Privacy Policy

Effective date: March 3, 2026

Overview

One Million Media ("we", "us", or "our") provides social media analytics, campaign reporting, and sales-performance tools for clients. This policy explains what information we collect, how we use it, and how we protect it.

Information We Collect

We collect account information (name, email, password), connected social profile identifiers, analytics metrics, campaign performance data, scheduling and pipeline data, and technical usage data required to operate the platform.

When you connect a social media account via OAuth, we access only the data explicitly authorized through each platform's permission system, as described below.

Facebook & Instagram Data

When you connect your Facebook Page or Instagram Business account, we access the following data via the Meta Graph API:

  • A list of Facebook Pages you manage
  • Facebook Page post data and engagement metrics (likes, comments, shares)
  • Facebook Page Insights (impressions, reach, engagement over time)
  • Instagram Business profile information (username, follower count, media count)
  • Instagram media metadata (captions, timestamps, permalinks)
  • Instagram media metrics (impressions, reach, saves, plays, likes, comments, shares)

How we access it: Via Meta Graph API after you grant OAuth permissions (pages_show_list, pages_read_engagement, read_insights, instagram_basic, instagram_manage_insights).

Storage: Data is stored in our Supabase PostgreSQL database. OAuth tokens are encrypted using AES-256-GCM encryption before storage.

We do not sell or transfer your Facebook or Instagram data to third parties. We do not use this data for purposes unrelated to providing our analytics service.

How to revoke access: Disconnect the account in your One Million Media dashboard, or revoke access directly in Facebook at Settings & Privacy > Settings > Security and Login > Apps and Websites (Business Integrations).

YouTube & Google Data

When you connect your YouTube channel, we access the following data via the YouTube Data API v3 and YouTube Analytics API:

  • YouTube channel statistics (subscriber count, total views)
  • Video metadata (titles, descriptions, publish dates, thumbnails)
  • Video metrics (views, likes, comments)
  • YouTube Analytics data (views, watch time, engagement over time)

How we access it: Via YouTube Data API v3 and YouTube Analytics API after you grant OAuth consent for the youtube.readonly and yt-analytics.readonly scopes.

Storage: Data is stored in our Supabase PostgreSQL database. OAuth tokens are encrypted using AES-256-GCM encryption before storage.

We do not sell or transfer your YouTube data to third parties.

Google API Services User Data Policy: Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How to revoke access: Disconnect the channel in your One Million Media dashboard, or revoke access at myaccount.google.com/permissions.

TikTok Data

When you connect your TikTok account, we access the following data via the TikTok Display API:

  • TikTok profile information (display name, avatar, follower and following counts)
  • Video metadata (titles, descriptions, publish dates)
  • Video metrics (views, likes, comments, shares)

How we access it: Via TikTok Login Kit and Display API after you grant OAuth permissions (user.info.basic, user.info.stats, video.list).

Storage: Data is stored in our Supabase PostgreSQL database. OAuth tokens are encrypted using AES-256-GCM encryption before storage.

We do not sell or transfer your TikTok data to third parties.

How to revoke access: Disconnect the account in your One Million Media dashboard, or revoke access in TikTok at Settings > Security > Manage App Permissions.

How We Use Information

We use the data described above to provide dashboards, reporting, attribution, forecasting, account administration, security monitoring, customer support, and service improvement. Social media data is used exclusively to display analytics and track content performance within our platform.

Data Sharing

We do not sell personal information or social media data. We may share data with service providers that help us run the platform (such as our database hosting provider), or when required by law. We do not share your connected social media data with advertisers, data brokers, or any other third parties.

Data Security and Retention

We implement reasonable administrative, technical, and organizational safeguards. All OAuth access tokens are encrypted using AES-256-GCM encryption before storage. Data is retained for as long as needed to provide services, comply with legal obligations, and resolve disputes.

When you disconnect a social account, we stop accessing new data from that platform. You may request deletion of previously collected data at any time.

Data Deletion

You have the right to request deletion of your data at any time. There are two ways to do this:

  • In-app: Disconnect your social accounts in your One Million Media dashboard, then submit a deletion request via our Data Deletion page.
  • Email: Send an email to support@onemillionmedia.com with the subject "Data Deletion Request" and include your name, email, and the platforms you want deleted.

Verified deletion requests are processed within 7 business days.

Your Rights

Depending on your jurisdiction, you may have rights to access, update, or request deletion of your information. You may also revoke our access to your connected social media accounts at any time through each platform's settings or through our dashboard.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised effective date.

Contact

For privacy-related requests, email support@onemillionmedia.com.