← Back to home

Privacy Policy

Last updated: 23 March 2026

PostPilot ("we", "us", or "our") operates the PostPilot social media scheduling platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

We collect information you provide directly, including:

  • Account information: Your name and email address when you register via Clerk.
  • Social account credentials: OAuth access tokens for platforms you connect (Instagram, Facebook, X, TikTok, Pinterest, YouTube, Threads, Bluesky). We store these tokens encrypted at rest to perform scheduling on your behalf.
  • Content you create: Post captions, images, and videos you upload to the media library or schedule for publication.
  • Usage data: Analytics data fetched from connected platforms (impressions, reach, engagement) in order to display performance metrics inside your workspace.

2. How We Use Your Information

  • To provide, operate, and improve the Service.
  • To publish content to connected social accounts on your behalf, at times you schedule.
  • To display analytics and performance data within your workspace.
  • To send transactional emails (e.g., invitations, reports, billing receipts) via Resend.
  • To process subscription payments via Stripe.

3. Social Platform Data

When you connect a social account, PostPilot accesses only the permissions required to schedule and publish content, and to retrieve analytics for posts published through PostPilot. We do not sell, share, or combine your social platform data with third-party advertising networks or data brokers.

Analytics data retrieved from platforms (e.g., Pinterest, YouTube) is used solely to display performance metrics to you inside your PostPilot workspace. It is not stored beyond what is necessary to populate your dashboard, and is not used for any other purpose.

4. Data Sharing

We share your information only with:

  • Clerk — authentication and user management.
  • Neon — PostgreSQL database hosting.
  • Vercel — hosting and edge network.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Upstash — job queue and caching.

We do not sell your personal information to third parties.

5. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription and request deletion of your account, we will delete your personal data and revoke all OAuth tokens within 30 days. Backups may retain data for up to 90 days after deletion.

6. Security

OAuth tokens are encrypted at rest using AES-256 encryption. All data is transmitted over HTTPS. We use Clerk for authentication, which provides industry-standard security controls including multi-factor authentication.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at support@postpilot.app. You may also revoke PostPilot's access to any connected social account at any time through that platform's settings.

8. Cookies

We use only essential session cookies required for authentication (via Clerk). We do not use tracking cookies or third-party advertising cookies.

9. Children's Privacy

PostPilot is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at support@postpilot.app.

Terms of Service · Contact Us