This Privacy Policy explains how Honour Media LLC ("we", "us", "our", or "Batchrow") collects, uses, discloses, and protects personal information when you use the Batchrow social-media scheduling and publishing service (the "Service"). Batchrow lets you connect your third-party social-media accounts via OAuth and schedule and publish content to those platforms.
This Privacy Policy is the single, authoritative source of truth for how Batchrow handles personal data. Where the companion Terms of Service — Batchrow reference data handling, retention, deletion, or sub-processors, they defer to this Privacy Policy; if there is any apparent conflict, this Privacy Policy governs on data-handling matters.
The controller responsible for your personal information is:
If you are in the EU/EEA or the UK, see Section 9 for information about our EU/UK representative and lawful bases. If you are a California resident, see Section 10.
We collect the following categories of personal information. We collect it to create and operate your account, to connect your social accounts, to schedule and publish the content you direct us to, to bill you, to keep the Service secure, and to comply with legal obligations.
| Category | Examples | Why we collect it (purpose) |
|---|---|---|
| Account information | Name, email address, password (stored hashed, never in plain text), account role, workspace membership | To create and authenticate your account and manage access. |
| Connected-platform credentials (OAuth tokens) | Access tokens and refresh tokens for the social platforms you connect (e.g. Meta/Instagram, TikTok, Google/YouTube), plus the connected account's identifier and basic profile info returned by the platform | To publish and schedule content to the accounts you authorize, on your instruction. These are encrypted at rest — see Section 4. |
| Content you provide | Post text/captions, hashtags, uploaded media (images and any other media), scheduling metadata | To store, process, and transmit your content to the platforms you direct, and to show it to you inside the Service. |
| Billing information | Subscription plan, billing status, invoices, and a payment-processor customer identifier | To bill you and manage your subscription. Card/payment details are handled by our payment processor (Stripe), not stored by us. See Section 6. |
| Usage and technical data | Server log data and an application audit trail (actions taken in the app), and associated timestamps | To operate, secure, debug, and improve the Service, and to keep an audit trail. |
We do not knowingly collect special-category / sensitive data. We do not ask for and do not intend to process special categories of personal data under GDPR (e.g. health, race, political opinions) or "sensitive personal information" under the CPRA, except to the extent you voluntarily include such information in the content you choose to publish.
The Service is not directed to children and is intended for users aged 13 and over. We do not knowingly collect personal information from children.
We use personal information to:
We do not sell your personal information for money, and we do not use third-party advertising or analytics trackers (see Sections 5–6). See Section 10 for how the CPRA's specific definitions of "sale" and "share" apply.
When you connect a social account, you authorize Batchrow through the platform's OAuth flow. The platform gives us access and refresh tokens scoped to the permissions you grant (for example, permission to publish content on your behalf). We use these tokens only to perform the actions you direct — scheduling and publishing content to the connected account — and to maintain the connection.
Your use of each connected platform is also governed by that platform's own terms and privacy policy. Batchrow is not responsible for how Meta, TikTok, Google/YouTube, or any other connected platform processes data on their side.
We use only the cookies and similar technologies necessary to operate the Service.
Because we set no non-essential cookies or trackers, we do not currently operate a cookie-consent banner. If we ever add any non-essential tracker, we will update this section and, where required (notably in the EU/EEA/UK under the ePrivacy regime), obtain your prior consent before it fires, via a consent mechanism you can withdraw as easily as you gave it.
