Privacy Policy

Last updated: December 24, 2025

1. Introduction

PostPetal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media scheduling platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and email address
  • Password (stored in encrypted/hashed form)
  • Profile picture (optional)
  • Subscription tier and payment status

2.2 Brand Information

  • Brand name, logo, and colors
  • Brand voice, persona, and goals
  • Industry and target audience information

2.3 Social Media Connections

  • OAuth access and refresh tokens (encrypted at rest)
  • Platform username and profile image URL
  • Platform account identifiers

Important: We never store your social media passwords. We use OAuth authentication provided by each platform.

2.4 Content Data

  • Posts you create (drafts, scheduled, and published)
  • Media files you upload (images, videos)
  • AI assistant conversation history
  • Custom templates you create

3. How We Use Your Information

We use your data to:

  • Provide and maintain our service
  • Publish posts to your connected social media accounts
  • Power the AI assistant with your brand context
  • Process payments and manage subscriptions
  • Send transactional emails (password reset, notifications)
  • Improve our service and develop new features

4. Third-Party Services

4.1 Payment Processing

We use Polar for subscription management. Your payment information is handled directly by Polar.

4.2 Email Service

We use Resend to send transactional emails.

4.3 File Storage

Media files are stored on Cloudflare R2.

4.4 AI Services

Our AI assistant is powered by Google AI.

5. Data Security

  • All data is transmitted over HTTPS
  • Passwords are hashed using secure algorithms
  • OAuth tokens are encrypted at rest
  • Regular security audits and updates

6. Data Retention

  • Account data: Until you delete your account
  • Posts and drafts: Until you delete them or your account
  • AI conversations: Until you delete them or your account
  • Session data: Expires after 7 days of inactivity

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data in a portable format
  • Disconnect social media accounts at any time

8. Cookies

We use essential cookies for authentication and session management. These are necessary for the service to function.

9. Children's Privacy

PostPetal is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the service.

11. Contact Us

If you have questions about this Privacy Policy, contact us at: privacy@postpetal.com