← Back to Broadside

Privacy Policy

Last updated: 8 July 2026

Broadside ("we", "us") helps you publish content to third-party social platforms such as YouTube, TikTok, Instagram, and X. This policy explains what we collect, why, how we protect it, and how you can remove it. Broadside is also available as open-source software you can host yourself, in which case you are the data controller for your own instance.

Broadside is operated by LeadsResponder LLC.

1. Information we collect

  • Account information you provide to sign in (e.g. email, and for self-hosted instances, a dashboard password you set).
  • Platform authorization tokens. When you connect a social account, that platform gives us OAuth access and refresh tokens on your behalf. We never receive or store your social platform passwords.
  • Content you choose to publish — the titles, captions, tags, media URLs, and scheduling times you enter in order to post.
  • Basic account identifiers returned by the platforms (such as your channel or profile name) so we can show which accounts are connected.
  • Operational logs needed to run the service and diagnose failures. Secrets and tokens are redacted from logs.

2. How we use it

Solely to provide the service: to authenticate you, to publish or schedule the content you ask us to publish, to show your connection status and posting history, and to keep the service secure and working. We do not sell your data or use it for advertising.

3. How we store and protect it

Platform tokens are encrypted at rest using AES-256-GCM before they are stored, and are decrypted only in memory at the moment of publishing. Access to the dashboard is protected by authentication and signed, HttpOnly session cookies. Data is stored on our infrastructure provider (Netlify) or, for self-hosted instances, on infrastructure you control.

4. Sharing with third parties

To publish your content, we send it to the social platforms you have connected, using the access you authorized. Those platforms process it under their own privacy policies. We use infrastructure providers (e.g. Netlify) to run the service. We do not share your data with anyone else except where required by law.

5. Data retention and deletion

We keep your connected-account tokens and content only as long as your account is active or as needed to provide the service. You can:

  • Disconnect any platform at any time from the dashboard, which deletes that platform's stored tokens.
  • Request full deletion of your account and all associated data by emailing support@broadside.social. We will delete or anonymize your data promptly.
  • Where a platform (such as Meta) sends us an automated data-deletion request on your behalf, we honor it and remove the associated data.

6. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. Contact us at support@broadside.social to exercise them.

7. Children

Broadside is not directed to children under 13 (or the minimum age in your jurisdiction) and we do not knowingly collect their data.

8. Changes

We may update this policy; material changes will be reflected by the "last updated" date above.

9. Contact

Questions or requests: support@broadside.social.

Terms of Service →