Privacy Policy

PostPilot AI ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices you have regarding your information when you use our platform at postpilot.ai.

By using PostPilot AI, you consent to the data practices described in this policy.

Information you provide directly:

• Account information: Email address, name, and password when you create an account. If you sign in with Google, we receive your name and email from Google.
• Profile and preferences: Niche, brand voice settings (brand name, industry, audience, tone, preferred topics), and notification preferences.
• Content you create: Topics, blog URLs, generated posts, scheduled content, and any text you paste into the repurpose tool.
• Payment information: We do not store your card details. Payment processing is handled entirely by Razorpay. We receive confirmation of payment status only.

Information collected automatically:

• Usage data: Pages visited, features used, generation counts, and session activity to improve the product.
• Technical data: IP address, browser type, operating system, and device information.
• Cookies: We use essential session cookies (Supabase auth) and optional referral cookies. We do not use third-party advertising cookies.

Information from third parties:

• Social media accounts: When you connect Twitter/X or LinkedIn, we store OAuth access tokens to publish on your behalf. We only request the minimum permissions needed and never read your private messages.

• To create and manage your account and authenticate you securely.
• To generate AI content tailored to your brand voice and preferences.
• To schedule and publish posts to your connected social media accounts.
• To send transactional emails (publish confirmations, weekly digests) if you opt in.
• To process payments and manage your subscription.
• To send product updates, feature announcements, and important notices.
• To monitor and prevent abuse, fraud, and rate-limit violations.
• To analyze aggregate usage patterns and improve the Service.
• To respond to your support requests.

We do not sell your personal data to third parties. We do not use your content to train AI models without your explicit consent.

We share your data only with:

• Supabase: Our database and authentication provider. Data is stored on Supabase infrastructure with encryption at rest.
• OpenAI: Your content prompts are sent to OpenAI's API to generate posts. OpenAI's data usage policy applies. We do not send your account email or personal details to OpenAI.
• Razorpay: For payment processing. Subject to Razorpay's privacy policy.
• Resend: For transactional email delivery. Your email address is shared only to deliver emails you requested.
• Twitter/X and LinkedIn: Your content and access tokens are used solely to publish on your behalf when you authorize it.
• Crisp: Our live chat support provider may receive your name, email, and conversation history when you use the chat widget.
• Vercel: Our hosting provider. May process request logs including IP addresses.

We may disclose your information if required by law, court order, or governmental authority.

• Account data is retained for as long as your account is active. You may request deletion at any time (see Section 7).
• Generated posts and scheduled content are retained to power your dashboard history.
• Payment records are retained as required by applicable financial regulations (typically 7 years).
• OAuth access tokens for connected social accounts are deleted when you disconnect a platform from Settings.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS/HTTPS) and at rest.
• Authentication is handled by Supabase with JWT-based session management.
• API endpoints are protected with authentication and rate limiting.
• Service role keys and secrets are never exposed to the client.
• Access tokens for social media accounts are stored encrypted in our database and used only for scheduled publishing.

No system is perfectly secure. If you discover a security vulnerability, please email us at support@postpilot.ai and we will respond promptly.

• Access: You can view and update your profile information at any time from your Settings page.
• Disconnecting social accounts: You can revoke our access to your Twitter/X or LinkedIn accounts from Settings → Connected Accounts at any time.
• Email preferences: You can opt out of weekly digest emails and publish notifications from Settings → Notifications.
• Data deletion: You may request deletion of your account and all associated data by emailing us at support@postpilot.ai. We will process your request within 30 days.
• Data portability: You may request a copy of your generated content and account data in a machine-readable format.

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority.

We use the following cookies:

• Authentication cookies (essential): Set by Supabase to keep you signed in. Cannot be disabled without breaking the Service.
• Referral cookie (postpilot_ref): Set for 30 days when you visit a referral link, to credit the referring user. Deleted after signup.

We do not use advertising, tracking, or analytics cookies from third-party ad networks.

PostPilot AI is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the app. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: support@postpilot.ai