Privacy Policy

Last Updated: November 19, 2025

This Privacy Policy explains how PostPilot collects, uses, and protects your information when you use our service. We are committed to protecting your privacy and handling your data with care and transparency.

Privacy-First Approach: PostPilot collects minimal personal information. From your social media accounts, we only access your public display name and profile picture. We do not collect email addresses, phone numbers, follower lists, private messages, or analytics data from your connected accounts.

1. Information We Collect

Account Information

When you connect your social media accounts to PostPilot, we collect and store only the following limited information:

  • Display name (public username)
  • Profile avatar/picture
  • OAuth access tokens and refresh tokens (encrypted) - required for posting content on your behalf
  • Account connection status

We do not collect: email addresses, phone numbers, follower lists, private messages, analytics data, or any other personal information beyond what's listed above.

Content Data

To provide our scheduling and publishing services, we store:

  • Post titles and descriptions
  • Image URLs and slide text overlays
  • Scheduled publish times
  • Post status and publishing history
  • Content templates and hooks

Technical Information

We may automatically collect minimal technical information necessary to operate the service:

  • Browser type and version (for compatibility)
  • IP address (automatically logged by our hosting service for security purposes)
  • Basic usage logs (errors, login times) for troubleshooting

We do not track: your browsing behavior, clicks, or usage patterns beyond basic error logging for service maintenance.

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain the PostPilot service
  • Schedule and publish content to your connected social media accounts
  • Generate AI-powered content
  • Send notifications about scheduled posts
  • Improve and optimize service performance
  • Troubleshoot issues and provide customer support
  • Comply with legal obligations

Legal Basis for Processing (GDPR): We process your data based on: (a) your consent when you use our service; (b) contractual necessity to provide the service; (c) legitimate interests in improving our service; and (d) legal obligations.

2a. Data Sharing and Sale

We do not sell your personal information to third parties. We do not share your data for marketing purposes or with data brokers.

We only share your data with third-party service providers necessary to operate PostPilot (as described in Section 3), and only to the extent required for them to perform their services. These providers are contractually obligated to protect your data.

3. Third-Party Services

PostPilot integrates with third-party services that may collect and process your data:

Social Media Platforms

We use official platform APIs to publish content to your connected accounts. Each platform's Privacy Policy governs their respective data practices.

AI Content Generation

We use third-party AI services to generate content suggestions and descriptions. Content prompts may be sent to these services for processing.

Stock Image Providers

We use third-party APIs to source stock images for your content. Image search terms are sent to these providers for processing.

Data Storage

We use secure third-party services for data storage and authentication. All data is encrypted at rest and in transit.

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over encrypted HTTPS connections
  • Access tokens are encrypted in our database
  • We use secure authentication protocols (OAuth 2.0 with PKCE)
  • Regular security updates and monitoring

However, no method of transmission over the internet is 100% secure. We recommend keeping your device secure and using strong, unique passwords.

5. Data Retention

We retain your data according to the following schedule:

  • Account Information: Retained while your account is active, deleted within 30 days of account closure
  • Content Data: Retained while your account is active or until you delete specific content
  • OAuth Tokens: Deleted immediately when you disconnect an account
  • Usage Logs: Retained for 90 days for troubleshooting and security purposes
  • Legal Records: Retained as required by applicable law (typically 7 years for financial records)

You can request deletion of your data at any time by contacting us. Some information may be retained in anonymized form for analytical purposes or as required by law.

6. Your Rights

Depending on your location, you may have the following rights:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Export your data
  • Withdraw consent at any time

To exercise these rights, please contact us through our contact form.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request disclosure of the categories and specific pieces of personal information we collect
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us. We will respond within 45 days of receiving your request.

8. Cookies and Tracking

PostPilot uses essential cookies to maintain your session and provide functionality. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect service functionality.

9. Children's Privacy

PostPilot is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of discovering the breach, as required by law. Notifications will include:

  • The nature of the breach and data affected
  • Steps we are taking to address the breach
  • Recommended actions you should take to protect yourself
  • Contact information for further questions

We maintain incident response procedures and regularly review our security practices to prevent breaches.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of PostPilot after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our contact form:

Submit a Contact Request