Casta Legal

Privacy Policy

Last updated: May 31, 2026

This policy explains what data Casta processes when used as a self-hosted multi-channel social publishing dashboard.

Before public deployment, replace the contact placeholder with your real support email or business contact.

1. Data We Process

Casta may process application usernames, password hashes, roles, permissions, audit logs, publishing jobs, post history, uploaded media paths, captions, messages, and platform connection status.

2. Credentials, Tokens, And Cookies

To publish and verify sessions, Casta may store encrypted OAuth tokens, webhook URLs, social account credentials, instagrapi settings, and browser cookies. These values are encrypted using the application secret key before being stored in the database.

3. Uploaded Media

Uploaded files may be temporarily stored on disk while background jobs run. The application attempts to clean temporary files after jobs complete or fail, but operators should still run periodic cleanup and monitor disk space.

4. Third-Party Platforms

When you connect or publish through Casta, data may be sent to third-party platforms such as X/Twitter, YouTube, Facebook, Instagram, TikTok, and Discord. Those platforms process data under their own privacy policies and terms.

5. Logs And Audit Records

Casta stores operational logs and audit records for security, troubleshooting, and accountability. Audit records may include usernames, platform names, action labels, timestamps, post metadata, and error summaries.

6. Cookies Used By Casta

Casta uses an HttpOnly session cookie to keep users logged in and a readable CSRF cookie to protect state-changing requests. Browser cookies imported for third-party platforms are stored separately in encrypted form.

7. Data Storage And Security

Data is stored on the server where Casta is deployed. Security depends on server access controls, HTTPS, filesystem permissions, database backups, reverse proxy configuration, and protection of the secret key.

8. Retention

Retention is controlled by the operator of the deployment. Jobs, logs, cache entries, and temporary uploads can be cleaned using the maintenance commands documented in the project.

9. User Choices

Users can disconnect supported platform sessions, OAuth tokens, credentials, and webhooks from the dashboard where available. Administrators can manage users and remove access.

10. Contact

Operator: MKRyuto. Contact: randiprawira23@gmail.com. Public URL: https://casta.mkryuto.my.id.