400 free credits — no credit card required.Start building
Logo
Start for free
Legal

Privacy Policy

This Privacy Policy explains how SocialCrawl collects, uses, stores, and protects your personal information when you use our platform and services.

Effective Date: 9 April 2026 | Last Updated: 9 April 2026

1. Introduction

Welcome to SocialCrawl, a unified social media data API platform operated by Ridio Company ("we," "us," or "our"), registered in the United Kingdom at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our API services, or interact with our platform (collectively, the "Service"). It also describes your rights regarding your personal data and how to exercise them.

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

For questions about this Privacy Policy, contact us at hello@ridiocompany.com.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our Service, you may provide:

  • Account Information — Name, email address, and preferred language
  • Authentication Credentials — Password (stored as a secure hash), two-factor authentication settings, passkeys, and backup codes
  • API Keys — Keys you generate to access our API (we store only a cryptographic hash, not the full key)
  • Payment Information — Credit purchases are processed by Stripe. We store your Stripe customer ID and transaction records but never store your full card number or payment details on our servers
  • Communications — Information you provide when contacting our support team
  • Uploaded Documents — If you use our document analysis features, the files you upload and their contents
  • Chat Messages — If you use our AI assistant features, the messages you send and responses generated

2.2 Information Collected Automatically

When you access our Service, we automatically collect:

  • Device and Browser Information — Device type, operating system, browser type, and version
  • Network Information — IP address
  • Usage Data — Pages visited, features used, time spent on pages, and navigation patterns
  • API Usage Data — Endpoints called, platforms queried, resource types requested, query parameters, response times, HTTP status codes, cache utilisation, and credits consumed
  • Log Data — Server logs including timestamps, request methods, and response sizes

2.3 Information from Third-Party Authentication Providers

If you sign in using a third-party provider, we receive limited profile information from that provider:

| Provider | Information Received | | -------- | ------------------------------------ | | Google | Name, email address, profile picture | | GitHub | Name, email address, profile picture | | Apple | Name, email address | | LinkedIn | Name, email address, profile picture | | Kakao | Name, email address, profile picture | | Naver | Name, email address, profile picture |

We store encrypted OAuth tokens from these providers solely to maintain your authenticated session. We request only the minimum scopes necessary (typically name, email, and profile picture). Each provider's own privacy policy governs their handling of your data.

3. How We Use Your Information

3.1 Providing and Operating the Service

  • Creating and managing your account
  • Authenticating your identity and securing your sessions
  • Processing your API requests and routing them to appropriate data sources
  • Tracking your credit balance and processing credit purchases
  • Delivering API responses with normalised social media data

3.2 Improving the Service

  • Analysing usage patterns to identify features that need improvement
  • Monitoring API performance, response times, and cache efficiency
  • Understanding which platforms and endpoints are most used to prioritise development

3.3 Communication

  • Sending essential service emails: welcome messages, API key notifications, credit balance alerts, payment confirmations, and security notices
  • Sending optional emails: product updates and weekly usage reports (you can unsubscribe from non-essential emails at any time via the unsubscribe link in any email or through your account settings)
  • Responding to your support enquiries

3.4 Security and Fraud Prevention

  • Detecting and preventing unauthorised access, abuse, or fraud
  • Monitoring for suspicious API usage patterns
  • Maintaining platform integrity and security

3.5 Legal Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms and Conditions
  • Protecting our rights, privacy, safety, or property

4. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), we process your personal data on the following legal bases:

| Legal Basis | When We Rely on It | | ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | | Performance of a Contract | Account registration, processing API requests, credit transactions, and delivering the Service you signed up for | | Consent | Marketing communications, optional product update emails, and non-essential analytics cookies | | Legitimate Interests | Improving our Service, analysing usage patterns, preventing fraud, and ensuring platform security — balanced against your rights and freedoms | | Legal Obligation | Retaining transaction records for tax and accounting purposes, responding to lawful requests from authorities |

You may withdraw your consent at any time where we rely on it as our legal basis. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Data Sharing and Third Parties

We do not sell your personal data. We share information only with service providers who process data on our behalf, under our instructions, and subject to appropriate data processing agreements:

| Service Provider | Purpose | Data Shared | | -------------------- | --------------------------------------- | ------------------------------------------------------- | | Stripe | Payment processing | Email address, transaction amounts, customer ID | | Resend | Email delivery | Email address, email content | | PostHog | Product analytics | Pseudonymised user ID, page views, feature usage events | | Sentry | Error monitoring and diagnostics | Error details, user ID, request context | | AWS S3 | File storage for document analysis | Uploaded file contents | | Upstash (QStash) | Background task processing | Task metadata (user ID, task type) | | ScrapeCreators | Upstream data provider for API requests | API query parameters only (no personal user data) |

Legal Disclosures

We may disclose your information if required by law, or in good faith belief that disclosure is necessary to:

  • Comply with a legal obligation or lawful request from authorities
  • Protect and defend our rights or property
  • Prevent or investigate wrongdoing related to the Service
  • Protect the safety of our users or the public

