We are committed to safeguarding your personal information.
Effective Date: March 29, 2026
This Privacy Policy describes how sona.to ("we," "us," or "our") collects, uses, and discloses your personal information when you use our social media management software as a service (the "Service").
We are committed to protecting your personal information and your right to privacy. This Privacy Policy applies to all information collected through our Service, including our website, mobile applications, and any related services.
Please read this Privacy Policy carefully as it will help you understand what we do with the information we collect.
● Company: When this policy mentions "Company," "we," "us," or "our," it refers to Sonato LLC, operating sona.to.
● Country: United States, where Sonato LLC is based.
● Personal Data: Any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.
● Service: The social media management platform provided by sona.to.
● Third-party Platforms: Social media networks and cloud services that you connect to our Service.
● You: A person or entity that is registered with sona.to to use the Services.
● Email address
● Name
● Password (encrypted)
● Profile information
When you connect social media accounts to our Service, we collect and store:
● Account identifiers and profile information
● Access tokens and refresh tokens (encrypted)
● Profile names, avatars, and page/channel information
We support connections to the following platforms:
● Facebook (Pages and Profiles)
● Instagram (Business and Creator accounts)
● Twitter/X
● LinkedIn (Profiles and Pages)
● YouTube
● Google Business Profile
● TikTok
● Pinterest
● Snapchat
● Reddit
● Mastodon
● Bluesky
● Telegram (Channels and Groups)
● Threads
● Posts, captions, and scheduled content
● Media files (images, videos) you upload
● Labels, campaigns, and organizational data
When you connect cloud storage services, we access:
Google Drive:
● Files you explicitly select through Google Picker
● We use the drive.readonly scope to read files you select
● We do NOT access files you haven't explicitly selected
● We do NOT store your files permanently; they are copied to your media library
Microsoft OneDrive:
● Files you explicitly select through OneDrive Picker
Dropbox:
● Files you explicitly select through Dropbox Chooser
● Log data, IP addresses, browser type
● Pages visited, features used
● Device information
We use your information to:
● Provide the Service: Publish and schedule posts to your connected social media accounts
● Store and manage media: Save files you upload or import for use in posts
● Analytics: Display performance metrics from your connected accounts
● Improve the Service: Analyze usage patterns to enhance features
● Customer support: Respond to your inquiries
● Security: Protect against unauthorized access and abuse
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
● We only access Google user data that you explicitly authorize
● We use Google Drive data solely to import files you select into your sona.to media library
● We use YouTube data solely to publish videos and retrieve channel/video analytics you request
● We use Google Business Profile data solely to create and manage posts on your business listing
● We do not use Google data for advertising purposes
● We do not sell Google user data to third parties
● We do not use Google data for purposes unrelated to providing the Service
Our Service uses YouTube API Services. By using our YouTube features, you agree to be bound by the YouTube Terms of Service.
We access the following YouTube data:
● Channel information (name, avatar, subscriber count)
● Video upload functionality
● Video analytics (views, engagement) when you use our analytics features
You can revoke our access to your YouTube data at any time via the Google Security Settings.
Our Service uses Google Business Profile API. By connecting your Google Business Profile, you agree to be bound by the Google Terms of Service.
We access the following Google Business Profile data:
● Business listing information (name, address, category)
● Post creation and management functionality
● Location information associated with your business
We use Google Business Profile data solely to:
● Publish posts you create to your Google Business Profile listing
● Display your business information within our Service
● Manage scheduled content for your business listing
You can revoke our access to your Google Business Profile data at any time via the Google Security Settings or by disconnecting your account in sona.to.
Our Service uses TikTok's Content Posting API. By connecting your TikTok account, you agree to be bound by the TikTok Terms of Service.
We access the following TikTok data:
We use TikTok data solely to:
We do NOT:
You can revoke our access to your TikTok data at any time via TikTok Settings or by disconnecting your account in sona.to.
● Your data is stored on secure servers
● Access tokens are encrypted at rest
● Media files are stored securely and associated with your account
● HTTPS encryption for all data transmission
● Encrypted storage of sensitive credentials
● Regular security audits
● Access controls and authentication
● Account data: Retained until you delete your account
● Posts and content: Retained until you delete them or close your account
● Access tokens: Retained until you disconnect the account or revoke access
● Log data: Retained for up to 90 days
When you delete your account or disconnect a social media account:
● Associated access tokens are immediately deleted
● Your content is deleted within 30 days
● Backup copies may persist for up to 90 days for disaster recovery
When you publish content through our Service, that content is sent to the social media platforms you've connected. Each platform's privacy policy governs how they handle that content.
We use third-party services to operate our platform:
Payment Processing:
● Stripe: Processes credit card payments. We do not store your full card details. Stripe Privacy Policy
● PayPal: Alternative payment option. PayPal Privacy Policy
Analytics:
● Google Analytics: Analyzes website usage. Google Privacy Policy
We may disclose your information if required by law, court order, or to protect our rights and safety.
You can access and download your data at any time from your account settings.
You can:
● Delete individual posts and media files
● Disconnect social media accounts (removes access tokens)
● Delete your entire account (removes all associated data)
You can revoke our access to connected services:
● Google (Drive/YouTube/Business Profile): Google Security Settings
● Facebook/Instagram: Facebook App Settings
● Twitter/X: Twitter Connected Apps
● LinkedIn: LinkedIn Permitted Services
● TikTok: TikTok Security Settings
● Other platforms: Check each platform's app permissions settings
If you are in the European Economic Area, you have rights to:
● Access your personal data
● Rectify inaccurate data
● Erase your data ("right to be forgotten")
● Restrict processing
● Data portability
● Object to processing
● Lodge a complaint with a supervisory authority
California residents have the right to:
● Know what personal information is collected
● Know whether personal information is sold or disclosed
● Say no to the sale of personal information
● Access their personal information
● Request deletion of their information
● Equal service and price (no discrimination)
We do not sell personal information.
Our Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email and/or a notice on our Service prior to the change becoming effective.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
● Website: https://sona.to/contact
For data access or deletion requests, we will respond within 30 days.