Privacy Policy – Content Eleven

Last updated: 5 February 2026

Content Eleven ("Content Eleven", "we", "us" or "our") provides a platform that helps teams plan, collaborate on, approve and publish social media content, including posts to Facebook Pages (the "Service").

This Privacy Policy explains how we collect, use, disclose and protect information in connection with our website, app and related services (together, the "Platform"). It also explains the choices and rights you have in relation to your personal data.

By using Content Eleven, connecting your Facebook account, or otherwise interacting with our Platform, you agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, you should not use our Platform.

1. Controller and Contact Details

The Platform is operated by Content Eleven.

If you have any questions about this Privacy Policy or how we process your data, you can contact us at:

Email: hello@contenteleven.com
Subject line: Privacy request – Content Eleven

This email is also used for exercising your data protection rights (access, deletion, etc.).

2. Scope

This Privacy Policy applies to:

  • Visitors to our website (including the marketing site)
  • Users who create a Content Eleven account
  • Team members invited into a workspace
  • People who connect Facebook Pages to Content Eleven
  • People whose data is processed through connected social media accounts (for example, comments, usernames and engagement metrics on posts published through Content Eleven)

This Policy does not apply to how Facebook or other third-party platforms process your data. Those services are governed by their own privacy policies.

3. Information We Collect

We collect information in three main ways:

  1. Information you provide to us directly
  2. Information we receive from Facebook via their APIs
  3. Information collected automatically when you use the Platform

3.1 Information you provide directly

When you use Content Eleven, we may collect:

Account information

  • Name
  • Email address
  • Password (hashed – we never store plain text passwords)
  • Profile picture (if you upload one)

Workspace and organisation information

  • Workspace name
  • Role (e.g. admin, member, client)
  • Team members you invite (email addresses, names)

Content and assets

  • Text content for posts, captions, comments and notes
  • Images, graphics, PSD templates and other media you upload
  • Schedules, drafts, approvals, feedback and version history
  • Any other content you store or process through the Platform

Support and communication

  • Messages you send us via email or in-app support
  • Bug reports, feedback and survey responses

3.2 Information from Facebook

When you connect a Facebook Page to Content Eleven, we access certain information from Facebook via the Meta Graph API, always in accordance with the permissions you grant during the connection process.

Depending on your configuration and the permissions you approve, this may include:

Account and Page details

  • Facebook Page ID, name and profile picture
  • Information about which Facebook Pages you manage

Content and engagement data

  • Posts and media published via Content Eleven
  • Captions, hashtags and metadata
  • Basic engagement metrics (likes, reactions, comments, saves, shares, reach, impressions)
  • Comments and replies on posts where you have granted read permissions

Access tokens

  • Page access tokens issued by Meta
  • These tokens are stored securely and used only to perform actions you explicitly request (e.g. publishing posts, retrieving insights).

We do not access your personal Facebook profile timeline or messages.

We only request the minimum scopes required for the features you use (for example, listing Pages you manage, publishing posts and retrieving analytics). These permissions are displayed to you by Facebook during the connection flow.

You can revoke our access at any time through:

  • Your Facebook settings, or
  • Your Content Eleven workspace settings (disconnecting channels).

3.3 Information collected automatically

When you use our Platform, we may automatically collect:

Usage data

  • Actions you take in the app (e.g. create/edit post, publish, approve)
  • Features you use, timestamps, and interaction patterns

Technical and log data

  • IP address
  • Browser type and version
  • Device information and operating system
  • Referring/exit pages
  • Dates and times of access
  • Error logs and performance data

Cookies and similar technologies

We may use cookies, local storage or similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Measure performance and usage of the Platform

You can control cookies through your browser settings, but disabling essential cookies may break the login or core functionality of the Platform.

4. How We Use Your Information

We use the information we collect for the following purposes:

To provide and maintain the Platform

  • Create and manage your account and workspaces
  • Allow you to connect and manage Facebook Pages
  • Enable you to create, edit, approve and publish social media content
  • Publish posts and stories to your connected social media channels when you instruct us to do so
  • Retrieve analytics and engagement metrics for your content

To secure the Platform

  • Authenticate users and prevent unauthorised access
  • Detect and prevent fraud, abuse and platform misuse
  • Monitor for suspicious activities and potential security issues

To improve and develop the Platform

  • Analyse usage and performance
  • Debug issues, monitor uptime and improve stability
  • Develop new features and refine the user experience

To communicate with you

  • Respond to your support requests and questions
  • Send important operational updates (e.g. security notices, changes to this Policy, changes to API or integration behaviour)
  • Send optional product updates or onboarding tips (you can opt out of non-essential emails at any time)

To meet legal, regulatory and compliance obligations

  • Maintain records for accounting and tax purposes
  • Respond to lawful requests from authorities where required
  • Enforce our Terms of Service and other agreements

5. Legal Bases for Processing (EEA / UK / GDPR)

If you are located in the European Economic Area, the United Kingdom or another jurisdiction with similar laws, we process your personal data on the following legal bases:

Performance of a contract

To provide you with the Platform and its features, including account creation, workspace collaboration, publishing to Facebook and support.

