Privacy Policy
Last Updated: June 16, 2026
1. Introduction
Army Automate ("we," "our," or "us") operates the armyautomate.org website and the Army Automate automation platform. This Privacy Policy explains how we collect, use, store, protect, and share information when you use our services, including our integrations with Google API Services (specifically the YouTube Data API v3) and the Meta Platform (specifically the Facebook Graph API for Facebook Pages management).
By using our services, you agree to the collection and use of information in accordance with this policy.
2. Google User Data — What We Access
When you connect your YouTube account to Army Automate via Google OAuth 2.0, we request access to the following specific types of Google user data:
- YouTube Upload Scope (
youtube.upload): We access this scope to upload videos to your YouTube channel on your behalf as part of your configured automation pipelines. - YouTube Read-Only Scope (
youtube.readonly): We access this scope to display your channel name, profile picture, subscriber count, video count, and view count on your Army Automate dashboard.
We access only the data necessary to provide these features. Specifically, the Google user data we collect includes:
- OAuth 2.0 Tokens: An access token (short-lived) and a refresh token (long-lived) issued by Google to authenticate API requests on your behalf.
- YouTube Channel Metadata: Your channel name, channel ID, profile thumbnail URL, subscriber count, video count, and total view count — displayed solely on your dashboard.
We do not access, collect, or store your Google account password, email address, Gmail content, Google Drive files, or any other Google data beyond the YouTube scopes listed above.
3. Google User Data — How We Use It
We use the Google user data we collect exclusively to provide the following services:
- Video Uploads: Your OAuth tokens are used to authenticate with the YouTube Data API v3 to upload videos to your channel when you submit an upload request through our dashboard or our n8n automation API endpoint.
- Dashboard Display: Your channel metadata (name, profile picture, statistics) is retrieved in real time using the YouTube Data API and displayed on your personal Army Automate dashboard. This data is not cached or stored permanently.
We do not use your Google user data to serve advertisements, for market research, to build user profiles for third parties, or for any purpose unrelated to the features described above.
4. Google User Data — Storage & Protection
We take the security of your data seriously. The following measures are in place to protect your Google user data:
- Encrypted Storage: Your OAuth tokens (access token and refresh token) are stored in a secured PostgreSQL database on our private server. Database access is restricted to the application service account only.
- HTTPS Only: All communication between your browser, our server, and Google's API servers is conducted over HTTPS/TLS encrypted connections. We enforce HTTPS on all pages of our application.
- No Client-Side Storage: OAuth tokens are never stored in cookies, local storage, or any client-side mechanism. Tokens are handled exclusively on the server side.
- Session Security: Web sessions use secure, HTTP-only, SameSite cookies with a 1-hour expiration to prevent cross-site request forgery (CSRF) and session hijacking.
- Access Control: Server access is restricted to authorized administrators only. Database credentials are stored in server-side configuration files that are not accessible via the web.
- No Sharing: We do not sell, rent, trade, transfer, or disclose your Google user data to any third parties, advertising networks, data brokers, or any other external entity. Your data stays on our servers and is used solely to provide our services to you.
5. Google User Data — Retention & Deletion
Retention: We retain your OAuth tokens only for as long as your account is active and connected to our service. Channel metadata (name, stats, profile picture) is fetched in real time from the YouTube API on each dashboard visit and is not permanently stored in our database.
Automatic Expiration: Access tokens expire automatically after approximately 1 hour. We use your refresh token to obtain new access tokens only when needed to fulfill your upload requests. If a refresh token becomes invalid, we prompt you to re-authorize.
User-Initiated Deletion: You may request the deletion of all your data at any time by:
- Clicking the "Delete My Data" button on your Army Automate dashboard, which immediately removes all stored tokens and account data from our database.
- Emailing us at support@armyautomate.org with the subject line "Delete My Data." We will process your request and permanently delete all your data within 7 business days and confirm deletion via email.
Revoking Access: You may also revoke Army Automate's access to your Google account at any time by visiting your Google Account Permissions page. Once revoked, our stored refresh token will no longer function and we will be unable to access your YouTube account.
Account Disconnection: When you click "Disconnect" on your dashboard, your OAuth tokens are immediately invalidated and removed from our database.
6. Google API Services — Limited Use Disclosure
Army Automate's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In accordance with the Limited Use requirements, Army Automate:
- Only uses Google user data to provide and improve the user-facing features described in this policy.
- Does not transfer Google user data to third parties unless necessary to provide the service, with user consent, or as required by law.
- Does not use Google user data to serve advertisements.
- Does not allow humans to read Google user data unless we have your explicit consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.
7. Facebook/Meta User Data — What We Access
When you connect your Facebook account to Army Automate via Facebook Login (OAuth 2.0), we request access to the following specific Facebook permissions:
- Pages Show List (
pages_show_list): We access this permission to retrieve a list of Facebook Pages you manage, allowing you to select which Pages to manage within our platform. - Pages Read Engagement (
pages_read_engagement): We access this permission to retrieve engagement metrics, analytics, and audience demographic data for your selected Facebook Pages. - Pages Manage Posts (
pages_manage_posts): We access this permission to create, edit, schedule, and delete posts on your selected Facebook Pages on your behalf. - Pages Manage Metadata (
pages_manage_metadata): We access this permission to read and manage settings and metadata for your selected Facebook Pages.
We access only the data necessary to provide these features. Specifically, the Facebook user data we collect includes:
- Facebook OAuth Tokens: A user access token and page access tokens issued by Facebook to authenticate API requests on your behalf.
- User Profile Information: Your Facebook user ID, name, and email address — used to identify your account within our platform.
- Page Information: Page IDs, page names, categories, profile pictures, and fan/follower counts for Pages you manage.
