Last updated: February 2026
Uptoma Inc. (“we”, “us”) operates the Uptoma platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.
Account Information: Email address, name, and password hash when you register.
Social Media Tokens: OAuth access tokens and refresh tokens for each social media platform you connect. These tokens allow Toma to post on your behalf.
Content: Text, images, and video files you upload for posting. We process and temporarily store this content to deliver it to your selected platforms.
Usage Data: Pages visited, features used, post counts, and error logs to improve the Service.
Billing Information: Payment details are processed by Stripe. We do not store credit card numbers on our servers.
We treat your OAuth tokens with the highest care. Tokens are encrypted at rest using AES-256 encryption. We only use tokens to perform actions you explicitly request (posting content). We never read your DMs, followers, or analytics unless you grant specific permission. You can revoke access to any platform at any time from your dashboard.
Data is stored on encrypted PostgreSQL databases hosted in the United States. Media files are stored in S3-compatible object storage with server-side encryption. All data in transit is encrypted via TLS 1.3. We use industry-standard security practices including regular audits, access controls, and monitoring.
We integrate with the following third-party services:
Each third-party service has its own privacy policy. We encourage you to review them.
If you are located in the European Economic Area, you have the following rights:
To exercise these rights, email [email protected]. We will respond within 30 days.
Legal Basis for Processing: We process your data based on (a) contractual necessity (to provide the Service), (b) your consent (connecting social accounts), and (c) legitimate interests (improving the Service, preventing fraud).
California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell your personal information to third parties.
We use essential cookies for authentication and session management. We do not use third-party tracking cookies. Analytics, if implemented, will use privacy-respecting, cookieless solutions.
Uptoma is not intended for users under 18. We do not knowingly collect data from minors.
In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours and report to relevant authorities as required by law.
We may update this Privacy Policy periodically. We'll notify you of material changes via email. The “last updated” date at the top reflects the latest revision.
For privacy inquiries: [email protected]
For general support: [email protected]