Privacy Policy

Last Updated: January 14, 2026

This Privacy Policy describes how postcore ("we," "us," or "our") collects, uses, and shares information about you when you use our website, API, and services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address
  • Name (optional)
  • Payment information (processed by Stripe)
  • Company information (optional)

API Usage Information:

  • API keys you create
  • API request logs and metadata
  • Profile configurations

Social Media Credentials:

  • LinkedIn OAuth tokens
  • Bluesky app passwords and handles
  • Platform connection metadata

Content You Schedule:

  • Post text content
  • Scheduled posting times
  • Target platforms
  • Post status and publishing results

1.2 Information We Collect Automatically

Usage Data:

  • API endpoint requests and responses
  • Request timestamps and IP addresses
  • Error logs and debugging information
  • Feature usage patterns

Device and Browser Information:

  • Browser type and version
  • Operating system
  • Device identifiers
  • Referring URLs

Cookies and Similar Technologies:

  • Session cookies for authentication
  • Preference cookies for settings
  • Analytics cookies (with your consent)

2. How We Use Your Information

2.1 Provide and Improve the Service

  • Authenticate API requests
  • Process and schedule social media posts
  • Connect to social media platforms on your behalf
  • Monitor API usage and enforce rate limits
  • Debug issues and provide technical support
  • Improve Service performance and reliability

2.2 Communicate With You

  • Send service-related notifications
  • Respond to your support inquiries
  • Send important updates about the Service
  • Notify you of subscription changes or payment issues
  • Share product updates (with your consent)

2.3 Billing and Administration

  • Process subscription payments
  • Track usage against your plan limits
  • Generate invoices and receipts
  • Prevent fraud and abuse

2.4 Legal and Safety

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraudulent or illegal activity
  • Respond to legal requests

2.5 Analytics and Business Operations

  • Understand how the Service is used
  • Analyze trends and usage patterns
  • Plan infrastructure and capacity
  • Make business decisions about features and pricing

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Your Consent

We may share information when you explicitly authorize us to do so.

3.2 Service Providers

We share information with third-party service providers who help us operate the Service:

  • Stripe: Payment processing
  • Clerk: Authentication and user management
  • Supabase: Database and storage
  • Hosting providers: Infrastructure and server hosting

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.3 Social Media Platforms

We transmit your scheduled content to LinkedIn and Bluesky as necessary to provide the Service. This transmission is governed by each platform's respective terms and privacy policies:

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change.

3.5 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders or subpoenas
  • Law enforcement requests
  • National security demands
  • Legal processes that require disclosure

3.6 Protection of Rights

We may share information to:

  • Protect our legal rights and property
  • Enforce our Terms of Service
  • Investigate potential violations
  • Protect the safety of our users or the public

3.7 Aggregate and De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, such as:

  • General usage statistics
  • Platform posting trends
  • Industry benchmarks

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Encrypted storage of social media credentials (AES-256)
  • Secure API authentication using API keys
  • Regular security audits and updates
  • Access controls and authentication requirements

4.2 Your Responsibility

You are responsible for:

  • Keeping your account credentials secure
  • Protecting your API keys
  • Using strong passwords
  • Notifying us of any security breaches

4.3 No Absolute Security

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your information.

5. Data Retention

5.1 Active Accounts

We retain your information for as long as your account is active and as necessary to provide the Service.

5.2 Deleted Accounts

When you delete your account:

  • We delete your account information and scheduled posts
  • Some data may be retained in backups for up to 30 days
  • We may retain certain data to comply with legal obligations
  • Anonymized usage data may be retained for analytics

5.3 Legal Requirements

We may retain information longer if required by law, to resolve disputes, or to enforce our agreements.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your account information through the dashboard.

6.2 Data Portability

You can export your scheduled posts and account data through our API.

6.3 Deletion

You can delete your account at any time through the dashboard. This will delete your personal information, subject to our retention policies.

6.4 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or by contacting us.

6.5 Cookie Preferences

You can control cookies through your browser settings. Disabling certain cookies may impact Service functionality.

6.6 Platform Access

You can revoke postcore's access to your social media accounts at any time through:

  • LinkedIn: App settings
  • Bluesky: Delete app password in Bluesky settings

6.7 Additional Rights (GDPR/CCPA)

If you are in the European Union or California, you may have additional rights:

  • Right to know what information we collect
  • Right to request deletion of your information
  • Right to opt-out of data sales (we don't sell data)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@postcore.dev.

7. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

9. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Social Media Platform Integration

10.1 OAuth Connections (LinkedIn)

When you connect your LinkedIn account, you authorize postcore to:

  • Post content on your behalf
  • Access your basic profile information
  • Maintain the connection through access tokens

We only use these permissions to provide the Service as you direct.

10.2 Credential Connections (Bluesky)

When you connect using Bluesky app passwords:

  • You create an app-specific password in Bluesky
  • We store this password in encrypted form
  • We use it only to post content as you direct
  • You can revoke access by deleting the app password in Bluesky settings

10.3 Platform Privacy Policies

Your use of social media platforms through postcore is also governed by their privacy policies. We recommend reviewing:

11. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal information we collect, use, and share.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@postcore.dev.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

  • Contract performance (to provide the Service)
  • Legitimate interests (to improve and secure the Service)
  • Consent (for marketing communications)

Your Rights:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

To exercise these rights, contact us at privacy@postcore.dev.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email to your registered email address
  • Notice on our website
  • Update to the "Last Updated" date

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

Email: privacy@postcore.dev

By using postcore, you acknowledge that you have read and understood this Privacy Policy.