imaoi Privacy Policy
Last updated: 18 May 2026
This policy explains what information imaoi (operated from the United Kingdom) collects, how it is used, and your rights under UK GDPR and the Data Protection Act 2018.
1. Who we are
imaoi is operated by an independent solo creator based in the United Kingdom. For all data-protection enquiries, contact imaoi.uk@proton.me. The operator acts as data controller for any personal data processed through this service.
2. What data we collect
imaoi is a self-hosted scheduling dashboard. We collect only what is necessary to authenticate to social platforms and operate the service:
- OAuth tokens issued by TikTok, Instagram (Meta), and X when the operator connects an account. Stored encrypted at rest on infrastructure hosted in the EU.
- Account identifiers returned by those platforms (e.g. user ID, handle, display name) for the connected creator account only.
- Post metadata the operator schedules through the dashboard (caption text, media files, scheduled publish time, content tags).
- Post performance metrics retrieved from each platform's API for posts the operator has published (likes, comments, reach).
- Server logs from the underlying VPS for security and uptime monitoring (timestamp, source IP, request path). Retained for 30 days.
imaoi does not collect data on visitors to imaoi.uk. There are no analytics scripts, no advertising trackers, and no cookies served by this website beyond what Caddy may set for HTTPS session handling.
3. How we use the data
- To authenticate with TikTok, Instagram, and X on the operator's behalf using each platform's official Content Posting API.
- To schedule and publish content the operator has explicitly queued.
- To retrieve performance metrics for the operator's own published posts, used solely to inform future content decisions.
- To operate, secure, and debug the self-hosted infrastructure.
We do not sell, rent, or share personal data with third parties for marketing purposes.
4. Third-party processors
imaoi uses the following sub-processors. Each operates under its own privacy policy:
- TikTok — Content Posting API and Login Kit (when the operator connects a TikTok account)
- Meta / Instagram — Instagram Graph API (when the operator connects an Instagram account)
- X (formerly Twitter) — X API v2 (when the operator connects an X account)
- Hetzner — EU-region VPS hosting
- Cloudflare — DNS, R2 object storage, and TLS termination
- Turso — managed LibSQL database for post and metric storage
- Upstash — managed Redis for job queues and rate limiting
- Postiz (self-hosted) — the scheduling application served at
postiz.imaoi.uk - n8n (self-hosted) — workflow automation served at
n8n.imaoi.uk
5. Data retention
- OAuth tokens are retained until the operator disconnects the relevant social account, after which they are revoked and deleted within 30 days.
- Scheduled-post drafts are retained until the operator deletes them.
- Published-post metadata and metrics are retained for the operating lifetime of the service for performance analysis.
- Server logs are rotated and deleted after 30 days.
6. Your rights under UK GDPR
If you believe imaoi holds personal data relating to you, you have the right to:
- Request access to that data
- Request correction of inaccurate data
- Request erasure ("right to be forgotten")
- Object to processing or request restriction of processing
- Data portability where applicable
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk
To exercise any of these rights, contact imaoi.uk@proton.me. We will respond within one month.
7. Cookies
The imaoi.uk public website does not set any cookies. The authenticated dashboard at postiz.imaoi.uk uses a strictly necessary session cookie to maintain login state — no advertising or analytics cookies.
8. International transfers
Data is stored on infrastructure located in the European Union (Hetzner, Germany) and on Cloudflare's global network. When data is transmitted to TikTok, Meta, or X, those platforms may transfer it outside the UK under their own safeguards.
9. Children
imaoi is not directed at, and does not knowingly process data from, children under 18. All content produced through this service is adult-coded and clearly labelled AI-generated.
10. Changes
We may update this policy. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be reflected by updating that date and revising the relevant section.