We share personal information with the following categories of service providers ("sub-processors") strictly to operate the Service. We do not sell your personal information for money. This list is the canonical sub-processor disclosure for Batchrow; the Terms of Service defer to it.
| Category | What they do | What they receive |
|---|---|---|
| Payments | Payment processing and subscription billing (Stripe) | Billing/account identifiers and payment details you provide at checkout. Stripe processes your card data directly; we do not store full card numbers. |
| Hosting / infrastructure | Cloud application hosting and database (Railway) | All Service data is hosted on this infrastructure, so this provider processes account data, content, encrypted tokens, and logs as part of hosting. |
| Email delivery | Transactional email (e.g. account and security notices) via Resend | Your email address and the contents of the transactional messages we send you. |
| Connected platform APIs | The social platforms you connect and publish to (e.g. Meta/Instagram, TikTok, Google/YouTube) | The content and metadata you direct us to publish, plus the OAuth authorization you grant. Data sent to these platforms is governed by their own policies. |
We do not use a third-party analytics or advertising sub-processor.
We may also disclose personal information: (a) to comply with law, legal process, or a lawful request; (b) to protect the rights, safety, and property of Batchrow, our users, or the public; and (c) in connection with a merger, acquisition, or sale of assets, in which case we will notify you and this Privacy Policy will continue to govern your information or you will be notified of any change.
We keep personal information only for as long as we need it for the purposes described in this Policy, or as required by law. When your data is no longer needed — for example, after you close your account or after a verified deletion request — we destroy or minimize it as described below.
Batchrow has a real, deployed erasure routine for connected-platform data. When it runs, it separates data we destroy from data we retain, and it never labels retained data as anonymized:
We retain personal information for as long as your account is active, and for a limited period afterward to meet our legal, tax, accounting, and security obligations. Billing and tax records in particular may be retained after account closure to satisfy statutory record-keeping requirements, even where you have otherwise requested deletion.
You (or, where applicable, your platform on your behalf) can request deletion of your personal information. When we receive and verify a deletion request, we will delete or irreversibly minimize the covered personal information from our active production systems, and purge it from backups on the next backup rotation, within thirty (30) days of a verified request — except for the limited records we are legally required or permitted to retain (such as billing/tax records and the minimized audit/publishing records described above), which we will delete at the end of their retention period.
This ≤30-day deletion commitment is backed by a real, deployed erasure routine and is compatible with automated platform data-deletion callbacks, including Meta's data-deletion callback. A request received through a connected platform's data-deletion callback is treated as a verified deletion request and is honored on the same ≤30-day timeline.
We use administrative, technical, and organizational measures designed to protect personal information, including AES-256-GCM encryption of OAuth tokens at rest (see Section 4), hashed password storage, and access controls limiting who and what can read sensitive data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If you are in the EU, EEA, or UK, the General Data Protection Regulation (GDPR) (and UK GDPR) gives you the following rights. These are distinct from the California rights in Section 10; the two regimes are not interchangeable.
You have the right to:
To exercise these rights, contact hello@batchrow.com. We will respond within one (1) month as required by the GDPR (extendable by two further months for complex requests, with notice). See Section 11 for how requests are verified and handled.
We process your personal data on these lawful bases:
Batchrow is operated from the United States, and our hosting and sub-processors may process your data in the United States or other countries outside the EEA/UK. Where we transfer personal data out of the EEA or UK, we rely on an appropriate transfer mechanism.
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) gives you specific rights. These are distinct from the GDPR rights in Section 9.
You have the right to:
We do not sell your personal information for money, and we do not use third-party advertising or analytics trackers (see Sections 5–6). On that basis we believe we have no "sale" or "share" to disclose, and we do not currently provide a "Do Not Sell or Share My Personal Information" link.
To exercise your California rights, contact hello@batchrow.com. We will confirm receipt within ten (10) business days and respond within forty-five (45) days (extendable by another 45 days with notice), as required by the CPRA. You may use an authorized agent to submit a request. See Section 11 for verification.
To make an access, deletion, correction, portability, or opt-out request, contact us at hello@batchrow.com.
How we handle a request:
If we cannot fully honor a request (for example, because a legal-retention obligation applies to certain records), we will tell you which parts we acted on, which we retained, and the legal ground for retaining them.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where required, notify you. Your continued use of the Service after an update means you accept the revised Policy, to the extent permitted by law.
Questions about this Policy or our data practices, or to exercise your rights: