Privacy Policy
Summary: Fly Media Social Connector lets you link your social media accounts (YouTube, Meta, TikTok, and others) to your Fly Studio workspace. We access your channel analytics read-only. We never post, edit, or delete content on your behalf. Connecting your accounts is optional and can be revoked at any time. Read on for the full picture.
1. Who We Are
Fly Media Social Connector is a service operated by Fly Media, Inc., a Delaware corporation ("we," "us," or "our"), accessible at flymedia.ai. This application works in conjunction with Fly Studio (studio.flymedia.ai), our AI-powered video production platform.
This Privacy Policy governs the collection, use, and storage of data obtained through the Social Connector authorization flow. It applies to all users who connect a third-party social media account to their Fly Studio workspace, regardless of their country of residence.
By authorizing Fly Media Social Connector, you agree to the practices described in this policy.
2. What This App Does
Fly Media Social Connector is an OAuth authorization layer. Its sole purpose is to request permission from third-party social media platforms on your behalf so that Fly Studio can retrieve analytics and performance data from those platforms.
Specifically, once you authorize a platform connection, Fly Studio can:
- Fetch analytics and performance metrics from your connected channels (views, watch time, engagement, audience demographics, reach, impressions, etc.).
- Display consolidated performance dashboards within your Fly Studio workspace.
- Use aggregated channel data to inform AI-powered content recommendations and generation features within Fly Studio (optional, see Section 6).
This application does not publish, schedule, edit, delete, or modify any content on your connected accounts. All API access is strictly read-only.
The platforms currently supported are:
Additional platforms may be added in the future. This policy will be updated accordingly and you will be notified before any new data collection begins.
3. Data We Collect
We collect only the data necessary to provide the analytics and AI features described in this policy. All data is fetched via official, documented APIs provided by each platform.
3.1 Authorization tokens
When you authorize a platform connection, the platform issues us an OAuth access token and, where provided, a refresh token. These tokens allow us to call the platform's API on your behalf. Tokens are encrypted at rest using AES-256 and are never shared with third parties.
3.2 Channel & account identifiers
We store the platform-specific channel or account ID(s) you authorize, along with the channel name and associated Fly Studio workspace. This lets us correctly route fetched data to your workspace.
3.3 Analytics & performance data
| Platform | Data retrieved | Scope / permission |
|---|---|---|
| YouTube | Video metadata, views, watch time, subscribers gained/lost, impressions, click-through rate, audience demographics (age, gender, geography), traffic sources, revenue (if monetized) | https://www.googleapis.com/auth/yt-analytics.readonlyhttps://www.googleapis.com/auth/youtube.readonly |
| Instagram / Facebook | Post reach, impressions, engagement rate, follower growth, story views, profile visits, audience demographics | Meta Graph API: instagram_basic, instagram_manage_insights, pages_read_engagement |
| TikTok | Video views, likes, shares, comments, follower count, profile views, audience demographics | TikTok Research API: user.info.basic, video.list |
We do not collect: private messages or DMs, comments authored by other users, passwords, payment information, or any data beyond what is listed above.
3.4 Usage & operational data
We log standard server-side data (IP address, timestamp, API response codes) for security monitoring and debugging. This data is retained for up to 90 days and is never used for profiling or advertising.
4. Google API Services Disclosure
Fly Media Social Connector's use of information received from Google APIs (including data obtained via the YouTube Analytics API and YouTube Data API) complies with the Google API Services User Data Policy, including its Limited Use requirements.
Specifically, we use YouTube API data to:
- Display performance analytics dashboards inside your Fly Studio workspace.
- Power AI-driven content insights and creative recommendations, solely within the Fly Studio context and only with your opt-in (see Section 6).
We do not use YouTube API data for any purpose not directly described in this policy or disclosed to you at the time of authorization.
5. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Authenticate and maintain platform connections | OAuth tokens, channel identifiers | Performance of contract / Consent |
| Fetch and display analytics dashboards in Fly Studio | Performance metrics, audience demographics | Performance of contract / Consent |
| Scheduled background data sync | OAuth tokens (used server-side only) | Performance of contract / Legitimate interest |
| AI-powered content insights and agent personalization (optional) | Aggregated channel performance data | Consent (explicit opt-in required) |
| Security monitoring and abuse prevention | IP address, log data | Legitimate interest / Legal obligation |
| Comply with applicable law | Any data required by legal process | Legal obligation |
We do not use your data for advertising, behavioral profiling, sale to data brokers, or any purpose not listed above.
6. AI-Powered Features
Fly Studio includes optional AI agents that analyze your connected channel data to generate tailored content recommendations, script suggestions, and production insights. These features are designed to adapt to your content style and audience behavior over time.
This feature is entirely optional. AI-powered personalization is disabled by default. You must explicitly enable it within Fly Studio's settings. It can be turned off or revoked at any time without affecting your core analytics access.
When you opt in to AI-powered features, we use your channel performance data to:
- Identify content patterns, formats, and topics that perform well with your specific audience.
- Provide AI-generated script and production suggestions calibrated to your channel's voice and style.
- Surface trend insights relevant to your content niche and platform.
