Legal

Privacy Policy

Last updated: May 20, 2026

1. Who we are

Sikorae ("we", "us") provides a marketing command center for planning, publishing, and analyzing social content. This policy explains how we handle information when you use Sikorae.

2. Information we collect

Account data: When you sign in with Google, we receive your name, email address, profile photo, and Firebase user ID. This is stored in Firebase Authentication and Firestore under your user profile.
Workspace data: Business profile, brand voice, content strategy, AI prompt files, posts, schedules, assets metadata, and team membership you create in Sikorae.
Connected platform data: If you connect OAuth accounts (Instagram, TikTok, YouTube, LinkedIn, Google Drive), we store tokens and sync analytics or publishing data permitted by those platforms.
Monitored account scrapes: Public profile data you request us to scrape (posts, bios, visible metrics) via our scrape providers. No password is required for scrape-only monitoring.
AI interactions: Chat messages, drafts, and prompts sent to our AI features are processed through OpenRouter and underlying model providers to generate responses.
Usage data: Basic analytics (e.g. Firebase Analytics) about how the product is used, if enabled in your deployment.

3. How we use information

We use your information to:

Provide and improve Sikorae's features
Authenticate you and secure your workspace
Generate AI-assisted content grounded in your workspace context
Schedule and publish content to connected platforms when you request
Send scheduled reports you configure (e.g. PDF/CSV via email)
Respond to support requests and enforce our Terms

4. Sharing

We do not sell your personal information. We share data only with service providers necessary to operate Sikorae, including Google (Firebase, OAuth, Drive), social platform APIs, OpenRouter/AI model providers, email delivery (e.g. Resend), and scrape infrastructure. These providers process data under their own terms and our instructions.

5. Retention

We retain workspace data while your account is active. You may delete content within the product or request account deletion by contacting us. OAuth tokens are removed when you disconnect an integration.

6. Security

We use industry-standard practices including encrypted transport (HTTPS), Firebase security rules, and server-side secret storage for OAuth credentials. No system is 100% secure; you are responsible for securing access to your Google account and workspace.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, or export your data. Contact us to exercise these rights. If you are in the EEA/UK, you may also lodge a complaint with your local supervisory authority.

8. Children

Sikorae is not intended for users under 16. We do not knowingly collect data from children.

9. Changes

We may update this policy. Material changes will be reflected by updating the date above. Continued use after changes constitutes acceptance.

10. Contact

Questions about privacy: privacy@sikorae.com