Privacy Policy

Last updated: 2026-05-05

Imperfect Shade ("the Application") is a private, self-hosted social media management application operated by a single individual for personal use. This policy describes what data the Application collects, how it is used, and how to request deletion.

Who operates the Application

Imperfect Shade is operated by Steven Harris (the "Operator"). The Application is not offered as a service to third parties; it runs on the Operator's own infrastructure for the Operator's own use.

What data is collected

When the Operator connects a social media account to the Application via OAuth, the Application stores:

• OAuth access tokens and refresh tokens for the connected accounts. Tokens are stored encrypted at rest on the Operator's server.
• Basic profile information returned by each platform's API (display name, avatar URL, public account ID, follower and video counts).
• Posts and drafts composed by the Operator inside the Application, including text, attached media, scheduling time, and platform-specific options (privacy level, content disclosures).
• Analytics retrieved from each platform's API (per-post metrics such as views, likes, comments, shares, watch time).

For TikTok specifically, the Application requests the following scopes: user.info.basic, user.info.profile, user.info.stats, video.list, video.upload, and video.publish. The data accessed under these scopes is described above.

How the data is used

Collected data is used solely to:

• Display the Operator's connected accounts inside the Application.
• Schedule and publish content the Operator has authored to the connected platforms.
• Display analytics for the Operator's own posts and accounts.

Data is not sold, shared with third parties, or used for advertising. The Application does not include third-party analytics or tracking scripts.

Where the data is stored

Data is stored on the Operator's self-hosted infrastructure. No data is sent to any third party other than the social platforms whose APIs the Operator has authorized.

Data retention

Data is retained while the corresponding social account remains connected. When an account is disconnected from the Application, OAuth tokens for that account are deleted, and the cached profile, post, and analytics data for that account is removed within 30 days.

Data deletion requests

Because the Application is single-operator, the Operator may delete any data at any time directly from the Application's database. Third parties who believe their data may be referenced inside the Application — for example, public commenters on a tracked post — may request deletion by emailing sonarun@gmail.com. Requests will be honored within 30 days.

You may also revoke the Application's access from each platform's own settings page (for example, the TikTok app permissions screen) at any time, which will invalidate the Application's tokens for that account.

Security

OAuth tokens are encrypted at rest. The Application is served over HTTPS. Access to the Application's user interface is restricted to authenticated sessions on the Operator's own account. The underlying server is not exposed publicly except via the Application's HTTPS endpoint.

Children's data

The Application is not directed at children under 13 and does not knowingly collect data from children under 13.

Changes to this policy

This policy may be updated from time to time. Material changes will be reflected in the "Last updated" date above.

Contact

Questions or deletion requests: sonarun@gmail.com.