S-Claw

隱私政策
Privacy Policy

生效日期 · Effective:
最後更新 · Last updated:

繁體中文

1. 資料控制者

本隱私政策由 Simon(以下統稱「我們」)所有,並用於其所維運之 S-Claw 自動化工具(含但不限於 Facebook / Instagram / X / Threads / LINE / Telegram / Discord 等平台的自動化發文、整理、回覆工具)。

2. 適用範圍

本政策適用於以下主體之資料處理行為:

  • Simon 所維運之 Facebook、Instagram 帳號(含個人帳號與粉絲專頁)之內容發布工具
  • 對應之 Meta Developer App、X Developer App、Google Workspace OAuth 應用

3. 資料收集與使用

本工具不向第三方使用者收集任何個人資料。所有處理之資料皆來自帳號擁有者本人之主動操作:

類別內容用途儲存位置
平台存取權杖 Facebook / Instagram / X / Google OAuth tokens 代表帳號擁有者執行 API 操作(發文、上傳圖片、讀回覆) 本機 macOS Keychain + 加密備份
Page / Account ID 粉絲專頁編號、用戶編號 定位欲發布之頻道 本機加密設定檔
使用者主動提供之 URL 欲分享之網頁連結 抓取內容、生成摘要、產生發文 暫存後即捨棄
本工具產出之發文內容 由 LLM 生成之文字、圖像 發布至帳號擁有者之社群帳號 歸入該平台之原生儲存

4. 資料 收集項目

本工具明確不會收集、儲存或處理:

  • 第三方使用者之 Facebook / Instagram 個人檔案、好友清單、貼文、訊息、照片、影片
  • 使用者之地理位置、裝置資訊、廣告 ID
  • 支付資訊、信用卡、銀行帳戶資料
  • 未成年人之任何資料

5. Meta 平台特別揭露

當本工具透過 Meta API 發布內容至 Facebook 粉絲專頁或 Instagram 商業帳號時:

  • 所要求之 OAuth 權限以發文最小必要範圍為限(如 pages_manage_postspages_read_engagementinstagram_basicinstagram_content_publish)。
  • 不要求 emailuser_friendsuser_photos 等與第三方相關之權限。
  • 所獲得之 Page Access Token 僅儲存於擁有者個人裝置,絕不上傳至公有雲、資料庫或任何第三方服務

6. 資料保留期限

  • OAuth tokens:直到擁有者主動撤銷授權,或平台依其政策過期。
  • 暫存之 URL 內容:完成處理後立即刪除(通常於數秒內)。
  • 本機 log:滾動保留 30 天,超過自動清除。
  • 加密備份:保留 3 天於 Google Drive,30 天於 GitHub Releases。

7. 第三方共享

除以下情況外,本工具不會將任何資料分享給第三方

  • 當帳號擁有者主動觸發發文,由本工具代表其呼叫 Meta / X / Google 等平台 API。
  • 當使用 LLM 服務(Anthropic Claude、OpenAI、MiniMax 等)處理使用者主動提供之 URL 內容時,僅傳送該頁面之公開內容供生成摘要。

所有第三方服務皆需符合其各自之資料處理條款。

8. 安全措施

  • 所有 access token 儲存於 macOS Keychain(系統層級加密)。
  • 備份檔案以 AES-256-CBC 雙層加密。
  • 本機 git pre-commit hook 阻擋明文 secret 入庫。
  • 所有原始碼倉庫設為 Private,並啟用 Dependabot 漏洞警示。

9. 您的權利

由於本工具僅服務帳號擁有者本人,無第三方使用者資料之處理。如您(第三方)認為您的資料以任何形式遭本工具處理,請依第 11 節聯絡我們,我們將於 30 日內回覆。

10. 政策變更

我們可能不定期更新本政策。重大變更將於本頁公告,並更新「最後更新」日期。建議定期回訪本頁。

11. 聯絡方式

資料控制者:Simon
專案:S-Claw 自動化工具
Email:djp.simon@gmail.com

English

1. Data Controller

This Privacy Policy is owned by Simon (collectively, "we", "us") and applies to the S-Claw automation tools they operate. Tools include but are not limited to automation utilities for Facebook, Instagram, X, Threads, LINE, Telegram, and Discord (posting, organizing, replying).

2. Scope

This policy applies to data processing for:

  • Facebook and Instagram accounts (personal and Pages) operated by Simon
  • Associated Meta Developer App, X Developer App, and Google Workspace OAuth applications

3. Data Collection and Use

The tools do not collect any personal data from third-party users. All processed data originates from the account owner's own actions:

CategoryContentPurposeStorage
Platform access tokens Facebook / Instagram / X / Google OAuth tokens Perform API operations on behalf of owner (post, upload, read replies) Local macOS Keychain + encrypted backup
Page / Account IDs Page numbers, user IDs Address the publishing target Local encrypted config
URLs the owner submits Web links to share Fetch content, generate summary, produce post Discarded after processing
Generated post content LLM-produced text and images Publish to owner's social account Native storage of the destination platform

4. Data We Do Not Collect

The tools explicitly do not collect, store, or process:

  • Third-party users' Facebook / Instagram profiles, friend lists, posts, messages, photos, or videos
  • Users' geolocation, device identifiers, advertising IDs
  • Payment information, credit card or bank details
  • Any data of minors

5. Meta Platform Specific Disclosure

When publishing via the Meta API to a Facebook Page or Instagram business account:

  • OAuth permissions requested are limited to the minimum required for posting (e.g., pages_manage_posts, pages_read_engagement, instagram_basic, instagram_content_publish).
  • We do not request email, user_friends, user_photos, or similar third-party-related permissions.
  • Page Access Tokens are stored only on the owner's personal device and never uploaded to public cloud, databases, or any third-party service.

6. Data Retention

  • OAuth tokens: until the owner revokes the grant, or the platform expires it per its policy.
  • Cached URL content: deleted immediately after processing (typically within seconds).
  • Local logs: rolling 30-day retention, then auto-purged.
  • Encrypted backups: 3 days on Google Drive, 30 days on GitHub Releases.

7. Third-Party Sharing

Except in the following cases, the tools do not share any data with third parties:

  • When the account owner actively triggers a post, the tools call Meta / X / Google APIs on their behalf.
  • When LLM services (Anthropic Claude, OpenAI, MiniMax, etc.) process URL content the owner submits, only the public content of that page is sent for summarization.

All third-party services are subject to their own data-processing terms.

8. Security

  • All access tokens are stored in macOS Keychain (system-level encryption).
  • Backup archives are encrypted with double-layer AES-256-CBC.
  • A local git pre-commit hook blocks plaintext secrets from being committed.
  • All source repositories are Private with Dependabot vulnerability alerts enabled.

9. Your Rights

Because the tools serve only the account owner, no third-party user data is processed. If you (a third party) believe your data has been processed by these tools in any form, please contact us per Section 11; we will respond within 30 days.

10. Changes to this Policy

We may update this policy from time to time. Material changes will be announced on this page and the "Last updated" date will be revised. Please revisit periodically.

11. Contact

Data controller: Simon
Project: S-Claw automation tools
Email: djp.simon@gmail.com