Xpandeo

Xpandeo Privacy & OAuth Data Use

This privacy statement explains how Xpandeo accesses, uses, stores, shares, and deletes OAuth data obtained from Google and other social platforms so you can confidently run your publishing workflows.

Overview

When you connect Google (including YouTube), TikTok, or Instagram accounts to Xpandeo, the respective provider issues encrypted access tokens and profile data that match the scopes you approved. Xpandeo uses these tokens solely to deliver the connected publishing features, keeps them encrypted at rest, and never sells your data.

Google User Data Accessed

With your consent, Xpandeo requests Google OAuth scopes limited to video publishing and channel insights. Depending on the features you enable, we may access:

  • YouTube channel identifiers, titles, thumbnails, and branding metadata.
  • Video upload, playlist, and caption scopes required to publish content you author.
  • Processing states, error codes, and analytics you explicitly pull into Xpandeo.
  • OAuth refresh tokens where granted so approved automations remain functional.

How We Use Google User Data

  • Authenticate scheduled or manual publishing jobs that you initiate.
  • Display accurate account identity, thumbnails, and processing feedback inside Xpandeo.
  • Refresh expiring tokens to maintain previously approved workflows, subject to Google OAuth policies.
  • Generate analytics dashboards only for the metrics you request.

We do not build advertising profiles, train machine-learning models, or use Google user data for purposes other than those you trigger within the product.

Sharing of Google User Data

Xpandeo does not sell or trade Google user data. We only share it with:

  • Trusted infrastructure providers (cloud hosting, monitoring, customer support) that act as processors under confidentiality obligations.
  • Regulators or authorities if required to comply with applicable law or enforce our terms.

No Google user data is shared with other customers or third parties for marketing or analytics beyond the services you request.

Storage & Protection

Access tokens and retrieved Google user data are stored in encrypted databases within the United States. We follow the principle of least privilege, restrict employee access to a vetted operations team, and monitor systems for unauthorized use. Data in transit is protected with TLS 1.2+ and all secrets are rotated on a regular cadence.

Retention & Deletion

  • Google access tokens and cached channel metadata are retained only while the integration remains connected.
  • When you disconnect in Xpandeo or revoke access from your Google Security settings, we delete tokens and related caches within 30 days.
  • Published content, analytics, and audit logs that you store in Xpandeo persist until you delete them or request removal, subject to legal retention obligations.
  • Deletion requests can be submitted any time to team@xpandeo.com and are fulfilled within 30 days.

Other Connected Platforms

For TikTok and Instagram, Xpandeo collects the minimum profile, media, and publishing permissions required to deliver the features you activate. The same usage, sharing, storage, and deletion principles described above apply to those integrations.

Your Controls & Support

You can revoke OAuth scopes at any time from Google Security, TikTok account settings, or Meta Business Integrations. Xpandeo automatically detects revoked tokens and disables the integration until you reconnect. For privacy questions, data exports, or other support, email team@xpandeo.com and we will respond within 30 days.