← Back to home

Privacy Policy

Last updated: June 16, 2026 · Effective date: April 19, 2026

Pochi ("the Service") is a multi-platform social media automation tool operated by Icery.tw, an independent developer based in Taiwan. It lets creators connect their Instagram, Threads, Facebook Page, YouTube, and TikTok accounts, then configure automated flows that respond to comments across those platforms and publish content to multiple platforms from one interface. This policy describes what information we collect, how we use it, and how you can control it.

Contact: Icery@Icery.tw

1. Information We Collect

When you connect a social account via OAuth (Instagram, Threads, Facebook, YouTube, or TikTok), we collect:

We do notcollect: your password, payment information, contact lists, private messages you haven't explicitly routed through an automation, or any content unrelated to the Service's operation.

2. How We Use Information

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

3. Data Storage & Security

Account metadata, access tokens, flow definitions and event logs are stored in a MongoDB Atlas cluster with TLS in transit. Access tokens are held only as long as needed to operate the Service and are never exposed to third parties.

Media files:When you upload a video through the compose page, the file is stored in Cloudflare R2 object storage under a public custom domain (media.pochi.icery.tw) so that target platforms (Instagram, Threads, Facebook, YouTube, TikTok) can fetch it for publishing. Encryption at rest is enabled on the bucket (R2 server-side encryption). After a successful publish, R2 objects are kept for 7 days for retry / re-publish purposes, then purged automatically by a daily lifecycle job. A separate cleanup job removes any orphaned R2 object that isn't tracked by the database within 24 hours.

4. Your Rights

5. Data Retention

Event logs are retained for up to 90 days. Access tokens are retained until you disconnect or the Service is decommissioned. Aggregated, anonymized statistics may be retained indefinitely for analytical purposes.

6. Third-Party Services

The Service interacts with the following third parties on your behalf:

Each of these providers has its own privacy policy. We only send them the data strictly required to complete the requested action.

7. Meta Platform Permissions (Instagram, Threads, Facebook)

Depending on which Meta platforms you connect and which automation / publishing features you enable, Pochi requests the permissions below. Each is used only to operate the features you explicitly configure. We do not use Meta data for advertising, profiling, or any purpose other than running your automations, and we never sell or share it.

You can revoke any of these at any time by disconnecting inside Pochi or from the platform's own settings (see Section 4). Revocation immediately stops Pochi from accessing that platform and deletes the stored token.

8. Children's Privacy

The Service is not intended for users under 16. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be announced on this page and/or communicated via email to connected accounts at least 30 days before taking effect.

10. Contact

Questions or concerns? Email Icery@Icery.tw.