← Back to ViralFarm

Privacy Policy

Effective Date: March 27, 2026 · Last Updated: April 24, 2026

This Privacy Policy is for MyViral.Farm, owned and operated by Annie Yang. ViralFarm ("ViralFarm," "we," "us," or "our") operates the website at www.myviral.farm and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect information when you use the Service, including information obtained through integrations with third-party social media and commerce platforms such as Meta (Instagram, Facebook, Threads), Pinterest, LinkedIn, TikTok, X (Twitter), YouTube, Bluesky, Google Business Profile, and Shopify.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and profile photo via Google OAuth or email/password sign-up.
  • Content: Text, images, videos, captions, templates, and other content you create, upload, or import into the Service.
  • Payment Information: If you subscribe to a paid plan by signing up directly at myviral.farm, payment details are collected and processed by our payment processor (Stripe). If you install ViralFarm from the Shopify App Store, your charges are handled exclusively by Shopify's Billing API and appear on your Shopify invoice — we never see or store those payment details. In either case, we do not store full credit card numbers on our servers.
  • Communications: Information you provide when you contact support, submit feedback, or respond to surveys.

1.2 Information from Third-Party Platforms

When you connect a third-party account (e.g., Instagram, LinkedIn, TikTok, Pinterest, Facebook, Threads, YouTube, X, Bluesky, Google Business Profile, or Shopify), we may receive the following information via OAuth or platform APIs:

  • Profile / Shop Information: Username, display name, profile picture URL, account type, and account / page / shop identifiers (including Shopify shop domain such as yourstore.myshopify.com).
  • OAuth Tokens: Access tokens and refresh tokens necessary to publish content, read product listings, and perform other actions you authorize on your behalf. These tokens are encrypted at rest and stored securely.
  • Post & Publishing Data: Confirmation of post publishing status (success, failure, scheduled time), post identifiers returned by the platform, and any error messages.
  • Product / Catalog Data (Shopify): When you connect a Shopify store, we read product listings (title, description, handle, images, price, product type, tags, and inventory status) through the Shopify Admin API so you can turn them into social posts, carousels, and scheduled content. We request the minimum scopes required for these features (for example, read_products and read_product_listings). We do not request or access orders, customer PII, checkout data, discounts, fulfillment records, or payment information.

1.2.1 Temporary Caching During Publishing

During the content publishing pipeline, media files (images, videos) may be temporarily cached in server memory or temporary storage for the sole purpose of transmitting them to the destination platform. This temporary cache is automatically purged once the publishing action completes (success or failure) and is never retained for longer than 24 hours under any circumstance. We do not retain copies of media after it has been delivered to the platform.

1.2.2 TikTok-Specific Data

When publishing to TikTok, video content is transmitted to TikTok's API and is not stored on our servers after the publish action completes. We do not retain, archive, or cache TikTok video content beyond the temporary processing window described in Section 1.2.1. The only TikTok data we retain is the OAuth token (encrypted at rest), your TikTok username and account identifier, and post status metadata (e.g., post ID, success/failure).

1.2.3 Pinterest-Specific Data

In compliance with Pinterest's API guidelines, we do not persistently store any data obtained through the Pinterest API beyond the immediate action of publishing a Pin. Pinterest profile information (username, account ID) is used transiently during the session to identify your account for publishing. After the publishing action completes, no raw Pinterest API response data is retained. The only Pinterest-related data we store is the encrypted OAuth token and the post status (scheduled, published, or failed).

1.2.4 Meta-Specific Data (Instagram, Facebook, Threads)

When publishing to Meta platforms, content (images, text, video) is transmitted to Meta's APIs and not cached or stored on our servers beyond the temporary processing window described in Section 1.2.1. We do not access, collect, or store direct messages, private comments, friend/follower lists, or any Meta user data beyond what is strictly necessary to publish content on your behalf. Media uploaded to Meta's API during publishing is purged from our temporary storage immediately upon confirmation of delivery.

