Catalyst_Digital

Privacy Policy

Last updated: February 10, 2026

1. Introduction

Catalyst Digital ("we," "our," or "us") operates the catalystdigital.dev website and proprietary internal marketing infrastructure. This Privacy Policy explains how we collect, use, disclose, and safeguard information processed through our systems when connecting to third-party social media platforms via their official APIs.

2. Information We Collect

2.1 Information We Process

  • OAuth 2.0 access tokens and refresh tokens for our owned brand social media accounts
  • Content generated or scheduled through our internal automation systems
  • Account profile information for brands we own and operate
  • Communication data for operational and technical support

2.2 Information Collected Automatically

  • Device and browser information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, timestamps)
  • Cookies and similar tracking technologies for session management

2.3 Third-Party Platform Data

When brand accounts are connected to the platform, we access data through official APIs provided by TikTok, Meta (Instagram, Facebook), X (Twitter), and LinkedIn. This includes:

  • Account profile information
  • Publishing permissions and page/account management access
  • Analytics and engagement data for published content
  • OAuth 2.0 access tokens and refresh tokens for maintaining authorized connections

3. How We Use Information

We use the collected information to:

  • Operate and maintain our internal marketing automation infrastructure
  • Publish content to social media platforms for brands we own through official APIs
  • Generate analytics and performance reports for our brand portfolio
  • Improve and optimize our internal systems and workflows
  • Maintain operational communications regarding our infrastructure
  • Comply with legal obligations and platform requirements

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data with:

  • Social media platforms: Content and actions you authorize us to perform on connected platforms through their official APIs
  • Service providers: Trusted third-party services that assist in operating our platform (hosting, analytics)
  • Legal requirements: When required by law, regulation, or legal process

5. OAuth Token Security

Access tokens and refresh tokens obtained through OAuth 2.0 authorization flows are:

  • Encrypted at rest using AES-256 encryption
  • Transmitted exclusively over TLS 1.3 encrypted connections
  • Stored with minimal necessary scope permissions
  • Automatically refreshed and rotated per platform requirements
  • Immediately revoked upon account disconnection or deletion

6. Data Retention

We retain operational data for as long as necessary to manage the brand portfolio. Upon disconnecting a brand account:

  • OAuth tokens are immediately revoked and deleted
  • Brand configuration data is archived within 30 days
  • Published content remains on third-party platforms per their respective policies
  • Anonymized analytics data may be retained for operational analysis

7. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for all system components
  • Automated monitoring for unauthorized access attempts

8. Data Access Rights

As the operator of this infrastructure, we maintain:

  • Access controls for brand account data
  • Audit logs of data access and modifications
  • Ability to revoke OAuth permissions for any connected brand account
  • Data export capabilities for operational and compliance purposes
  • Controls for managing communication preferences regarding infrastructure operations

9. Cookies

This website uses essential cookies for session management and authentication when accessing infrastructure documentation and operational interfaces. We do not use third-party advertising or behavioral tracking cookies.

10. Children's Privacy

Our infrastructure is operated by authorized personnel only and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our infrastructure operations or legal requirements. Material changes will be communicated through appropriate operational channels.

12. Contact

For privacy-related inquiries or to exercise your data rights, contact us at:

Email: privacy@catalystdigital.dev