6. International Data Transfers

Ridio Company is based in the United Kingdom. Your personal data may be transferred to, and processed in, countries outside the UK or the European Economic Area (EEA). Some of our service providers operate in the United States or other jurisdictions.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO and the European Commission
  • Adequacy decisions where the destination country provides adequate data protection
  • Other appropriate safeguards recognised under UK GDPR and EU GDPR

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

| Data Category | Retention Period | | ---------------------------------- | --------------------------------------------------------------------------------------------- | | Account Data | For as long as your account is active. Permanently deleted within 30 days of account deletion | | API Request Logs | 90 days, then aggregated and anonymised | | Credit Transaction Records | 7 years (UK tax and accounting obligations) | | Email Logs | 12 months | | Chat Messages and AI Data | Until you delete them, or upon account deletion | | Uploaded Documents | Until you delete them, or upon account deletion | | Session Data | Automatically expired; purged within 30 days of expiration | | Analytics Data (PostHog) | 12 months | | Error Monitoring Data (Sentry) | 90 days |

When your account is deleted, we cascade the deletion to all associated data, including sessions, API keys, credit records, email logs, chat messages, and uploaded documents.

8. Your Rights

Rights for All Users

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data (subject to legal retention obligations)
  • Data Portability — Request your data in a structured, commonly used, machine-readable format
  • Opt-Out of Marketing — Unsubscribe from non-essential emails at any time via the unsubscribe link in any email or your account email preferences

Additional Rights Under UK GDPR and EU GDPR

  • Restrict Processing — Request that we limit how we use your data in certain circumstances
  • Object to Processing — Object to processing based on legitimate interests
  • Withdraw Consent — Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint — File a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk

Additional Rights Under CCPA/CPRA (California Residents)

  • Right to Know — Request details about the categories and specific pieces of personal information collected
  • Right to Delete — Request deletion of your personal information
  • Right to Opt-Out of Sale — We do not sell your personal information
  • Non-Discrimination — We will not discriminate against you for exercising your privacy rights

Additional Rights Under Korea's Personal Information Protection Act (PIPA)

  • Access and Correction — Request access to and correction of your personal information
  • Suspension of Processing — Request suspension of processing
  • Deletion — Request deletion of your personal information
  • Right to Be Informed — Be notified about the collection, use, and sharing of your personal information
  • Consent Withdrawal — Withdraw consent for the collection and use of your personal information at any time
  • Right to Remedy — Seek remedies for damages caused by personal information infringement

How to Exercise Your Rights

Contact us at:

  • Email: hello@ridiocompany.com
  • Post: Oscar Lee (Chief Privacy Officer), Ridio Company, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

We will respond within 30 days (or within the timeframe required by applicable law). We may verify your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Service.

Essential Cookies

Required for the Service to function. These cannot be disabled without breaking core functionality.

| Cookie | Purpose | | ---------------------------------- | --------------------------------------------------------------- | | Session cookies (ridiostarter.*) | Maintain your authenticated session | | OAuth state cookies | Secure the authentication flow with third-party login providers |

Analytics Cookies

Help us understand how users interact with our Service. These are only set with your consent.

| Cookie | Purpose | Provider | | -------------------------------- | ---------------------------------- | -------- | | PostHog cookies (ph_*_posthog) | Track page views and feature usage | PostHog |

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to view, delete, block third-party cookies, or block all cookies. Blocking essential cookies may prevent you from using certain features of our Service.

For detailed information about the cookies we use, please refer to our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption — Data encrypted in transit (TLS/SSL) and at rest where applicable
  • Password Security — Passwords are salted and hashed; we never store plaintext passwords
  • API Key Security — Keys are cryptographically hashed before storage; the full key is shown only once at creation
  • OAuth Token Encryption — Third-party authentication tokens are encrypted in our database
  • Access Controls — Personal data access restricted to authorised personnel on a need-to-know basis
  • Two-Factor Authentication — Available via TOTP and passkeys for additional account security
  • Monitoring — Continuous monitoring for security threats and vulnerabilities

No method of transmission over the Internet or electronic storage is 100% secure. While we cannot guarantee absolute security, we are committed to promptly addressing any security incidents in accordance with applicable law.

11. Children's Privacy

Our Service is not directed at children under the age of 14. We do not knowingly collect personal data from children under 14. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@ridiocompany.com, and we will promptly delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email or through a prominent notice on our platform at least 30 days before changes take effect
  • Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Ridio Company Attn: Oscar Lee, Chief Privacy Officer 71-75 Shelton Street, Covent Garden London, WC2H 9JQ, United Kingdom

Email: hello@ridiocompany.com Phone: +44 20 4524 7944

For UK GDPR enquiries, you may also contact the Information Commissioner's Office (ICO) at ico.org.uk.

For enquiries under Korea's Personal Information Protection Act, you may contact the Personal Information Protection Commission (PIPC) at pipc.go.kr.