1.2.5 Shopify-Specific Data

When you connect a Shopify store, ViralFarm acts as a Shopify Partner app and interacts with Shopify's Admin API on your behalf. The data we access is limited to what is necessary to generate social content from your catalog:

  • Shop & authorization data: shop domain (e.g. yourstore.myshopify.com), Shopify user/shop ID, granted scopes, and the encrypted OAuth access token.
  • Product data: product titles, descriptions, handles, images, product type, tags, price, availability, and related metadata returned by the Admin API.
  • HMAC & request metadata: Shopify provides signed HMAC parameters on OAuth redirects and webhook deliveries; we use these only to verify the authenticity of the request.

We do not request, access, or store Shopify orders, customers, checkout carts, payment details, fulfillment records, discount codes, draft orders, or any personally identifiable information about your shoppers. We do not use Shopify data to contact your customers, to market to them, or to build user profiles. Shopify product data is used solely to render previews inside your ViralFarm workspace and to help you create and publish social content you control.

ViralFarm complies with the Shopify App Store requirements, the Shopify API Terms of Service, and the Protected Customer Data requirements. We support Shopify's mandatory GDPR webhooks (customers/data_request, customers/redact, and shop/redact): on receipt of a redaction request we delete the corresponding Shopify records within 30 days, and we will provide any requested data export to the merchant for forwarding to their customer.

We do not collect or store: your social media or Shopify passwords, direct messages, private follower lists, shopper personal information (name, email, address, phone, order history), payment instruments, or any data beyond what is strictly necessary to provide the Service.

1.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, timestamps, and session duration.
  • Device & Browser Data: IP address, browser type, operating system, device type, and screen resolution.
  • Cookies & Similar Technologies: We use essential cookies for authentication and session management. We may use analytics cookies (e.g., Google Analytics) to understand usage patterns. See Section 8 for more details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Generate, customize, export, schedule, and publish visual content to your connected social media accounts, and turn your Shopify product catalog into social posts, carousels, and scheduled content.
  • Account Management: Create and maintain your account, authenticate sessions, and process payments.
  • Scheduling & Publishing: Use OAuth tokens to schedule and publish posts to connected social media platforms at times you specify, and to fetch product listings from connected Shopify stores.
  • Improve the Service: Analyze usage trends, diagnose technical issues, and develop new features.
  • Communication: Send transactional emails (e.g., password resets, billing receipts), respond to support requests, and provide product updates (you may opt out of non-essential communications at any time).
  • Security & Compliance: Detect and prevent fraud, abuse, and security incidents; comply with legal obligations.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

  • Social Media & Commerce Platforms: When you schedule or publish a post, we transmit your content (text, images, video) and relevant metadata to the platforms you selected. When you connect a Shopify store, we read product listings from the Shopify Admin API to populate your workspace. All such calls are initiated by you and governed by each platform's own terms and privacy policy.
  • Service Providers: We use trusted third-party providers to operate the Service, including:
    • Supabase (database and authentication)
    • Stripe (payment processing)
    • Vercel (hosting and deployment)
    • OpenAI / Anthropic (AI content generation)
    These providers process data on our behalf under strict contractual obligations and are prohibited from using your data for their own purposes.
  • Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred to the successor entity, with notice provided to users.

4. Data Storage & Security

  • Data is stored on servers in the United States using Supabase (hosted on AWS) and Vercel.
  • OAuth access tokens and refresh tokens are encrypted at rest using industry-standard encryption (AES-256).
  • All data is transmitted over HTTPS/TLS.
  • We implement access controls, audit logging, and regular security reviews.
  • Passwords (when applicable) are hashed and salted; we never store plaintext passwords.

While we employ commercially reasonable measures to protect your information, no system is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

