Smez
Sign inRequest access

Smez legal

Privacy Policy

Last updated: June 3, 2026

This Privacy Policy applies to Smez, available at smez.co, and to Smez services that help creators and teams prepare, publish, and monitor short-form video content.

1. What Smez Does

Smez is a creator operations app for planning, rendering, packaging, scheduling, and publishing short-form videos. The service is available at smez.co and related Smez-controlled domains.

This Privacy Policy explains what information we collect, how we use it, and what choices you have when you use Smez.

2. Information We Collect

We collect information you provide directly, information generated by your use of Smez, and information received from connected third-party platforms when you authorize those connections.

  • Account information, such as name, email address, workspace membership, role, and login details.
  • Workspace content, such as uploaded clips, images, audio, transcripts, edit plans, captions, hashtags, schedules, renders, and publishing metadata.
  • Connected account information, such as platform account id, username, display name, profile metadata, granted OAuth scopes, access tokens, refresh tokens, token expiry, and connection status.
  • Publishing and analytics information, such as post ids, publish status, public URLs, view counts, like counts, comment counts, share counts, and comments where the connected platform permits comment access.
  • Technical information, such as IP address, device/browser details, request logs, error logs, and security events.

3. Platform Connections

If you connect TikTok, Instagram, YouTube, or another supported platform, Smez uses OAuth authorization to access only the permissions you approve. We use those permissions to publish content you request, check publishing status, and collect available analytics or comment information for your workspace.

For TikTok, Smez currently uses normal creator OAuth for publishing and available video metrics. TikTok comment text is not collected unless TikTok provides Smez with a suitable approved API for that use case.

For Instagram and YouTube, Smez may collect post metadata, analytics, and comment information where those permissions are granted by you and supported by the platform.

4. How We Use Information

We use information to operate, secure, maintain, and improve Smez.

  • Authenticate users and manage workspace access.
  • Store and process uploaded media and generated content packages.
  • Generate edit plans, render videos, and prepare platform-specific publishing packages.
  • Publish content to connected accounts when you request it.
  • Monitor publish status, analytics, and comments where available.
  • Debug errors, prevent abuse, protect accounts, and comply with legal obligations.
  • Communicate service, security, and support information.

5. OAuth, Security, and Data Protection

Smez treats OAuth tokens, refresh tokens, connected account identifiers, unpublished media, transcripts, captions, comments, analytics, and other connected-platform data as sensitive data. Google user data received through YouTube or other Google APIs is protected using the same safeguards described in this section.

No internet service is completely secure, but these technical and organizational safeguards are designed to protect account, workspace, and Google user data against unauthorized access, disclosure, alteration, or destruction.

  • Data is transmitted over HTTPS/TLS.
  • OAuth access tokens, refresh tokens, and pending OAuth transfer payloads are stored server-side only and encrypted before database persistence using AES-256-GCM authenticated encryption.
  • Access tokens and refresh tokens are not intentionally exposed to browser clients.
  • OAuth authorization state is signed, time-limited, and scoped to the authenticated user and active workspace.
  • Authentication and workspace cookies are HTTP-only, use SameSite protections, and are marked secure in production.
  • Workspace membership, role-based permissions, and row-level security policies limit access to workspace data.
  • Server routes resolve the authenticated user and active workspace before workspace-scoped reads or writes, and integration management requires the appropriate workspace permission.
  • Production secrets, encryption keys, database service credentials, and platform client credentials are kept in server-side environment configuration and are not committed to client code.
  • Disconnect flows delete stored OAuth tokens for disconnected platform accounts.
  • If we become aware of unauthorized access to sensitive data, we will investigate, contain the issue, and notify affected users or regulators where required by applicable law.

6. Sharing Information

We do not sell your personal information. We share information only as needed to provide Smez, operate infrastructure, comply with law, protect rights and safety, or with your direction.

  • With platform APIs, such as TikTok, Instagram, and YouTube, when you ask Smez to connect, publish, or retrieve platform data.
  • With service providers that host, store, process, analyze, or secure Smez data.
  • With workspace members according to their role and permissions.
  • With authorities or third parties when required by law or needed to protect Smez, users, or others.

7. Retention and Deletion

We retain account, workspace, media, publish, and analytics data for as long as needed to provide Smez, comply with legal obligations, resolve disputes, and enforce agreements.

You may disconnect a platform account from workspace settings. Disconnecting removes Smez access to future platform data for that account and deletes stored OAuth tokens for that connection. Existing workspace records, published post metadata, and audit logs may remain unless deleted separately.

You may request deletion of your account or workspace data by contacting support@smez.co.

8. Your Choices

You can choose not to connect third-party accounts. You can disconnect platform accounts, update workspace members, delete uploaded content, and request account or workspace deletion.

Platform providers may also offer their own account settings for reviewing or revoking third-party app access.

9. Children

Smez is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

10. Changes

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users through Smez or other appropriate channels.

11. Contact

For privacy questions or requests, contact support@smez.co.