Batchrow
← Back to batchrow.com

Privacy Policy

Effective date: July 16, 2026
Last updated: July 16, 2026

This Privacy Policy explains how Honour Media LLC ("we", "us", "our", or "Batchrow") collects, uses, discloses, and protects personal information when you use the Batchrow social-media scheduling and publishing service (the "Service"). Batchrow lets you connect your third-party social-media accounts via OAuth and schedule and publish content to those platforms.

This Privacy Policy is the single, authoritative source of truth for how Batchrow handles personal data. Where the companion Terms of Service — Batchrow reference data handling, retention, deletion, or sub-processors, they defer to this Privacy Policy; if there is any apparent conflict, this Privacy Policy governs on data-handling matters.


1. Who we are (data controller)

The controller responsible for your personal information is:

If you are in the EU/EEA or the UK, see Section 9 for information about our EU/UK representative and lawful bases. If you are a California resident, see Section 10.


2. What personal information we collect and why

We collect the following categories of personal information. We collect it to create and operate your account, to connect your social accounts, to schedule and publish the content you direct us to, to bill you, to keep the Service secure, and to comply with legal obligations.

CategoryExamplesWhy we collect it (purpose)
Account informationName, email address, password (stored hashed, never in plain text), account role, workspace membershipTo create and authenticate your account and manage access.
Connected-platform credentials (OAuth tokens)Access tokens and refresh tokens for the social platforms you connect (e.g. Meta/Instagram, TikTok, Google/YouTube), plus the connected account's identifier and basic profile info returned by the platformTo publish and schedule content to the accounts you authorize, on your instruction. These are encrypted at rest — see Section 4.
Content you providePost text/captions, hashtags, uploaded media (images and any other media), scheduling metadataTo store, process, and transmit your content to the platforms you direct, and to show it to you inside the Service.
Billing informationSubscription plan, billing status, invoices, and a payment-processor customer identifierTo bill you and manage your subscription. Card/payment details are handled by our payment processor (Stripe), not stored by us. See Section 6.
Usage and technical dataServer log data and an application audit trail (actions taken in the app), and associated timestampsTo operate, secure, debug, and improve the Service, and to keep an audit trail.

We do not knowingly collect special-category / sensitive data. We do not ask for and do not intend to process special categories of personal data under GDPR (e.g. health, race, political opinions) or "sensitive personal information" under the CPRA, except to the extent you voluntarily include such information in the content you choose to publish.

Children

The Service is not directed to children and is intended for users aged 13 and over. We do not knowingly collect personal information from children.


3. How we use your personal information

We use personal information to:

We do not sell your personal information for money, and we do not use third-party advertising or analytics trackers (see Sections 5–6). See Section 10 for how the CPRA's specific definitions of "sale" and "share" apply.


4. Connected social accounts and OAuth tokens

When you connect a social account, you authorize Batchrow through the platform's OAuth flow. The platform gives us access and refresh tokens scoped to the permissions you grant (for example, permission to publish content on your behalf). We use these tokens only to perform the actions you direct — scheduling and publishing content to the connected account — and to maintain the connection.

Your use of each connected platform is also governed by that platform's own terms and privacy policy. Batchrow is not responsible for how Meta, TikTok, Google/YouTube, or any other connected platform processes data on their side.


5. Cookies and tracking

We use only the cookies and similar technologies necessary to operate the Service.

Because we set no non-essential cookies or trackers, we do not currently operate a cookie-consent banner. If we ever add any non-essential tracker, we will update this section and, where required (notably in the EU/EEA/UK under the ePrivacy regime), obtain your prior consent before it fires, via a consent mechanism you can withdraw as easily as you gave it.


6. Sub-processors and third parties we share data with

We share personal information with the following categories of service providers ("sub-processors") strictly to operate the Service. We do not sell your personal information for money. This list is the canonical sub-processor disclosure for Batchrow; the Terms of Service defer to it.

