Last updated: May 7, 2026
Atelier Social ("Atelier", "we", "us") is a social-media scheduling, publishing, engagement, and analytics tool operated from the website ateliersocial.io. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have. We act as the data controller for account information you provide directly and as a data processor for content you publish to third-party platforms through our service.
When you connect a social account via OAuth, we receive and store the following information from each platform you authorize:
Atelier Social uses Facebook Login for Business. The exact permissions requested by our Meta app, and the strict purpose each one serves inside the product, are:
public_profile, email — identify the connecting user, label the connection in the workspace, and deduplicate accounts.pages_show_list — list the Facebook Pages you administer so you can choose which one to connect.pages_manage_metadata — retrieve a Page access token and subscribe to webhooks for the Page you connect.pages_manage_posts — publish posts, photos, and videos to the Facebook Pages you have explicitly connected.pages_read_engagement — read post insights (impressions, reach, reactions) and comments on your Page posts.pages_read_user_content — read user-generated comments on your Page posts so they can be displayed in your comment inbox and matched against auto-reply rules.pages_manage_engagement — reply to, like, or hide comments on your Page posts when you choose to do so or when an auto-reply rule you configured matches.pages_messaging — send and receive direct messages on the Facebook Pages you have connected, for the purpose of displaying your inbox and sending replies you author or approve.instagram_basic — discover the Instagram Business/Creator account linked to your Facebook Page and read its media so you can manage it inside Atelier.instagram_content_publish — publish feed posts, carousels, Reels, and Stories to your Instagram account.instagram_manage_comments — read and reply to comments on your Instagram media.instagram_manage_messages — read and reply to Instagram direct messages you receive.instagram_manage_insights — read post-level insights (views, reach, saves, shares) for your Instagram media.business_management — list Business-owned Pages, Instagram accounts, and ad accounts you administer so you can connect them.ads_management, ads_read — create, read, and manage boosted-post campaigns on the ad accounts you choose, and read their performance metrics. Used only when you explicitly create a Boost from a published post.threads_basic, threads_content_publish — identify your Threads account and publish posts to it.We never use Meta data for advertising targeting, never sell it, never share it with data brokers, and never use it to train machine-learning models.
user.info.basic, user.info.profile, video.upload, video.publish.Atelier Social uses YouTube API Services. By connecting a YouTube channel, you also agree to the YouTube Terms of Service and the Google Privacy Policy. Atelier Social's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect a YouTube channel we request these scopes and use the data only for the purposes listed:
youtube.readonly — read your channel id, title, handle, avatar, and public statistics to display the connected channel inside Atelier.youtube.upload — upload videos you compose in Atelier to the channel you have connected.youtube — update or delete the metadata and stats of videos you uploaded through Atelier (so the in-app delete button on a post removes the corresponding YouTube video).We do not use YouTube data to serve ads or to retarget you, we do not sell or transfer it to third parties except service providers strictly necessary to operate Atelier (Supabase for storage), and we do not use it to train generalised machine-learning models. OAuth refresh tokens and channel metadata are stored encrypted in Supabase and retained until you disconnect the channel or delete your account, after which they are purged within 30 days.
You can revoke Atelier's access to your YouTube data at any time from Google Account → Third-party apps, or by clicking Disconnect on the YouTube channel in the Accounts page (which revokes the OAuth grant with Google and removes the channel + tokens from our database). To delete all YouTube-derived data along with your account, use the Data Deletion page.
We do not sell personal data. We do not use platform data for advertising or for training machine-learning models.
Data is stored in Supabase (Postgres) with row-level security. Access tokens are stored encrypted at rest and only accessed server-side at publish time. Media uploads are stored in Supabase Storage. We use industry-standard transport encryption (TLS) for all requests.
Connected-account data and tokens are retained until you disconnect the account from the Accounts page or delete your workspace, at which point they are removed from our database. Posts you delete are removed immediately. Limited audit logs (timestamps, request metadata) may be retained for up to 90 days to prevent abuse.
To delete your entire account and all associated data, see our Data Deletion page.
You can revoke Atelier Social's access to any connected platform at any time:
Depending on your jurisdiction (e.g. EU/UK GDPR, California CCPA), you have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. Contact us at privacy@ateliersocial.io to exercise these rights.
Atelier Social is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from them.
We may update this Privacy Policy from time to time. Material changes will be posted here with an updated date.
For privacy questions or to make a data request, email privacy@ateliersocial.io.