Legitimate interests

To secure and improve the Platform, understand usage, prevent abuse, and customise features, where these interests are not overridden by your data protection rights.

Consent

For certain cookies and analytics technologies, and when you connect a Facebook account and grant specific permissions. You can withdraw your consent at any time by disconnecting accounts or updating your browser settings.

Legal obligations

To comply with applicable laws, regulations and legal processes.

6. How We Share Information

We do not sell your personal data.

We may share information in the following limited circumstances:

Service providers (processors)

We use trusted third-party providers to help us operate the Platform, for example:

  • Cloud hosting and infrastructure
  • Database and storage providers
  • Email and notification services
  • Analytics and error-tracking tools

These providers process data on our behalf and are bound by contractual obligations to protect your data and use it only for the services we define.

Facebook

When you choose to publish or manage content via Content Eleven, your content and related data is sent to Facebook via their APIs. This is required for the core functionality of the Platform and is governed by Facebook's own terms and privacy policies.

Team members and workspace collaborators

Within a workspace, certain information (such as post drafts, approvals and analytics) is shared with other members who have been granted access by the workspace admin.

Business transfers

In the event of a merger, acquisition, financing, or sale of all or part of our business, your data may be transferred as part of that transaction, subject to appropriate confidentiality and data protection safeguards.

Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • Comply with a law, regulation, legal process or governmental request
  • Enforce our Terms of Service or other agreements
  • Protect the security or integrity of the Platform
  • Protect our rights, property or safety, or that of our users or the public

7. International Data Transfers

Our servers and service providers may be located in countries outside your country of residence. This means your data may be transferred to and processed in jurisdictions with different data protection laws.

Where required by law, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure that any international transfers provide an adequate level of protection for your personal data.

8. Data Retention

We retain your information for as long as necessary to:

  • Provide and maintain the Platform
  • Comply with our legal obligations
  • Resolve disputes
  • Enforce our agreements

In general:

  • Account and workspace data is kept while your account is active.
  • Content and publishing history may be retained as long as your workspace exists, unless you delete it or request deletion.
  • Access tokens for social media accounts are stored only as long as required to provide the Service and are invalidated when you disconnect a channel or when Facebook revokes them.
  • Log and analytics data may be retained for a limited period for security, troubleshooting and trend analysis.

We may anonymise data so that it can no longer be associated with an individual; anonymised data may be retained for longer periods.

9. Your Rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

  • Right of access – to obtain confirmation whether we process your data and receive a copy.
  • Right to rectification – to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your personal data, subject to certain legal exceptions.
  • Right to restriction – to request we limit processing in certain circumstances.
  • Right to data portability – to receive your data in a structured, commonly used format and transmit it to another controller where technically feasible.
  • Right to object – to object to processing based on legitimate interests, and to marketing communications at any time.
  • Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time.

To exercise any of these rights, contact us at hello@contenteleven.com with enough information to identify you and your account. We may ask for additional information to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).

10. Data Deletion and Account Closure

You can:

  • Delete specific content (such as posts or media) directly from the Platform.
  • Disconnect Facebook Pages from your workspace.
  • Request full account and data deletion by emailing hello@contenteleven.com with the subject line "Data deletion request".

Once your request is verified and processed:

  • Your account and associated workspaces may be deactivated and/or deleted.
  • We may retain limited information where required by law (for example, billing records) or for legitimate business purposes (for example, security logs), after which it will be deleted or anonymised.

Note: Deleting content or accounts in Content Eleven does not automatically delete content that has already been published to Facebook. That content is managed directly through that platform.

11. Security

We take reasonable and appropriate measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction. These measures include:

  • Encryption in transit (HTTPS)
  • Access controls and authentication
  • Principle of least privilege for internal tools
  • Regular monitoring and logging

No system is completely secure. We cannot guarantee absolute security, but we work continuously to improve our technical and organisational safeguards.

If you believe your account has been compromised, contact us immediately at hello@contenteleven.com.

12. Children's Privacy

Our Platform is not intended for use by children under the age of 16, and we do not knowingly collect personal data from children under 16.

If you believe that a child has provided us with personal information, please contact us and we will take appropriate steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform or applicable laws.

When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Take additional steps if required by law (for example, email notification or in-app notice)

We encourage you to review this Privacy Policy periodically.

14. How to Contact Us

If you have any questions, concerns or requests relating to this Privacy Policy or our data practices, you can contact us at:

Content Eleven
Email: hello@contenteleven.com

We will do our best to respond within a reasonable time and in accordance with applicable laws.