5. Data Retention & Deletion

  • Account Data: Retained for as long as your account is active. Upon account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law.
  • Content: Generated posts, templates, and media are deleted when you delete them or when your account is deleted.
  • OAuth Tokens: Revoked and deleted when you disconnect a social media account, uninstall the ViralFarm app from Shopify, or delete your ViralFarm account. For Shopify, uninstalling the app triggers the app/uninstalled webhook; we delete the store's OAuth token immediately and purge cached product data within 48 hours.
  • Shopify Shop & Customer Redaction: On receipt of Shopify's shop/redact webhook (sent ~48 hours after uninstall) we permanently delete all remaining data for that shop. On receipt of customers/redact we delete any data associated with that customer identifier (note: we do not retain Shopify customer PII, so in most cases this is a no-op). customers/data_request events are logged and forwarded to the merchant.
  • Logs & Analytics: Aggregated, anonymized usage data may be retained indefinitely for analytics and product improvement.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request a machine-readable export of your data.
  • Restrict Processing: Request that we limit how we use your data.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Opt Out of Marketing: Unsubscribe from marketing emails at any time via the link in the email or your account settings.
  • Disconnect Social Accounts: Revoke the Service's access to any connected social media account at any time from your account settings or from the social platform's own app permissions page.

You can also revoke ViralFarm's access to your data directly through each platform's security settings, including: Google Security Settings (YouTube, Google Business), Facebook Business Integrations (Instagram, Facebook, Threads), LinkedIn Permitted Services, TikTok Security Settings, Pinterest App Permissions, X (Twitter) Connected Apps, and your Shopify admin under Settings → Apps and sales channels → ViralFarm → Uninstall.

To exercise any of these rights, contact us at hi@myviral.farm. We will respond within 30 days (or sooner as required by applicable law).

6.1 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, email hi@myviral.farm.

6.2 European Economic Area & UK (GDPR)

If you are located in the EEA or UK, our legal bases for processing are: (a) your consent, (b) performance of a contract (providing the Service), (c) legitimate interests (improving the Service, security), and (d) compliance with legal obligations. You may lodge a complaint with your local data protection authority.

7. Third-Party Platform Policies

When you use the Service to interact with third-party social media platforms, your use is also subject to those platforms' terms and privacy policies. We encourage you to review:

By using our YouTube integration, you are also bound by the YouTube Terms of Service and the Google Privacy Policy.

We access platform data solely through official APIs and within the scope of permissions you grant. We do not scrape, crawl, or otherwise collect data outside of authorized API access.

7.2 Google API Services — Limited Use Disclosure

ViralFarm's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7.3 Platform-Specific Data Use Limitations

Data obtained from each third-party platform's API is used exclusively to provide the Service to the individual user who authorized access. Specifically:

  • Data from one user's connected social account is never combined, aggregated, or cross-referenced with data from another user's account.
  • Platform API data is not used for advertising, ad targeting, data brokerage, market research, user profiling, or any purpose other than performing the publishing and scheduling actions requested by the authorizing user.
  • Platform API data is not sold, licensed, or shared with any third party for their independent use.
  • Platform API data is not used to train machine learning or AI models.
  • We access only the minimum data and permissions necessary to publish content and report back the publishing status to the user.
  • ViralFarm does not cache, store, or archive TikTok video content or user metadata beyond the transient period required to complete a user-initiated upload.

These restrictions apply to all supported platforms, including but not limited to: Meta (Instagram, Facebook, Threads), Pinterest, LinkedIn, TikTok, X (Twitter), YouTube, Bluesky, Google Business Profile, and Shopify.

7.4 Shopify — App Store & Protected Data Compliance

ViralFarm's Shopify integration is built and maintained in accordance with the Shopify App Store requirements checklist, the Shopify API Terms of Service, the Shopify Partner Program Agreement, and the Protected Customer Data requirements. Specifically:

  • We request the minimum necessary scopes (product read access) and do not request access to orders, customers, checkouts, or payment data.
  • All Shopify Admin API calls are authenticated using a per-shop encrypted access token and are made over HTTPS/TLS.
  • All incoming Shopify webhooks are HMAC-verified against our shared secret before any action is taken.
  • We implement Shopify's mandatory compliance webhooks: customers/data_request, customers/redact, and shop/redact.
  • Shopify product data is used solely to render previews and to help the authorizing merchant generate social content — it is never sold, rented, shared with other merchants, used to build competing products, or used to train AI models on behalf of third parties.

8. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Analytics Cookies: Help us understand how the Service is used (e.g., page views, feature usage). You may opt out via your browser settings.

We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at hi@myviral.farm.

10. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

© 2026 MyViral.Farm. All Rights Reserved.

Annie Yang T/A MyViral.Farm

Terms of Service