Legal · Privacy

Privacy Policy

Effective: 26 April 2026 · Last updated: 26 April 2026

1. Who we are and what this policy covers

This Privacy Policy explains how YBA Edge, a brand of YBA Systems (collectively "YBA Edge", "we", "us", "our"), collects, uses, shares, retains, and protects personal information when you interact with our websites and services. It applies to:

The agency website at https://ybaedge.com.
The link-in-bio site at https://links.ybaedge.com.
The self-hosted social posting platform branded YBA Edge Social at https://socialdrip.ybaedge.com (a YBA Edge–rebranded deployment of the open-source Postiz application).
Any agency Services we provide to you under an engagement letter — clip production, scheduling, account management, and reporting.

YBA Edge is the data controller (POPIA: responsible party) for the personal information described in this policy. Our contact details are at the end of this page.

2. Information we collect

2.1 Information you give us directly

Category	Examples	Why
Identity & contact	Name, email, phone, business name, country	Onboarding, billing, support
Billing	Invoicing details; payment is processed by third-party providers — we do not store full card numbers	Process payments
Brand intake	Voice profile, target audience, no-go topics, competitor lists	Produce on-brand content
Source material	Long-form video, voice notes, briefs, scripts, logos, assets you upload	Clip production and posting
Correspondence	Emails, support tickets, chat messages	Provide support, keep contractual records

2.2 Information from your social media accounts (OAuth)

When you connect a social media account to YBA Edge Social via OAuth, we receive — only with your explicit consent during the platform's own consent screen — a limited, scoped access token. We store this token encrypted at rest. We do not receive or store your platform passwords. The exact data we receive depends on the platform and the scopes you approve:

Platform	Typical scopes / data we receive	What we do with it
TikTok	Display name, username, profile avatar, open ID, follower count, basic profile metadata; permission to upload and publish videos on your behalf; read your own video performance metrics for reporting.	Display your account inside YBA Edge Social so you can confirm correct connection; upload and publish the clips we produce per your instructions; read aggregate view/like/share counts for the weekly performance report.
YouTube (Google OAuth)	Channel ID, channel name, channel avatar; permission to upload, manage, and read insights for videos on your channel.	Publish Shorts on your behalf; read public + own-channel analytics for reporting.
Meta (Facebook + Instagram)	Pages and Business accounts you administer; profile details for those accounts; permission to publish content and read insights.	Publish Reels and Page posts on your behalf; read insights for reporting.
Snapchat	Account identifier, display name; permission to publish to Spotlight and read public insights.	Publish clips and read post-level performance.

We do not sell, rent, or share your social media data with third parties for marketing or advertising.OAuth tokens are used solely to deliver the Services you have ordered.

2.3 Information collected automatically

Server logs: IP address, user agent, request URL, timestamps, and HTTP status codes, retained for security, debugging, and abuse-prevention.
Cookies and similar technologies: Session cookies for keeping you logged into YBA Edge Social. Functional cookies for remembering preferences. We do not run third-party advertising trackers on our properties.
Click telemetry: The agency site logs anonymous click events on outbound links (CTA buttons, footer links) for first-party conversion analytics. The data captured is the link slug, the referring URL, and the user agent — no name, no email, no IP at the application layer.

3. How we use your information

We use personal information for the following purposes, on the following lawful bases:

Purpose	Lawful basis (POPIA / GDPR)
Provide, operate, and improve the Services	Performance of a contract with you
Connect to your social platforms via OAuth and publish on your behalf	Your explicit consent at the OAuth screen
Process payments and send invoices	Performance of a contract
Send transactional and operational emails (onboarding, reports, account notices)	Performance of a contract
Respond to support requests and correspondence	Legitimate interest in supporting Clients
Detect, prevent, and respond to fraud, abuse, and security incidents	Legitimate interest in keeping the Services secure
Comply with legal, tax, and accounting obligations	Legal obligation
Send marketing emails (only to Clients or those who opt in)	Consent (you can withdraw at any time)

We do not use your personal information or content to train any third-party AI / large-language-model service. AI features used internally (for clip generation and caption drafting) operate on the source material you provide and only for the purpose of producing your deliverables.

4. Who we share information with

We share personal information only with the following categories of recipients, and only to the extent needed:

Destination social platforms. When we publish on your behalf via OAuth, your content and any metadata you have approved (captions, hashtags, scheduling) are transmitted to TikTok, YouTube, Meta, or Snapchat per your instructions and per their developer terms.

