Privacy Policy

Last updated: June 2026

On this pageInformation we collect How we use it Sharing Connected platforms Security Your rights Contact

This Privacy Policy explains how Postit, Inc. ("Postit", "we", "us") collects, uses, and safeguards information when you use our website and application (the "Service"). We keep it short and plain: we collect what we need to run the Service, we never sell your data, and you stay in control of your connected accounts.

1. Information we collect

Account information

When you create an account we collect your name, email address, and a securely hashed password. If you create a workspace, we store its name and your role within it.

Content you create

Posts, drafts, media, brand-voice settings, and schedules you create in Postit are stored so we can generate platform-native versions and publish on your behalf.

Connected platform data

When you connect a social account we store the access tokens needed to publish, encrypted at rest. We request the minimum scopes required and never store your platform passwords.

Usage and device data

We collect basic technical data (IP address, browser type, request logs) to operate, secure, and improve the Service.

2. How we use information

To provide the Service: composing, scheduling, and publishing your posts.
To generate platform-native rewrites using the AI provider you or your admin configure.
To authenticate you, secure your account, and prevent abuse.
To send service-related notifications you have enabled.
To process billing through our payment processor.

We do not sell your personal data. We share information only with service providers who help us operate the Service (hosting, payment processing, and the AI provider configured for your workspace), and when required by law. These providers are bound to use the data only to provide their services to us.

4. Connected platforms

Postit posts to third-party platforms (such as X, LinkedIn, Instagram, Threads, Facebook, TikTok, YouTube, WordPress, and Blogger) using the permissions you grant. You can disconnect any account at any time from the Connections page, which revokes the stored tokens. If a platform notifies us that you deauthorized Postit or requested deletion of your data, we promptly revoke the related connection and remove its tokens.

5. Data security

We protect your data with industry-standard measures, including encryption of stored OAuth tokens, hashed passwords (argon2), rotating session tokens with reuse detection, and access controls. No system is perfectly secure, but we work hard to keep yours safe.

6. Your rights

You can access, correct, export, or delete your personal data. Deleting your account removes your personal information and revokes connected platform tokens. To exercise any of these rights, contact us using the details below.

7. Data retention

We retain your data for as long as your account is active. When you delete your account, we remove or anonymize your personal data within a reasonable period, except where retention is required by law.

8. Contact us

Questions about this policy or your data? Email us at privacy@postit.app.