Privacy Policy

Effective Date: March 17, 2026

Posty Posty ("we", "us", "our") operates the postyposty.com application. This policy describes how we collect, use, and protect your information.

Information We Collect

• Account Information: Email address and password when you create an account.
• Business Information: Business name, type, location, brand rules, and content you create within the app.
• Social Media Credentials: When you connect social media accounts (Facebook, Instagram, X/Twitter, WordPress), we store encrypted access tokens to post on your behalf. We do not store your social media passwords.
• Uploaded Content: Photos and media you upload for content creation.
• Usage Data: Basic server logs including IP addresses and request timestamps.

How We Use Your Information

• To provide the content creation and social media posting services you request.
• To authenticate your identity and manage your account.
• To post content to connected social media platforms on your behalf.
• To improve our services.

Third-Party Services

When you connect social media accounts, we interact with their APIs (Meta/Facebook, TikTok, X/Twitter, WordPress) to post content you authorize. Each platform has its own privacy policy governing your data on their service.

• Meta (Facebook/Instagram): We use the Meta Graph API to post photos, stories, and captions to your connected Pages and Instagram accounts.
• TikTok: We use the TikTok Content Posting API to publish photos and videos to your TikTok account. We store your TikTok access token (encrypted) and open_id to authenticate requests on your behalf. We do not access your TikTok messages, followers list, or analytics.
• X/Twitter: We use the X API to post tweets with images on your behalf.
• WordPress: We use the WordPress REST API to publish blog posts to your self-hosted WordPress site.
• Anthropic (Claude AI): Uploaded images are sent to Claude AI for caption generation. Images are not stored by Anthropic beyond the API request.

Data Storage and Security

• All sensitive credentials (API keys, access tokens, passwords) are encrypted at rest using AES-256-GCM.
• Data is stored on secure cloud infrastructure (Railway, Supabase).
• We use HTTPS for all data transmission.
• Sessions are secured with HTTP-only cookies and CSRF protection.

Data Sharing

We do not sell, trade, or share your personal information with third parties, except as necessary to provide the services you request (e.g., posting to your connected social media accounts).

Data Retention

We retain your data for as long as your account is active. You can request deletion of your account and all associated data by contacting us.

Your Rights

• You can disconnect social media accounts at any time, which deletes stored tokens.
• You can request access to or deletion of your personal data.
• You can delete uploaded content at any time.

Contact

For privacy questions, contact us at privacy@postyposty.com.

Changes

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.