Sarvavidhi

Privacy Policy

Effective Date: January 1, 2025  ·  Last updated: May 2026

1. Introduction

Welcome to Sarvavidhi ("we", "our", or "us"), a B2B social media management platform available at sarvavidhi.com. We provide digital marketing agencies and their clients with tools to schedule and publish social media posts, manage client workspaces, run AI-assisted content plans, and send automated messaging campaigns.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding that data. By using Sarvavidhi, you agree to the practices described in this policy.

2. Who This Policy Applies To

This policy applies to:

  • Agency owners and team members who create accounts and use the Sarvavidhi dashboard.
  • Client contacts whose workspace information is managed within the platform by their agency.
  • End users who interact with social media content published via Sarvavidhi on platforms such as Facebook, Instagram, Twitter/X, or LinkedIn.

Sarvavidhi is a business tool. We do not knowingly collect data from individuals under 18 years of age.

3. Data We Collect

3.1 Account & Identity Data

  • Full name
  • Email address
  • Profile picture (retrieved via Google OAuth on sign-in)
  • Password hash (for email/password accounts, stored using bcrypt)

3.2 Social Media OAuth Tokens

When you connect a social media account, we store OAuth access tokens and associated metadata (page IDs, account IDs, token expiry) to publish content on your behalf. Specifically:

  • Facebook / Instagram: Page access tokens, Page IDs, Instagram Business Account IDs.
  • Twitter / X: OAuth 2.0 access and refresh tokens, Twitter user ID.
  • LinkedIn: OAuth access tokens, LinkedIn Person URN.
  • YouTube / Google: OAuth tokens for YouTube channel access (if connected).

Tokens are stored encrypted in our database and are never exposed to third parties beyond the platforms they belong to.

3.3 Content & Scheduling Data

  • Post text, images, and media uploaded or generated within the platform.
  • Scheduled publish times and platform targets.
  • AI-generated content plans and prompts you submit.

3.4 Client Workspace Information

  • Client name, brand details, and workspace configuration.
  • Client-specific social accounts linked to a workspace.

3.5 Messaging & Campaign Data

  • Email subscriber lists, email content, and delivery/open/click logs (via Brevo).
  • WhatsApp contact lists and message logs (via Meta WhatsApp Business API).

3.6 Usage & Technical Data

  • Server-side logs (IP address, request paths, timestamps) retained for security and debugging.
  • Browser/device type derived from HTTP User-Agent headers.

We do not use cookies for tracking or advertising. Session management uses Next-Auth secure HTTP-only cookies.

4. How We Use Your Data

PurposeData UsedLegal Basis
User authentication & account managementName, email, profile picture, password hashContract performance
Publishing social media posts on your behalfOAuth tokens, post content, scheduling dataContract performance / explicit consent
Managing client workspacesClient details, linked platform accountsContract performance
Sending email / WhatsApp campaignsSubscriber lists, message content, delivery logsLegitimate interest / consent
AI content generationPrompts and plan requests (sent to Google Gemini API)Contract performance
Security, fraud prevention, debuggingServer logs, IP addressesLegitimate interest
Transactional emails (account alerts)Email addressContract performance

We do not sell your data. We do not use your data for advertising profiling or share it with data brokers.

5. Third-Party Services We Use

Sarvavidhi integrates with the following third-party services. Each service's own privacy policy governs how they handle data passed to them.