CategoryWhat they doWhat they receive
PaymentsPayment processing and subscription billing (Stripe)Billing/account identifiers and payment details you provide at checkout. Stripe processes your card data directly; we do not store full card numbers.
Hosting / infrastructureCloud application hosting and database (Railway)All Service data is hosted on this infrastructure, so this provider processes account data, content, encrypted tokens, and logs as part of hosting.
Email deliveryTransactional email (e.g. account and security notices) via ResendYour email address and the contents of the transactional messages we send you.
Connected platform APIsThe social platforms you connect and publish to (e.g. Meta/Instagram, TikTok, Google/YouTube)The content and metadata you direct us to publish, plus the OAuth authorization you grant. Data sent to these platforms is governed by their own policies.

We do not use a third-party analytics or advertising sub-processor.

We may also disclose personal information: (a) to comply with law, legal process, or a lawful request; (b) to protect the rights, safety, and property of Batchrow, our users, or the public; and (c) in connection with a merger, acquisition, or sale of assets, in which case we will notify you and this Privacy Policy will continue to govern your information or you will be notified of any change.


7. Data retention and deletion

We keep personal information only for as long as we need it for the purposes described in this Policy, or as required by law. When your data is no longer needed — for example, after you close your account or after a verified deletion request — we destroy or minimize it as described below.

What our erasure routine does

Batchrow has a real, deployed erasure routine for connected-platform data. When it runs, it separates data we destroy from data we retain, and it never labels retained data as anonymized:

Retention periods

We retain personal information for as long as your account is active, and for a limited period afterward to meet our legal, tax, accounting, and security obligations. Billing and tax records in particular may be retained after account closure to satisfy statutory record-keeping requirements, even where you have otherwise requested deletion.

Deletion process and our deletion commitment

You (or, where applicable, your platform on your behalf) can request deletion of your personal information. When we receive and verify a deletion request, we will delete or irreversibly minimize the covered personal information from our active production systems, and purge it from backups on the next backup rotation, within thirty (30) days of a verified request — except for the limited records we are legally required or permitted to retain (such as billing/tax records and the minimized audit/publishing records described above), which we will delete at the end of their retention period.

This ≤30-day deletion commitment is backed by a real, deployed erasure routine and is compatible with automated platform data-deletion callbacks, including Meta's data-deletion callback. A request received through a connected platform's data-deletion callback is treated as a verified deletion request and is honored on the same ≤30-day timeline.


8. How we protect your information

We use administrative, technical, and organizational measures designed to protect personal information, including AES-256-GCM encryption of OAuth tokens at rest (see Section 4), hashed password storage, and access controls limiting who and what can read sensitive data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.


9. Your rights in the EU / EEA / UK (GDPR / UK GDPR)

If you are in the EU, EEA, or UK, the General Data Protection Regulation (GDPR) (and UK GDPR) gives you the following rights. These are distinct from the California rights in Section 10; the two regimes are not interchangeable.

You have the right to:

To exercise these rights, contact hello@batchrow.com. We will respond within one (1) month as required by the GDPR (extendable by two further months for complex requests, with notice). See Section 11 for how requests are verified and handled.

Lawful bases for processing (GDPR Art. 6)

We process your personal data on these lawful bases:

International data transfers

Batchrow is operated from the United States, and our hosting and sub-processors may process your data in the United States or other countries outside the EEA/UK. Where we transfer personal data out of the EEA or UK, we rely on an appropriate transfer mechanism.

EU / UK representative


10. Your rights in California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) gives you specific rights. These are distinct from the GDPR rights in Section 9.

You have the right to:

"Do Not Sell or Share My Personal Information"

We do not sell your personal information for money, and we do not use third-party advertising or analytics trackers (see Sections 5–6). On that basis we believe we have no "sale" or "share" to disclose, and we do not currently provide a "Do Not Sell or Share My Personal Information" link.

To exercise your California rights, contact hello@batchrow.com. We will confirm receipt within ten (10) business days and respond within forty-five (45) days (extendable by another 45 days with notice), as required by the CPRA. You may use an authorized agent to submit a request. See Section 11 for verification.


11. How to exercise your rights (data-subject / consumer requests)

To make an access, deletion, correction, portability, or opt-out request, contact us at hello@batchrow.com.

How we handle a request:

If we cannot fully honor a request (for example, because a legal-retention obligation applies to certain records), we will tell you which parts we acted on, which we retained, and the legal ground for retaining them.


12. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where required, notify you. Your continued use of the Service after an update means you accept the revised Policy, to the extent permitted by law.

13. Contact us

Questions about this Policy or our data practices, or to exercise your rights: