Legal

Privacy Policy

Last updated March 16, 2026

Roha ("we", "us", "our") is a social media management tool that helps small businesses create and publish posts using AI. This policy explains what data we collect, why, and how we protect it.

01

Data We Collect

We collect only what is necessary to provide the service:

Account info

Name, email address, and a securely hashed password.

Business profile

Business name, industry, and preferred tone of voice.

Connected platforms

Facebook and Instagram page access tokens, stored encrypted.

Generated content

Post text, uploaded images, and scheduling preferences.

02

How We Use Your Data

  • Generate social media posts tailored to your business using AI.
  • Publish posts to your connected Facebook and Instagram pages on your behalf.
  • Store images you upload for use in scheduled posts.
  • Authenticate your sessions and keep your account secure.
03

AI Processing

When you generate a post, your business profile and key points are sent to Anthropic's Claude API. Anthropic does not train on your data. No personal information (email, password, access tokens) is ever sent to the AI — only business context and the content you provide for post generation.

04

Third-Party Services

We share data with these providers only as needed to operate the service:

Anthropic (Claude API) — Receives business context and key points to generate post content.
Meta (Facebook & Instagram) — Receives post content and images when you publish to a connected page.
Cloudflare (R2 Storage) — Stores uploaded images for scheduled posts.
Stripe — Handles subscription billing. We never see or store your card details.
05

What We Don't Do

  • Sell or rent your data to anyone.
  • Use tracking cookies or third-party analytics.
  • Share your data with advertisers.
  • Train AI models on your content.
06

Cookies

We use a single authentication cookie (JWT) to keep you signed in. That's it — no tracking cookies, no analytics pixels, no fingerprinting.

07

Data Security

Passwords are hashed using bcrypt. Access tokens are stored encrypted. All connections use HTTPS. We follow security best practices, but no system is 100% secure — we'll notify you promptly if a breach occurs.

08

Data Deletion

You can request deletion of your account and all associated data at any time by emailing us. We will remove your data within 30 days of your request, including any content stored with third-party providers.

hello@roha.social
09

Changes to This Policy

We may update this policy from time to time. If we make material changes, we'll notify you via email or an in-app notice. Continued use of Roha after changes constitutes acceptance.

10

Contact

Questions about this policy? We're happy to help.

hello@roha.social