Privacy Policy

1. Introduction

OctoDock ("we", "us", or "our") operates the octo-dock.com website and the OctoDock MCP service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We use this information solely to create and manage your OctoDock account.

2.2 Connected App Tokens

When you connect third-party apps (e.g., Notion, Gmail, Google Calendar), we store OAuth access tokens and refresh tokens to maintain your connections. All tokens are encrypted using AES-256-GCM before storage and are never logged or exposed in plaintext.

2.3 Usage Data & Memory

OctoDock stores operational memory (preferences, patterns, context, and saved workflows) to improve your experience across AI agents. This data is associated with your account and is not shared with other users.

3. How We Use Your Information

• To provide and maintain the OctoDock service
• To execute actions on connected apps on your behalf via AI agents
• To store and retrieve your cross-agent memory and preferences
• To improve service quality and user experience

4. Data Sharing

We do not sell, trade, or rent your personal information. Your data is only shared with third-party services when you explicitly connect them through OctoDock, and only to the extent necessary to perform the actions you request.

5. Data Security

We implement industry-standard security measures including:

• AES-256-GCM encryption for all stored tokens
• HTTPS for all data in transit
• Secure PostgreSQL database with access controls
• Error isolation — one app failure does not expose data from another

6. Data Retention & Deletion

You can disconnect any app at any time from your dashboard, which immediately revokes and deletes the associated tokens. You may request full account deletion by contacting us, after which all your data will be permanently removed within 30 days.

7. Third-Party Services

OctoDock integrates with third-party services (Google, Notion, GitHub, etc.). Each service has its own privacy policy. We encourage you to review them before connecting.

8. Meta Platform Data (Threads, Facebook, Instagram)

When you connect your Meta account (Threads, Facebook, or Instagram) to OctoDock, we access and process the following data based on the permissions you explicitly grant during the OAuth authorization flow:

• Profile information — name, username, user ID, biography, and profile picture. Used to identify your account in the OctoDock dashboard so you and your AI agents can confirm which account is connected.
• Your posts, replies, and mentions — fetched on-demand when you (or an AI agent acting on your explicit instruction) request them. Used to let you read, moderate, and respond to activity on your own account.
• Engagement insights (likes, views, reposts) — fetched on-demand for analytics queries on your own posts.
• Publishing — we create posts, replies, and media uploads on your account only when you (or an AI agent acting on your explicit instruction) request it.
• Public content lookups (keyword search, public user profiles) — retrieved on-demand to help you discover content relevant to your stated intent.

8.1 How We Store Meta Data

OAuth access tokens and refresh tokens issued by Meta are encrypted with AES-256-GCM before storage and are never logged or exposed in plaintext. Meta content (posts, replies, mentions, media) is not stored permanently — it is fetched on each request and returned directly to you or your AI agent. We do not aggregate, sell, or share Meta content with any third party.

8.2 How to Revoke Access and Delete Data

You can disconnect your Meta account at any time from the OctoDock dashboard. Doing so immediately revokes the OAuth token and deletes all associated credentials from our database. You can also:

• Revoke OctoDock's access directly from your Meta account settings at https://www.threads.net/settings/account/authorized-apps. Meta will notify OctoDock via our deauthorization webhook, and we will delete your token within seconds.
• Request full data deletion by emailing [email protected]. We will confirm deletion within 30 days.

8.3 Webhook Endpoints

OctoDock honors Meta's deauthorization and data deletion callbacks at the following endpoints:

• Deauthorization: https://octo-dock.com/api/webhooks/threads/deauthorize
• Data deletion request: https://octo-dock.com/api/webhooks/threads/delete

9. Children's Privacy

OctoDock is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at: [email protected]