- Page Engagement Metrics: Page views, unique visitors, engagement counts, follower growth, post engagement statistics, and audience demographics (age, gender, country distribution) — displayed on your analytics dashboard.
- Post Data: Content of posts created, edited, or managed through our platform, including text, images, videos, links, and scheduling metadata.
We do not access, collect, or store your Facebook account password, private messages, friend lists, personal timeline content, or any Facebook data beyond the permissions listed above.
8. Facebook/Meta User Data — How We Use It
We use the Facebook user data we collect exclusively to provide the following services:
- Page Selection & Management: Your page list data is used to allow you to select which Facebook Pages to manage within the Army Automate dashboard. Page metadata (name, category, follower count) is displayed for identification purposes.
- Analytics Dashboard: Page engagement metrics (views, reach, engagement, followers, demographics) are retrieved using the Facebook Graph API and displayed on your Army Automate dashboard. Metrics data is fetched in real time and is not permanently cached.
- Post Management: Your page access tokens are used to create, edit, schedule, and delete posts on your selected Facebook Pages when you perform these actions through our dashboard.
- Page Settings: Page metadata access allows you to view and manage page settings from within our platform.
We do not use your Facebook user data to serve advertisements, for market research, to build user profiles for third parties, or for any purpose unrelated to the features described above.
9. Facebook/Meta User Data — Storage & Protection
The following measures are in place to protect your Facebook user data:
- Encrypted Storage: Your Facebook OAuth tokens (user access token and page access tokens) are stored in a secured PostgreSQL database on our private server. Database access is restricted to the application service account only.
- HTTPS Only: All communication between your browser, our server, and Facebook's API servers is conducted over HTTPS/TLS encrypted connections.
- No Client-Side Token Storage: Facebook access tokens are never stored in cookies, local storage, or any client-side mechanism. Tokens are handled exclusively on the server side.
- Page Selections: Your selected Facebook Pages are stored in our database to persist your dashboard configuration. This data is associated with your account and is not shared externally.
- No Permanent Metrics Storage: Engagement metrics and audience demographics are fetched in real time from the Facebook Graph API on each dashboard visit and are not permanently stored in our database.
- Access Control: Server access is restricted to authorized administrators only. Database credentials are stored in server-side configuration files that are not accessible via the web.
- No Sharing: We do not sell, rent, trade, transfer, or disclose your Facebook user data to any third parties, advertising networks, data brokers, or any other external entity.
10. Facebook/Meta User Data — Retention & Deletion
Retention: We retain your Facebook OAuth tokens and page selection data only for as long as your account is active and connected to our service. Engagement metrics and analytics data are fetched in real time and are not permanently stored.
Token Management: Facebook access tokens have limited lifetimes. We use long-lived tokens where necessary to maintain your service connection. If a token becomes invalid, we prompt you to re-authorize.
User-Initiated Deletion: You may request the deletion of all your Facebook data at any time by:
- Clicking the "Delete My Data" button on your Army Automate dashboard, which immediately removes all stored Facebook tokens, page selections, and account data from our database.
- Emailing us at support@armyautomate.org with the subject line "Delete My Data." We will process your request and permanently delete all your data within 7 business days and confirm deletion via email.
Revoking Access: You may also revoke Army Automate's access to your Facebook account at any time by visiting your Facebook App Settings page and removing our app. Once revoked, our stored tokens will no longer function and we will be unable to access your Facebook Pages.
Account Disconnection: When you disconnect your Facebook account from our dashboard, your Facebook OAuth tokens and page data are immediately removed from our database.
11. Meta Platform Terms — Compliance Disclosure
Army Automate's use of data received from Meta Platform APIs complies with the Meta Platform Terms and the Meta Developer Policies.
In accordance with Meta's requirements, Army Automate:
- Only uses Facebook user data to provide and improve the user-facing features described in this policy.
- Does not sell, license, or purchase Facebook user data.
- Does not transfer Facebook user data to any advertising network, data broker, or other advertising or monetization-related service.
- Does not use Facebook user data to perform surveillance, or to provide data to entities that facilitate surveillance.
- Does not use Facebook user data in a way that discriminates against or harms users.
- Processes Facebook user data only in accordance with this privacy policy, applicable laws, and Meta's Platform Terms.
12. Non-Platform Information We Collect
In addition to Google and Facebook user data, we may collect the following when you use our website:
- Server Logs: Standard web server access logs including IP address, browser type, and pages visited. These are used for security monitoring and troubleshooting only.
- Session Data: Temporary session identifiers used to maintain your login state while using the dashboard.
We do not collect personal information beyond what is described in this policy.
13. Information Sharing and Disclosure
We do not share, sell, or disclose your personal information, Google user data, or Facebook user data to any third parties except in the following limited circumstances:
- With your explicit consent
- To comply with applicable law, regulation, legal process, or enforceable governmental request
- To protect rights and safety — to enforce our Terms of Service, protect our rights, privacy, safety, or property, or that of our users or the public
14. Cookies
We use session cookies strictly to maintain your authentication state while using the Army Automate dashboard. These cookies are:
- Secure (transmitted only over HTTPS)
- HTTP-only (not accessible via JavaScript)
- Set with SameSite=Lax to prevent CSRF attacks
- Automatically expire after 1 hour of inactivity
We do not use tracking cookies, analytics cookies, or advertising cookies.
15. Children's Privacy
Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically.
17. Contact Us
If you have any questions about this Privacy Policy, your data, or how we handle Google or Facebook user data, please contact us:
- Email: support@armyautomate.org
- Subject Line: "Privacy Policy Inquiry" or "Delete My Data"
We will respond to all privacy-related inquiries within 7 business days.