ServicePurposeData Shared
Meta (Facebook / Instagram)Publishing posts, reading page stats, WhatsApp messagingPage tokens, post content, WhatsApp messages
Google OAuth / Gemini APIUser sign-in, YouTube integration, AI content generationOAuth tokens, content prompts
Twitter / X APIPublishing tweets, reading Twitter analyticsOAuth tokens, tweet content
LinkedIn APIPublishing LinkedIn postsOAuth tokens, post content
Brevo (Sendinblue)Sending transactional and drip emailsRecipient email, name, email content
Upstash QStashReliable background job queue for scheduled postsJob payloads (post IDs, timestamps)
Neon PostgreSQLPrimary database hostingAll application data stored in database
ImgBBImage hosting for post media uploadsUploaded images
VercelApplication hosting and CDNHTTP request logs, server-side rendering

6. Facebook & Instagram Data Use

Sarvavidhi uses the Meta Platform APIs (Facebook Graph API and Instagram Graph API) solely to:

  • Publish posts to Facebook Pages and Instagram Business accounts you have authorized.
  • Read basic page analytics (reach, engagement) to display within your dashboard.
  • Send and receive WhatsApp Business messages via the Meta WhatsApp Cloud API.

We request only the permissions necessary for these functions. We do not access your personal Facebook profile, your friends list, or any data beyond what is required for the above purposes.

Data Deletion (Facebook Deauthorization): When you remove Sarvavidhi from your Facebook apps or disconnect your account, Meta sends a signed deauthorization callback to our servers. We automatically delete the associated Facebook page tokens and linked data from our database upon receiving this callback. No manual action is required on your part.

You can also revoke Sarvavidhi's access at any time via Facebook Settings → Apps and Websites.

7. Data Retention

  • Account data is retained for as long as your account is active.
  • OAuth tokens are retained until you disconnect the platform or delete your account.
  • Post content and scheduling data is retained for as long as the client workspace exists.
  • Email and messaging logs are retained for up to 12 months for delivery tracking.
  • Server logs are retained for up to 90 days.

Upon account deletion, all personal data, OAuth tokens, posts, and client workspaces associated with your account are permanently deleted within 30 days.

8. Your Rights

Under applicable Indian data protection law (Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 where applicable), and internationally under GDPR principles where relevant, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Deletion: Request deletion of your personal data and account.
  • Right to Portability: Request your data in a machine-readable format.
  • Right to Withdraw Consent: Disconnect social accounts or revoke OAuth permissions at any time through account settings or directly on the respective platform.
  • Right to Object: Object to processing of your data for specific purposes.

To exercise any of these rights, email us at support@sarvavidhi.com. We will respond within 30 days.

9. Account & Data Deletion

You can request complete deletion of your account and all associated data by:

  • Email: Sending a deletion request to support@sarvavidhi.com with the subject line "Account Deletion Request".
  • Account Settings: Using the "Delete Account" option in your account settings within the Sarvavidhi dashboard (when available).

Upon deletion, we will remove your profile, all OAuth tokens, all client workspaces you own, all posts and content, all email subscriber lists, and all associated logs from our systems within 30 days.

Facebook-specific: If you use the "Remove App" function within Facebook's app settings, our system automatically receives a deauthorization webhook and deletes your Facebook/Instagram tokens and associated data immediately, without requiring a separate email request.

10. Data Security

  • All data is transmitted over HTTPS / TLS.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • OAuth tokens are stored in an encrypted PostgreSQL database hosted on Neon.
  • API routes are protected with session-based authentication (Next-Auth).
  • Background job queues (QStash) use cryptographic signature verification.
  • Access to production systems is restricted to authorized personnel.

Despite these measures, no system can guarantee absolute security. If you suspect unauthorized access to your account, contact us immediately at support@sarvavidhi.com.

11. International Data Transfers

Sarvavidhi is operated from India. Some third-party services we use (such as Meta, Google, Vercel, Neon, and Upstash) may process data in the United States or other countries. By using Sarvavidhi and connecting these services, you acknowledge that your data may be transferred to and processed in countries outside India. We ensure that our third-party processors maintain appropriate security standards.

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA), to the extent applicable. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts in India.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Sarvavidhi after changes are posted constitutes acceptance of the updated policy. For material changes, we will notify active users via email.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sarvavidhi
Email: support@sarvavidhi.com
Website: sarvavidhi.com

We aim to respond to all privacy-related inquiries within 30 days.

© 2026 Sarvavidhi. All rights reserved.  ·  sarvavidhi.com