How we collect, use, share, and protect your information when you use WHOOSH360.
Effective date: 1 April 2026 · Last updated: 1 April 2026
Plain-language summary: WHOOSH360 connects to your social media accounts on your instruction. We store the access tokens you grant us, the content you create, and standard usage data. We do not sell your data. You can delete your account and all associated data at any time. The full details follow below.
WHOOSH360 ("we", "us", "our") operates the WHOOSH360 platform, accessible at whoosh360.com and via associated mobile and desktop applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use the Service.
By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
WHOOSH360 acts as a data controller for personal data you provide directly to us (your account information, content, and settings) and as a data processor for content and data you instruct us to publish or retrieve on your behalf from connected third-party platforms.
When you register, we collect your name, email address, password (hashed, never stored in plain text), business or brand name, and billing information if you subscribe to a paid plan.
We store the posts, captions, images, videos, and documents you create or upload inside WHOOSH360, including drafts, scheduled content, campaign materials, and media library assets.
When you connect a social media account, the relevant platform provides us with an OAuth access token (and, where applicable, a refresh token). We store these tokens in encrypted form. They are used solely to perform the actions you request — publishing posts, retrieving engagement data, and managing your content on those platforms.
We automatically collect log data, IP addresses, browser type, device identifiers, pages visited, features used, and timestamps. This data helps us operate, secure, and improve the Service.
If you contact our support team or submit a form, we retain the content of those communications to resolve your enquiry and improve our service quality.
We use the data we collect to:
We do not use your content or social account data to train AI models, target advertising, or sell to third parties.
WHOOSH360 integrates with the following platforms. When you connect an account, we access only the permissions you explicitly grant. The specific data accessed and the governing terms for each platform are set out below.
We integrate with the Meta Graph API under the Meta Platform Terms and Meta Developer Policies.
Permissions we request: pages_manage_posts, pages_read_engagement, instagram_content_publish, instagram_basic, pages_show_list, business_management (where applicable).
What we access: Page and Instagram Business/Creator account details, published posts, basic engagement metrics (likes, comments, shares), and the ability to publish new posts, stories, and reels.
What we do not access: Personal profiles of your followers, private messages, advertising accounts (unless you explicitly grant access), or any data beyond the permissions listed above.
Data use: Tokens and page/account IDs are stored to enable publishing. Engagement data you request is displayed within WHOOSH360 and is not stored beyond your active session unless you export it. We do not share this data with third parties.
Meta's data policies govern Meta's own collection and use of data when you use their platforms. Review Meta's Privacy Policy for details.
We integrate with the X API v2 under the X Developer Agreement and Policy.
Permissions we request: Read and write access to your X account, enabling us to post tweets, threads, and media on your behalf.
What we access: Your public profile information, the ability to post content, and basic account metrics you request within WHOOSH360.
What we do not access: Direct messages, follower personal data, or any data not explicitly returned by the endpoints we call.
Data use: OAuth 2.0 tokens are stored encrypted. Content is published only when you explicitly schedule or trigger a post. We comply with X's rules around automation, including the prohibition on creating misleading automated content.
We integrate with the LinkedIn Marketing API under the LinkedIn API Terms of Use.
Permissions we request: w_member_social, r_liteprofile, r_emailaddress, w_organization_social (for Company Pages).
What we access: Your LinkedIn profile name and profile picture (for display purposes), and the ability to publish posts to your personal profile and/or company pages you administer.
Data use: We publish content on your behalf using tokens you have granted. We do not scrape LinkedIn data, store your connections' information, or use LinkedIn data for purposes beyond operating the Service.
We integrate with the TikTok Content Posting API and Login Kit under the TikTok for Developers Terms of Service.
Permissions we request: video.publish, video.upload, user.info.basic.
What we access: Your TikTok display name and avatar (for account identification), and the ability to upload and publish videos on your behalf.
Data use: Video files you upload to WHOOSH360 for TikTok publication are transferred to TikTok's servers upon your instruction. We retain a copy in your WHOOSH360 media library only if you choose to save it there. We do not collect viewer analytics beyond what TikTok makes available via its API.
TikTok's data practices are governed by the TikTok Privacy Policy.
We integrate with the YouTube Data API v3 under the YouTube API Services Terms of Service and the Google Privacy Policy.
Permissions we request: https://www.googleapis.com/auth/youtube.upload, https://www.googleapis.com/auth/youtube.readonly.
What we access: Your YouTube channel name and metadata, and the ability to upload videos, set titles, descriptions, tags, and thumbnails on your behalf.
Data use: We use YouTube API Services only to fulfil your publication requests. Data obtained from YouTube API Services is not transferred to third parties, stored beyond the scope of your session, or used for advertising.
You may revoke WHOOSH360's access to your Google account at any time via Google's security settings.
We integrate with the Pinterest API v5 under the Pinterest API Terms of Service.
Permissions we request: boards:read, boards:write, pins:read, pins:write, user_accounts:read.
What we access: Your Pinterest username, boards list, and the ability to create and publish Pins to your boards.
Data use: Access tokens are stored encrypted. We publish Pins and retrieve board data only when you initiate an action. We do not collect data about your Pinterest followers or audience.
We integrate with the WhatsApp Business API via Meta's Cloud API under the WhatsApp Business Terms of Service and Meta Business Tools Terms.
What we access: Your registered WhatsApp Business phone number, approved message template status, and the ability to send messages using approved templates to recipients who have opted in to receive communications from your business.
Important: The WhatsApp Business API may only be used to send messages to users who have explicitly opted in. WHOOSH360 does not collect, store, or process the personal data of your customers' WhatsApp numbers beyond what is necessary to send messages you instruct us to send. You are responsible for obtaining and maintaining valid consent from your message recipients in accordance with applicable law and WhatsApp's policies.
Data use: Message logs are stored in your WHOOSH360 account for delivery tracking purposes and are not shared with third parties.
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
We retain your account data and content for as long as your account remains active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it longer for legal, tax, or compliance purposes (typically up to 7 years for financial records).
Connected platform access tokens are deleted immediately upon disconnecting an account or deleting your WHOOSH360 account.
Anonymised usage analytics (with no personally identifiable information) may be retained indefinitely for product improvement purposes.
We implement industry-standard security measures to protect your data:
No method of transmission or storage is 100% secure. If you become aware of any security concern regarding your WHOOSH360 account, please contact us immediately at support@whoosh360.com.
Depending on your location, you may have the following rights regarding your personal data:
Submit a request to support@whoosh360.com with the subject line "Privacy Request". We will respond within 30 days for GDPR requests and within 45 days for CCPA requests. We may ask you to verify your identity before processing a request.
We use the following types of cookies and similar technologies:
We do not use third-party advertising or behavioural tracking cookies. You can control cookie preferences in your browser settings. Note that disabling certain cookies may affect Service functionality.
The Service is intended for users who are at least 18 years of age and who operate business accounts on the connected platforms. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us at support@whoosh360.com and we will delete it promptly.
WHOOSH360 is headquartered in India. If you are located outside India, your data will be transferred to and processed in India and potentially in other countries where our infrastructure providers operate (including the United States and European Union).
Where we transfer personal data from the EEA, UK, or Switzerland to countries without an adequate level of data protection as determined by the European Commission, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by displaying a prominent notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:
If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.