing. At least one of these must apply whenever you process personal data:

  • (a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • (b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • (c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • (d) Vital interests: the processing is necessary to protect someone’s life.
  • (e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • (f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

Only those highlighted (Consent, Legal, Legitimate Interest) are relevant to Social Scheduler, we now enumerate over the types of data that we store and categorise how we process the data.

  • Your profile – Consent Most of these are captured during registration, when you change your subscription level or use the complementary mobile app to send you push notifications when a message is due. In each case we do not collect the data without your consent
    1. Email address – Used to log you in (authentication) and send transactional emails, please see the ’email’ section below.
    2. First name, last name – When creating an account you can optionally complete your name to display in the web portal and for any email notifications that we send you, please see the ’email’ section below.
    3. Password *1 – To protect your account
    4. Plan / subscription To record which payment plan you are on
    5. iOS / Android push notification tokens – To deliver push notifications to your mobile device if you have chosen to use the Instagram support
  • Scheduled messages – Consent – Before you can schedule any social media messages, you provide consent to add your social media account(s) to Social Scheduler, you then choose to add scheduled messages using text, links, images, etc, in each case you consent to us holding this information.
    1. Social Media account details (*3) – When you add a social media account to Social Scheduler we need to keep track of the account name and special ‘oAuth tokens’ so that we can automatically send scheduled messages in the future. You can remove the account manually within Social Scheduler, or review the access given in each social platform.
    2. Scheduled Messages – the dates, times, text messages, photos and a selection of which accounts to post to
    3. Images – If you upload images as part of your scheduled social media post then we store a copy of these, even after a successful post. This is so that you can clone/copy the message to be re-sent another time
  • EU VAT Evidence – Legal obligation – For Business-to-Business transactions within the EU we must capture evidence of your geographic location for legal reasons
    1. IP address – only when first registered
    2. Geolocation details – using the original IP address we perform a reverse IP lookup to determine the country of origin
    3. Card holders address – once you add card details your address including country is stored and compared to the Geolocation address
  • Financial (Stripe)Legal obligation – the processing is necessary for us to comply with UK accountancy laws
    1. Card payment details Your card details used to pay for your subscription *2
    2. Payment status – Whether your payment card details remain valid
    3. Transaction Summary – Whilst Stripe holds your financial details we receive a ‘web-hook’ that contains a carbon copy of payment transactions (e.g receipts, refunds, etc), a copy of the details is held so that we can easily review payments made and monitor trends.
    4. Any discount coupon So we can apply any discount to your plan
  • Account statusLegitimate interest – to keep track of your account status
    1. Registration State – We need to track whether your account is fully registered
    2. Key dates (when registered, verified) – To verify when your account was registered and verified
    3. Tokens for email verification and password reset – To deliver password reset links to you in email securely, to protect your account from hackers trying to reset your password without your knowledge.
    4. Permissions – We keep track of who is allowed access each social media account that you add to Social Scheduler
  • MarketingLegitimate interest – to improve our product and to re-target visitors of our site
    1. Referral / affiliate details If you signed up through a third party that has an affiliate deal with us then we record the fact your account was created through them.
    2. Marketing source – where you heard about us from when you registered (UTM parameters)
    3. Marketing tracking – we may use tracking from time to time and you agree to these terms when you sign up.
    4. Mini survey results – When creating an account you can optionally complete a mini survey that could influence future devolopment of Social Scheduler.


By using any of the Services, or submitting or collecting any Personal Information via the Services, you consent to the collection, transfer, storage disclosure, and use of your Personal Information in the manner set out in this Privacy Policy. If you do not consent to the use of your Personal Information in these ways, please stop using the Services.

How We Store Personal Data

All data controlled by Social Scheduler is held within the EU on secure platforms. We use data encryption for password credentials only. Your card details are processed by Stripe using PCI-level 1 security standards.

How We Use Personal Data

Our priority is to keep your data private and your communications free from spam.

