Platform Compliance

Official sources we review

• Meta Developer Policies
• Meta Platform Terms
• Instagram Content Publishing
• LinkedIn Authorization Code Flow
• LinkedIn Share on LinkedIn
• LinkedIn Programmatic Refresh Tokens

• Integrated only through official Meta APIs and documented publish flows.
• Instagram publishing for broad audience rollout requires the instagram_content_publish permission to be approved through Meta App Review.
• Explicit user consent is required before Vi-Engine publishes on a connected account's behalf.
• Meta/Instagram tokens are encrypted at rest with AES-256-GCM. Manual disconnect revokes publish access and marks the account disconnected instead of hard-deleting the audit record.
• Instagram media publishing must use public media URLs that Meta can fetch at publish time.
• Instagram publishing is subject to the documented content publishing limit and related platform checks such as PPA.

• Current supported scope is LinkedIn member/profile posting through the official authorization-code flow and w_member_social scope.
• Redirect URIs must exactly match trusted HTTPS URLs configured in the LinkedIn Developer Portal.
• Vi-Engine requests the least privilege needed for member posting and requires explicit member consent.
• Refresh-token support is treated as approval-dependent and not assumed for every LinkedIn app.
• LinkedIn organization and service-page publishing remains disabled until the required products, scopes, and partner status are verified.

X integration code is present and maintained in the Vi-Engine codebase but is not exposed to production users at launch. It is gated behind the ENABLE_X_INTEGRATION environment variable.

• Integration via X API v2 (OAuth 1.0a) — code present, hidden from production UI.
• No X login is presented in the current UI.
• X app-review evidence is treated as a separate enablement workstream before public rollout.

Threads has backend adapter code behind a feature flag and remains hidden from production UI at launch. Reddit and YouTube remain roadmap platforms with no active publishing integration yet.

All platforms — universal commitments

• No unsupported claims in customer-facing copy.
• Official APIs only — no scraping, no headless browsers, no reverse-engineered endpoints.
• OAuth tokens encrypted at rest (AES-256-GCM).
• Manual platform disconnect revokes access; dedicated account and workspace deletion flows handle broader user-data cleanup under the retention policy.
• Pre-publish consent shown before first live-platform publish or scheduling action.
• No user data sold, rented, or shared with third parties for marketing.