In this Article:
As a verified partner of several major platforms, Later must meet strict security, privacy, and compliance standards to maintain these relationships. This includes following API guidelines to protect your account and prevent unauthorized actions. This article covers how Later interacts with your connected profiles and keeps your data safe and secure.
Partner Platforms
Later is a verified partner of the following platforms:
| Partner | Relationship |
| Meta (Instagram & Facebook) | Later is a member of the Meta Business Accelerator program |
| Tiktok | Later is a Tiktok Marketing Partner |
| Later is a Pinterest Business Partner | |
| Snapchat | Later is a member of the Snap Advanced Partner Program |
| Later is an Official Marketing Partner |
In addition to the above partnerships, Later abides by API policies and guidelines for YouTube.
Frequently Asked Questions
Will Later have access to the password or login information for my social profiles?
No, Later will never have access to your password or private login details of your social profiles.
When you connect your social profile to Later, a secure pop-up window will appear that redirects you to the official social platform. You will sign in directly on that platform—not through Later.
Later only asks for the encrypted information that's needed to make our features work, and that information remains secure because we use multiple layers of encryption.
To summarize:
- When you log in to a social platform (like Instagram or Facebook) through Later, the social platform won’t give Later your actual password, because that would be a breach of your trust and privacy
- Instead, it gives Later a guest pass which is called an access token
- This access token lets Later do specific things on your behalf , like scheduling posts or pulling in analytics, but only what you allowed it to do when you connected your account
Just like a guest pass, an access token doesn’t last forever—it will eventually expire. For example, if you change your Facebook password, the token you previously granted will stop working.
When this happens, Later will no longer be able to access your account. You’ll need to re-consent and refresh your profile’s connection for Later to get a new pass.
What information does Later require?
Each social platform operates differently, offering unique features and requiring different permissions. When you connect your social profile for the first time, you’ll be able to transparently review all the permissions that Later is requesting.
For Later to function correctly, you should grant all requested permissions. For example, these permissions might include access to your handle, name of your social profile, post performance analytics, or other necessary data.
Will you post random things on my social profile?
No, Later will never publish anything on your social profiles unless you specifically schedule it through the platform.
Here’s how it works:
- You schedule a post using Later
- When the scheduled time arrives, Later verifies that your social profile is still connected and it has the required permissions and access token it needs
- If your profile is correctly connected, Later securely passes your post through the social platform’s official API to request publication
The connection between Later and your social platforms will expire every couple of months. This is an intentional process to ensure that you’re regularly consenting to Later publishing posts on your behalf.
If your connection to Later expires, we won’t be able to publish scheduled posts or retrieve data (such as post analytics) until you refresh it.
Will Later act as my social profile?
The only instances where it may appear as though Later is taking action on your behalf are:
- Publishing posts: When you schedule a post through Later, we submit it for publishing via the official API of the respective social platform. To your followers, these posts will appear exactly as if you had published them directly on the platform.
- Replying to comments (Conversations feature): If you use Later’s Conversations feature, you can reply to public Instagram or TikTok comments directly from Later. These replies are sent through the official APIs, ensuring secure and seamless interactions. These replies will look like they’re coming from your social profile.
What Later Can’t Do:
Later strictly follows the rules and limitations set by each social platform. This means Later can’t:
- Delete posts that were published through our platform
- If you need to remove a post, you must do so directly on the social platform
- Perform mass actions, such as bulk following or unfollowing accounts
- Bypass API restrictions, such as:
- Posting text-only updates to Instagram, which is not supported by Instagram’s API
- Adding stickers or interactive elements to Instagram Stories, as this must be done within Instagram’s native app
Working with Other Third-Party Tools
If you use other third-party scheduling or automation tools that perform actions that Later is restricted from because of API restrictions, ensure they comply with the official guidelines and terms of service of each social platform. Unauthorized actions may violate platform policies, potentially putting your account at risk.
What if I want to revoke the permissions I’ve granted to Later?
There are two ways that you can revoke permissions at any time:
- Remove your social profile from Later: Follow this guide to disconnect your profile
-
Revoke permissions directly on the social platform: Most platforms allow you to manage third-party app access in your account settings
- If you remove Later’s permissions, the next time Later attempts to make a request, it will be denied access
How does Later ensure that my data is safe?
You can review our Privacy Policy as well as our Terms.
Here’s some information about our security practices*:
- All data is encrypted in transit and at rest. Access tokens are encrypted at rest using Advanced Encryption Standard (AES) 256-bit encryption, the strongest level of encryption.
- All Later services use a continuous check for software dependencies with security vulnerabilities as well as static code analysis tools like Snyk. We’re constantly looking at improving our processes and have a dedicated team whose priority this is.
- Once a year, an external risk assessment is performed and security training is updated for development staff.
- Later employees are not permitted to store or download any user data on personal devices.
- Any private keys or access secrets for the Later platform must be stored in a secure location.
- Later uses the principle of "least privilege" for all access control to our production systems and data stored. Only development operations staff may access those production systems directly using 2-factor authentication.
- All Later employees' administrative actions performed during the course of their employment are logged and available for audit.
How do I delete my data?
When deleting your Later account, personal and sensitive information will be immediately deleted from our core and transactional systems. Within 90 days, all remaining data will be removed from our systems and our third-party services. In addition, our policy is to only store log information for 90 days.
The only exception is emails which may be stored in our marketing systems. Unsubscribing from any mail lists will remove the last of your data from our marketing systems.
What if I want to learn more about how the APIs work?
For some social platforms, you have to sign up as a developer to access API information in detail, but here are links to public resources:
- Meta (Instagram & Facebook): Graph API
- Tiktok: Tiktok API
- Pinterest: Pinterest API
- LinkedIn: LinkedIn API
- YouTube: YouTube API
- Snapchat: Snapchat API
- X: X API
* Article accurate of Feb 3, 2025.