Your analytics data is never used to train general-purpose AI or machine learning models shared across users. Any model personalization happens within the context of your Fly Studio workspace only.
To disable AI personalization, navigate to Fly Studio → Settings → Connected Accounts → AI Personalization and toggle it off. Your data will be removed from the personalization layer within 30 days.
7. Data Sharing & Sub-Processors
We do not sell, rent, or trade your data. We share data only with the sub-processors listed below, solely to operate the service:
| Provider | Role | Data shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, storage, and compute | All platform data is stored on AWS infrastructure (US East, N. Virginia). Encrypted at rest and in transit. |
| Google LLC | YouTube / Google OAuth API provider | API calls are made to Google's servers to retrieve analytics data you have authorized. No personal data is sent back to Google beyond standard API request headers. |
| Meta Platforms, Inc. | Instagram / Facebook Graph API provider | API calls are made to Meta's servers to retrieve Instagram and Facebook analytics data you have authorized. No personal data is sent back to Meta beyond standard API request headers. |
| TikTok Technology Limited | TikTok API provider | API calls are made to TikTok's servers to retrieve analytics data you have authorized. No personal data is sent back to TikTok beyond standard API request headers. |
We may also disclose data when required by law, court order, or to protect the safety and rights of our users and company. In the event of a merger or acquisition, affected users will be notified before any transfer of data takes effect.
8. Data Retention
| Data type | Retention period |
|---|---|
| OAuth access & refresh tokens | Until the connection is revoked by the user |
| Channel identifiers & connection metadata | Until the connection is revoked or account is deleted |
| Analytics & performance data | Until the associated platform connection is revoked |
| AI personalization layer data | Until AI personalization is disabled (purged within 30 days of opt-out) |
| Server logs & operational data | Up to 90 days, then automatically purged |
| Data following account deletion | Permanently deleted within 30 days of verified deletion request |
When data is deleted, it is removed from active systems within 30 days and from backup infrastructure within 90 days.
9. Security
We employ industry-standard technical and organizational measures to protect your data and your connected account credentials:
- All OAuth tokens are stored encrypted using AES-256 at rest and are never exposed in client-facing responses.
- All data in transit is encrypted using TLS 1.2 or higher.
- Platform connections are scoped to the minimum permissions required: read-only scopes only.
- Access to production systems and stored tokens is restricted to authorized personnel under role-based access controls.
- We conduct periodic security reviews of API integrations and token handling.
No method of electronic storage or transmission is 100% secure. If you believe your connected account has been accessed without authorization, revoke the connection immediately within Fly Studio and contact us at security@flymedia.ai.
10. Your Rights & Controls
10.1 Revoking a platform connection
You may revoke access to any connected platform at any time, directly within Fly Studio → Settings → Connected Accounts. Upon revocation:
- We immediately stop fetching new data from that platform.
- All stored tokens and analytics data associated with that connection are permanently deleted within 30 days.
- Your Fly Studio account and Studio-native content remain unaffected.
You may also revoke access directly through each platform's own security settings (e.g., Google Account Permissions, Meta's App Settings, TikTok's Privacy and Safety settings). Revoking access at the platform level will cause our tokens to expire; we will detect this and remove the connection from your workspace automatically.
10.2 Additional rights
Depending on your jurisdiction, you may also have the right to:
- Access: Request a copy of the personal data and channel analytics we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request permanent deletion of all data associated with your connections.
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request that we restrict processing in certain circumstances.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Withdraw any consent at any time without affecting prior lawful processing.
To exercise any of these rights, email privacy@flymedia.ai. We will respond within 30 days and may need to verify your identity before processing your request.
If you are located in the European Economic Area, United Kingdom, or Brazil, you may also lodge a complaint with your local data protection authority.
California residents (CCPA/CPRA): You have the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by California law.
11. Children's Privacy
Fly Media Social Connector is intended for users who are at least 16 years old (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data or social media analytics from individuals under 16. If you believe a minor has connected an account, please contact privacy@flymedia.ai and we will delete the associated data promptly.
12. International Data Transfers
Fly Media, Inc. is incorporated in Delaware, United States, and our infrastructure runs on AWS in the US East (N. Virginia) region. If you access the service from outside the United States, your data will be transferred to and processed in the United States.
For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission as the legal mechanism for international data transfers, where applicable.
For users in Brazil, we process data in compliance with the Lei Geral de Proteção de Dados (LGPD (Law No. 13,709/2018)).
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, integrations, legal requirements, or the platforms we support. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to the address associated with your Fly Studio account at least 14 days before the changes take effect.
- Display a prominent notice within Fly Studio for significant changes.
Your continued use of connected platform features after the effective date constitutes acceptance of the updated policy. If you do not agree, you may revoke all connections before the effective date at no consequence to your Fly Studio account.
14. Contact Us
For questions, requests, or concerns regarding this Privacy Policy or your connected account data, please reach out:
Fly Media, Inc., Privacy Team
1209 Orange Street, Wilmington, DE 19801, USA
Privacy inquiries: privacy@flymedia.ai
Security issues: security@flymedia.ai
Support: support@flymedia.ai
Website: flymedia.ai