Introduction
Welcome to OkieDoke, a minimalist tool for social media managers to streamline client approval workflows. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.
Effective Date:This policy applies to all users of OkieDoke's web application and related services.
Information We Collect
Account Information (via Clerk Authentication)
When you create an account, we collect information from Clerk:
| Data | Source | Purpose |
|---|---|---|
| User ID | Clerk | Unique account identifier |
| Email Address | Clerk | Account authentication, notifications |
| Full Name | Optional profile field | Dashboard display |
| Avatar URL | Optional profile field | Brand personalization |
Profile & Brand Settings
Data stored in your OkieDoke profile:
| Field | Purpose |
|---|---|
| Webhook URL | Integration with external tools (e.g., Slack, Discord) |
| Studio Name | Brand identity in dashboard |
| Studio Logo URL | Uploaded via Vercel Blob for brand display |
| Brand Accent Color | UI customization (default: #22d3ee cyan-400) |
| Email Notification Preference | Control for approval/change notifications |
| Storage Usage | Tracking for tier limits (FREE: 100MB, 5 links) |
Deliverables & Content
Content you upload for client review:
| Data Type | Stored In | Purpose |
|---|---|---|
| Media Files | UploadThing | Creative work shared with clients |
| File Metadata | Neon Database | Storage tracking, file type info |
| Caption | Neon Database | Deliverable identification |
| Status | Neon Database | Workflow state (pending/approved/changes_requested) |
| Feedback Notes | Neon Database | Client comments on deliverables |
| Personal Notes | Neon Database | Your notes to approvers (max 200 words) |
| Parent ID | Neon Database | Version history linkage |
Client & Project Data
| Entity | Fields Stored | Purpose |
|---|---|---|
| Clients | Name, Email, Company | Contact management |
| Projects | Name, Description | Organization structure |
Precision Feedback Annotations
When clients provide feedback on deliverables:
| Data | Purpose |
|---|---|
| X/Y Coordinates | Pinpoint feedback location on media |
| Comment | Detailed feedback text |
| Resolution Status | Track addressed feedback |
Analytics & Usage Data
We collect engagement analytics for your deliverables:
| Event Type | Data Collected | Purpose |
|---|---|---|
| View | Timestamp, User Agent | Track client engagement |
| Approve | Timestamp | Measure approval rates |
| Request Changes | Timestamp | Track revision cycles |
Secure Review Tokens
For anonymous client access:
| Data | Purpose |
|---|---|
| Token Hash (SHA-256) | Secure, unguessable review links |
| Expiry Date | Time-limited access control |
| Usage Count | Prevent duplicate approvals |
Technical Data
- IP Address: Logged for security monitoring
- Browser/User-Agent: Stored with analytics events
- Storage Keys: Obfuscated filenames for UploadThing
How We Use Your Information
Core Service Functionality
- Create and manage your account via Clerk authentication
- Generate secure review links for client approvals
- Send email notifications via Resend (notifications@getokiedoke.com)
- Track deliverable status and version history
- Store and serve uploaded media files via UploadThing
- Provide real-time analytics dashboard
Service Improvement
- Analyze approval rates and review patterns
- Measure average review time for workflow optimization
- Identify top-performing deliverables for insights
Communication
- Transactional Emails: Approval/change notifications
- Webhook Notifications: Optional integration with external services
- No Marketing Emails: We do not send promotional content
Security & Compliance
- Prevent fraudulent use through token expiration
- Monitor abnormal usage patterns
- Enforce tier limits (storage: 100MB FREE tier, 5 active links)
Legal Basis for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Account creation & authentication | Contract performance (Art. 6(1)(b)) |
| Deliverable storage & sharing | Contract performance (Art. 6(1)(b)) |
| Analytics collection | Legitimate interests (Art. 6(1)(f)) |
| Email notifications | Contract performance (Art. 6(1)(b)) |
| Webhook integrations | Consent / Contract performance |
| Version history | Legitimate interests (legal compliance) |
Service Providers & Data Processing
| Provider | Service | Data Shared | Terms |
|---|---|---|---|
| Clerk | Authentication & User Management | User ID, email, profile data | Clerk Privacy |
| Neon Database | PostgreSQL hosting | All application data | SOC 2 Type II certified |
| UploadThing | Media file storage | Uploaded media files, storage keys | Encrypted at rest |
| Vercel | Blob storage (studio logos) | Logo images | Vercel Privacy |
| Resend | Transactional email | Creator email for notifications | Resend Privacy |
All processors located in the United States. GDPR-compliant data processing agreements in place.
Your Rights & Controls
Access & Portability
- View all your data in the OkieDoke dashboard
- Export deliverables, clients, and analytics at any time
- Request data portability via privacy@getokiedoke.com
Correction & Updates
- Update profile fields in Settings page
- Modify deliverables before client approval
- Cannot modify: Approved deliverables (immutable audit trail)
Deletion
- Dashboard deletion: Remove deliverables, clients, projects
- Account deletion: Complete removal via Clerk account settings
- Retention: Analytics retained 12 months for security
Communication Control
- Disable email notifications in Settings
- Remove webhook URL to disable integrations
Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | While active + 30 days | Authentication recovery |
| Deliverables | While account active | Service functionality |
| Media Files | While account active | Content delivery |
| Analytics Events | 12 months | Performance insights |
| Approval Tokens | 7 days after expiry | Security cleanup |
| Version History | While account active | Audit trail |
Security Measures
Technical Safeguards
- Token Security: SHA-256 hashed review tokens (plaintext never stored)
- Authentication: Clerk-managed OAuth with JWT
- Database: Neon PostgreSQL with encrypted connections
- Storage: UploadThing with server-side encryption
- Access Control: Row-level ownership verification on all queries
Children's Privacy
OkieDoke is not directed to individuals under 16. No data collected from children.
Third-Party Links
- WhatsApp Sharing:
whatsapp://send?text=links - Uploaded Media: External URLs you provide
We are not responsible for third-party privacy practices.
Changes to This Privacy Policy
Material changes communicated via in-app notification. Continued use constitutes acceptance.
Contact Us
For privacy-related inquiries:
Email: privacy@getokiedoke.com
Support: support@getokiedoke.com
DPO: dpo@getokiedoke.com
Response within 30 days.
OkieDoke is GDPR and CCPA compliant.