Privacy Policy

Account information. When you sign up we collect your email address and a hashed password. If you sign in with Apple, we receive the name and email address (or private relay address) that Apple provides.

Connected social accounts. When you link Instagram or Facebook we store an encrypted OAuth access token and your platform user ID. We never see or store your social media password.

Uploaded images. Images you publish through cloudjacked are uploaded to our cloud storage (Cloudflare R2) so the social platform can fetch them. Images are retained for 30 days after publishing, then automatically deleted.

Publish history. We log the platform, caption, status, and timestamp of each post so you can review your activity inside the app.

Payment information. Payments are processed by Stripe. We store your Stripe customer ID and subscription status but never see or store your full card number.

Usage data. We collect basic, anonymous analytics (app version, OS, feature usage counts) to improve the product. We do not track browsing activity or sell data to advertisers.

• Authenticate you and manage your account.
• Publish content to your connected social media accounts on your behalf.
• Process subscription payments and enforce plan limits.
• Send transactional emails (password resets, subscription receipts).
• Diagnose bugs and improve the product.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We rely on the following services to operate cloudjacked:

• Supabase — authentication and database hosting.
• Cloudflare — image storage (R2), CDN, and DNS.
• Stripe — payment processing.
• Meta (Instagram / Facebook) — content publishing via their official APIs.

Each service processes data according to its own privacy policy. We only share the minimum information required for them to operate.

OAuth tokens are encrypted at rest using AES-256-GCM. All network traffic uses HTTPS. Database access is protected by row-level security so users can only access their own data. Encryption keys are stored in environment variables, never in source code.

You can disconnect a social account at any time, which deletes the stored token immediately. You can delete your cloudjacked account from the settings screen; this permanently removes all your data (account info, connected accounts, presets, publish history) within 30 days.

For step-by-step instructions on how to delete your account and data, see our Data Deletion Instructions.

The cloudjacked.com website uses only essential cookies required for authentication. We do not use advertising or tracking cookies.

cloudjacked is not directed at anyone under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time. If we make material changes we will notify you by email or through the app. Continued use after changes constitutes acceptance.

Questions about this policy? Email us at zachary@cloudjacked.com.