Privacy Policy
1. Who we are
Say Less Media ("we", "us") is a social media management service operated by a sole operator based in Brașov, Romania. We schedule, publish, and manage social media content on behalf of our clients, using each platform's official APIs and account access that the client has explicitly authorized.
Say Less Media is the data controller for the personal data described in this policy. You can reach us for any privacy matter at privacy@saylessmedia.ro.
Registered office: B-dul Bucureștii Noi 136, et. parter, ap. 5, Sector 1, București, Romania. Company registration code (CUI): 52127890.
2. The short version
We only process data we need to run our clients' social media accounts. Access to those accounts is granted by the account owner through the platform's official login (OAuth) and can be revoked at any time. We do not sell personal data, we do not use it for advertising, and we do not run analytics or advertising trackers on this website.
3. Data we process
Client data. When you become a client, we process your name, contact details (email, phone, or messaging handle), billing information, and the content you provide to us for publishing.
Connected social media account data. When a client authorizes us to operate a social media account (for example via TikTok Login Kit or Meta's login), we receive, through the platform's official APIs and only within the permission scopes granted:
- basic profile information (username, display name, avatar);
- lists of the account's published content and its metadata (captions, identifiers, timestamps);
- performance metrics (such as view, like, comment, and follower counts);
- access tokens that allow us to act on the account within the granted scopes.
Website visitors. This website is a static site. It does not set cookies and does not use analytics or advertising trackers. Our hosting provider (Cloudflare) may process technical connection data (such as IP addresses) in server logs as part of delivering and securing the site.
4. Why we process it, and on what legal basis
- To provide the service — scheduling, publishing, account management, and performance reporting for our clients (Article 6(1)(b) GDPR, performance of a contract).
- To secure and maintain the service — error logging, abuse prevention, and record keeping (Article 6(1)(f) GDPR, legitimate interests).
- To comply with legal obligations — such as accounting and tax record retention (Article 6(1)(c) GDPR).
5. How we handle platform API data
Data we receive from social media platform APIs (including TikTok and Meta platforms) is used solely to provide our service to the owner of the connected account. Specifically:
- we use it only to publish content the client has approved, and to report the account's own performance back to the client;
- we do not sell it, share it with third parties for their own purposes, use it to build advertising profiles, or combine it across unrelated clients;
- we comply with the developer terms and policies of each platform whose APIs we use;
- access tokens and account credentials are stored encrypted at rest, and access to our systems is limited to the operator;
- the account owner can revoke our access at any time from the platform's own settings (for example, TikTok's "Manage app permissions"). When access is revoked or the client relationship ends, we delete the associated tokens and stop retrieving data from that account.
6. Who we share data with
We do not sell personal data. We share it only with:
- the social media platforms themselves, when publishing content or reading metrics through their APIs;
- service providers (processors) we use to run the service, currently Cloudflare (website hosting and file storage). Processors act on our instructions under data processing agreements;
- authorities, where disclosure is required by law.
7. International transfers
We operate from Romania, in the European Union. Some of our providers and the social media platforms may process data outside the EU/EEA. Where that happens, transfers rely on safeguards recognized under the GDPR, such as adequacy decisions or the European Commission's Standard Contractual Clauses.
8. How long we keep data
- Access tokens: for as long as the account connection is active; deleted when access is revoked or the engagement ends.
- Content and performance data: for the duration of the client relationship, then deleted or anonymized within 90 days, unless the client asks for earlier deletion.
- Contract and billing records: as long as Romanian accounting and tax law requires.
9. Your rights
Under the GDPR you have the right to access your personal data, to have it corrected or erased, to restrict or object to its processing, and to receive it in a portable format. You can exercise any of these rights by emailing privacy@saylessmedia.ro; we respond within one month.
You also have the right to lodge a complaint with a supervisory authority. In Romania this is the National Supervisory Authority for Personal Data Processing (ANSPDCP, dataprotection.ro), or the authority in your own EU member state.
10. Children
Our service is directed at businesses and adult creators. We do not knowingly process personal data of anyone under 18, and we do not accept clients under 18.
11. Changes to this policy
If we change this policy, we will post the updated version on this page with a new "last updated" date. Material changes affecting active clients will be communicated directly.
12. Contact
Say Less Media · Brașov, Romania
Registered office: B-dul Bucureștii Noi 136, et. parter, ap. 5, Sector 1, București, Romania · CUI 52127890
privacy@saylessmedia.ro