FeaturesHow it WorksPricingDemo
Log inGet Started Free

Privacy Policy

Last updated: March 2026

SmartPost ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

1. Data We Collect

Account information

Name, email address, and password hash (bcrypt) when you register with credentials. When you use Google or GitHub OAuth, we receive your name, email, and profile picture from those providers.

Usage data

We log the number of AI generations and posts you make each day to enforce your subscription limits. We do not store the content of your generations beyond what is needed to deliver the Service.

Platform credentials

API tokens and bot credentials you provide are encrypted at rest using AES-256-GCM and stored in our database. We never transmit your credentials to third parties other than the social media platform they belong to.

Payment information

We do not store payment card details. All payment processing is handled by Stripe, Inc. We store your Stripe customer ID and subscription status to manage your account.

Technical data

IP addresses (for rate limiting), browser user-agent, and standard server logs retained for up to 90 days.

2. How We Use Your Data

  • To provide and operate the Service
  • To enforce usage limits and subscription entitlements
  • To send transactional emails (email verification, password reset, billing receipts)
  • To prevent fraud and abuse
  • To respond to support requests
  • To comply with legal obligations

We do not sell your personal data. We do not use your content to train AI models.

3. Data Sharing

We share data only with:

  • Stripe — payment processing
  • Social media platforms — when posting on your behalf using credentials you provided
  • Infrastructure providers — hosting and database services under data processing agreements
  • Law enforcement — when required by valid legal process

4. Data Retention

We retain your account data for as long as your account is active. After account deletion, personal data is removed within 30 days, except where we are required by law to retain it longer (e.g., financial records for 7 years).

5. Your Rights (GDPR / CCPA)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@smartpost.ai.

6. Cookies

We use strictly necessary cookies for authentication (session tokens) and preference storage. See our Cookie Policy for details.

7. Security

We use industry-standard security measures including HTTPS/TLS, AES-256-GCM encryption for credentials, bcrypt password hashing (cost factor 12), and regular dependency audits. No system is 100% secure; please use a strong, unique password for your account.

8. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to this Policy

We may update this Privacy Policy. We will notify you by email for material changes. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy questions or requests, contact privacy@smartpost.ai.