Sub-processors and infrastructure providers. We use a small set of third parties to run the Services. Each is bound by contractual confidentiality and data-protection terms.

Provider	Role	Region
Hostinger / VPS provider	Server hosting for YBA Edge Social and supporting infrastructure	EU / global
Cloudflare	DNS, edge TLS, DDoS protection	Global
Email delivery provider	Transactional and report email delivery	EU / US
Payment provider	Invoicing and payments — full card data stays with the provider	Per provider

Professional advisors. Lawyers, accountants, and auditors when required for legal, tax, or compliance purposes.
Authorities. If required by law, court order, or a binding regulatory request.
In a business transfer. If YBA Edge or YBA Systems is involved in a merger, acquisition, restructuring, or asset sale, your information may be transferred as part of that transaction. We will notify you and offer choices where the law requires.

We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

5. Data retention

Data type	Retention
OAuth tokens	Encrypted, retained while your engagement is active. Revoked and deleted within 60 days of off-boarding or upon your request.
Clip library, captions, schedule history	Retained while engagement is active and for up to 60 days post-termination, to support data export. Deleted thereafter; backups purged on a rolling 30-day rotation.
Brand intake and voice profile	Same as clip library.
Billing records, invoices, contracts	Retained for at least 5 years to comply with South African tax and accounting obligations.
Support correspondence	Retained for up to 3 years for service quality and dispute purposes.
Server / security logs	Retained for up to 90 days, longer where an incident is under investigation.

6. Your rights

Depending on where you live, you have some or all of the following rights regarding your personal information:

Access. Request a copy of the personal information we hold about you.
Correction. Ask us to fix inaccurate or incomplete data.
Deletion / Erasure. Ask us to delete your data, subject to legal retention obligations.
Restriction / Objection. Restrict or object to certain processing activities.
Portability. Receive your data in a structured, commonly used, machine-readable format.
Withdraw consent. Withdraw consent for processing that is based on consent (including OAuth — by revoking access from the source platform's developer settings).
Lodge a complaint. File a complaint with a supervisory authority. In South Africa, this is the Information Regulator. In the EU/EEA, your local Data Protection Authority. For California residents, the California Attorney General.

To exercise any right, email richard@ybasystems.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

7. Revoking OAuth access

Because OAuth permissions are issued by the destination platform, you can revoke our access at any time, directly from that platform — you do not need our cooperation:

TikTok: Settings → Security & permissions → Manage app permissions, or via the TikTok permissions page.
YouTube / Google: myaccount.google.com/permissions.
Facebook / Instagram: Settings → Apps and Websites, or via Facebook app settings.
Snapchat: Settings → Connected apps.

Once revoked, our token becomes invalid immediately and we can no longer post on your behalf or read insights from that account. We will purge the corresponding token from our systems within 30 days.

8. International transfers

YBA Edge is based in South Africa, but some of our sub-processors operate in the EU, the UK, and the United States. Where we transfer personal information outside South Africa or the EU/EEA, we rely on appropriate safeguards required by POPIA, the GDPR, and the UK GDPR — including standard contractual clauses, binding processing agreements with sub-processors, and the destination provider's own compliance certifications.

9. Security

We protect your information with administrative, technical, and physical safeguards proportionate to the sensitivity of the data — including TLS in transit, encryption of OAuth tokens at rest, role-based access control, and regular backups stored on independent infrastructure. No system is perfectly secure; we cannot guarantee absolute security but we do commit to reasonable, industry-standard practice and to notifying affected Clients without undue delay if a breach occurs that materially affects their data.

10. Children

The Services are not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will delete it.

11. Cookies

The Agency Site uses minimal first-party cookies and similar technologies for: (a) keeping you logged into YBA Edge Social if you operate it; (b) remembering UI preferences; (c) anonymous first-party click telemetry on outbound buttons. The Agency Site does not run third-party advertising or cross-site tracking cookies. You can control or block cookies through your browser; doing so may affect some functionality on YBA Edge Social.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of the page and, for active Clients, notify by email at least seven (7) days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

13. Contact us

For privacy questions, requests to exercise your rights, or to report a concern:

YBA Edge — A YBA Systems brandEmail: richard@ybasystems.com
Site: https://ybaedge.com
Parent: YBA Systems · Republic of South Africa

Supervisory authority (South Africa): Information Regulator