We aim to never share your data without your consent except for those scenarios identified in ‘when we may share personal information’. We do not share any personal data with anyone outside of Devology Ltd. That being said, it’s important that you understand that once a scheduled message is due, we will send the message to your selected social media accounts on your behalf. If you do not wish this to happen, then you should delete your Social Scheduler account immediately; this is the entire purpose of Social Scheduler.

We use data for the following purposes:

  • to identify you when you login to your account
  • to enable us to operate the Services and provide them to you
  • to verify your transactions and for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed Third-Party Apps)
  • to analyze the Website or the other Services and information about our visitors and users, including research into our user demographics and user behaviour in order to improve our content and Services
  • to contact you about your account and provide customer service support, including responding to your comments and questions
  • to share aggregate (non-identifiable) statistics about users of the Services to prospective advertisers and partners
  • to keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us
  • to sell or market Social Scheduler products and services to you
  • to better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, improve the features and usability of the Services, and better understand and market to our customers and users
  • to keep the Services safe and secure

When we may share Personal Information

Except as provided in this Privacy Policy, we do not divulge any Personal Information gathered via the Services (including Customer Content) to third parties. Notwithstanding anything in the Privacy Policy to the contrary, we may share any information we have collected about you or Customer Content:

  • when you consent to the disclosure of such information to a third party when connecting to a third-party service that asks you if you consent to such sharing;
  • where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands;
  • if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person;
  • if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Website infrastructure or the Services generally);
  • to a parent company, subsidiaries, joint ventures, or other companies under common control with Devology;
  • if we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this Privacy Policy or inform you that you are covered by a new privacy policy); and
  • if this information is not private, is aggregated or is otherwise non-Personal Information, such as your public user profile information and related public data (such as Tweets, likes, etc.) or the number of users who clicked on a particular link (even if only one did so).

Subject to obligations consistent with this Privacy Policy, we may also disclose information to our affiliates, agents, contractors, and service providers in order to facilitate the functioning of the Services or to perform tasks that are integral to the Services, such as processing transactions, fulfilling requests for information, or providing support services or other tasks, from time to time. Information may also be transferred from Devology to the third parties in control of the Supported Platforms, but only to the extent required in order for the Services to function properly.

Data Retention

We will retain all data for a minimum of 6 years, or until you delete your account.

Data Deletion

If you want to us delete your personal data please login, then click on ‘More Options’ then ‘Change Subscription…’ then ‘Delete my Social Scheduler account’.

Subject Access Requests

You can request to know what data we hold about you. To do this, simply send an email request to: with the details you’d like to know. We will aim to respond to all data requests within 28-days. Please note: we will charge for requests or refuse to honour any requests which are manifestly unfounded or excessive.

Data Breaches

We take privacy and data protection very seriously. We have many protections in place already however we will not be immune to every type of malicious attack, hacking attempt or human error. As a paid member of the Information Commissioners Office (ICO) we are obliged to report data breaches to the ICO and to any individuals where it is likely to result in a risk to the rights and freedoms of those individuals. If we discover a data breach, we will assess the impact and follow ICO and GDPR guidelines on reporting and investigating data breaches. We will attempt to notify any affected individuals (where required and possible) and inform them of the impact should we be required to do so.

International Responsibilities

Devology Ltd is a UK company and stores all data inside the EU. We do not store, process or control any data outside of the EU and therefore all GDPR regulations regarding international operations are not applicable to Social Scheduler at this time.


You will be sent transactional emails, here are some examples

  • Registration email
  • Verification email
  • Status updates (e.g. if a scheduled message fails to send)
  • Account inactivity (that may lead to termination)


*1 – Passwords are encrypted

*2 – No card payment details are stored on our servers, instead we delegate through to Stripe, who has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. All card numbers are encrypted on disk with AES-256. Full information about Stripe security is available from

*3 – Social media platforms enable us to authenticate using OAuth, this means we never know your password and are instead given a token to use to post messages on your behalf. You can revoke these tokens at any time from each social platform, or delete your account with us.

*4 – We use Stripe for all payment transactions (see *2), in addition we receive a copy of payment transactions and general events that we store on our server to review cards that have failed to be charged and general analytics.