Back to home
Legal

Privacy Policy

Last updated: May 25, 2026

AutoPostr ("AutoPostr," "we," "us," or "our") helps creators research, write, critique, and publish content across social platforms. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to autopostr.app and the connected AutoPostr application.

1. Information we collect

Account information

When you create an AutoPostr account we collect your name, email address, and a hashed password (or, if you sign in with a third-party identity provider such as Google, the profile information that provider returns to us — typically email, display name, and a provider-issued identifier).

Connected social platform data

AutoPostr connects to third-party platforms (YouTube, TikTok, Instagram, Facebook, X, and others we may add). When you authorize a connection we receive and store:

  • OAuth access and refresh tokens issued by the platform;
  • Channel, page, or account identifiers and display metadata (name, handle, avatar);
  • Public profile data and aggregated analytics returned by the platform's API;
  • Media you choose to upload through AutoPostr and any captions, titles, descriptions, or scheduling metadata you create.

Content you create

Briefs, drafts, prompts, schedules, brand-voice settings, generated assets (text, captions, images, audio, video), critique scores, and publishing history.

Usage and device data

Standard logs (IP address, user agent, request timestamps, error traces, page views) used to operate, debug, and secure the service. We do not sell this data and do not use it for cross-site advertising.

2. How we use your information

  • Authenticate you and operate your account;
  • Run the AutoPostr pipeline (research → write → critique → publish) on your behalf;
  • Send content to the social platforms you have connected, only at your direction or on the schedule you configure;
  • Provide analytics, history, and recommendations inside your workspace;
  • Detect abuse, prevent fraud, and maintain platform security;
  • Comply with legal obligations and enforce our Terms of Use.

We do not use the contents of your connected accounts, your drafts, or any data obtained from Google APIs to train, fine-tune, or build generalized AI models.

3. How we share your information

We share information only in the limited circumstances below.

  • With social platforms you connect.When you schedule or publish a post, we transmit the content, scheduling, and authentication tokens to that platform's API so it can be delivered.
  • With AI model and infrastructure providers. We use third-party services such as OpenAI, Anthropic, Google, fal.ai, Supabase, Railway, and Vercel to process and host your content. These providers act as data processors under contract and are not permitted to use your data to train their models.
  • For legal or safety reasons. When required by law, valid legal process, or to protect the rights, property, or safety of AutoPostr, our users, or the public.
  • In a business transfer. If AutoPostr is involved in a merger, acquisition, or sale of assets, your information may be transferred subject to equivalent privacy protections.

We do not sell or rent your personal information.

4. Google API Services User Data Policy

AutoPostr's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect a Google account (for example to publish to YouTube), AutoPostr only uses the data we receive to provide and improve user-facing features within AutoPostr. We do not transfer that data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use that data to serve advertisements, and we do not let humans read it unless we have your affirmative consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations.

5. Meta / Instagram API Data

AutoPostr integrates with the Instagram Graph API provided by Meta Platforms, Inc. When you connect an Instagram Business or Creator account, AutoPostr requests only the permissions required to deliver the features you have chosen to enable. Below is a plain-language description of each permission and how AutoPostr uses it.

instagram_business_basic

This permission grants read-only access to the basic profile information of your connected Instagram Business or Creator account — including your Instagram user ID, username, profile picture, account type, and follower/following counts.

AutoPostr uses this data exclusively to:

  • Identify and display your connected Instagram account within your AutoPostr workspace (account name, handle, and avatar);
  • Confirm that a valid Business or Creator account is linked before enabling publishing or messaging features;
  • Retrieve basic post and reel media objects so they can be shown in your content library and analytics dashboard.

We do not use instagram_business_basicdata to build advertising profiles, to run targeted advertisements, or for any purpose outside AutoPostr's content-creation and scheduling features.

instagram_business_manage_messages

This permission grants the ability to read and send direct messages (DMs) and story-mention replies on your connected Instagram Business account.

AutoPostr uses this data exclusively to:

  • Surface incoming DMs and story mentions inside your AutoPostr workspace so you can monitor and respond to audience engagement in one place;
  • Send replies to messages at your explicit instruction — AutoPostr never sends messages autonomously without your review and approval;
  • Display conversation history necessary to provide context when you compose a reply.

Message content is transmitted securely and retained only as long as needed to display it in your workspace. We do not use message content to train AI models, build advertising profiles, or share it with any third party beyond the infrastructure providers that operate AutoPostr (listed in §3 above). You can disconnect your Instagram account and revoke this access at any time from your AutoPostr settings or directly via Meta's Apps and Websites settings.

General Meta data-use commitments

  • AutoPostr's use of data obtained from Meta APIs is limited to providing and improving the features you have explicitly requested within AutoPostr.
  • We do not sell, license, or transfer Meta user data to third parties for advertising, data brokerage, or any purpose unrelated to operating AutoPostr.
  • We do not use Meta user data to build user profiles for purposes outside AutoPostr.
  • We comply with the Meta Platform Terms and the Meta Developer Policies.

6. Data retention and deletion

We retain account and content data for as long as your account is active. You can delete individual campaigns, drafts, or platform connections from inside AutoPostr at any time.

To delete your account and associated data, email privacy@autopostr.app from your account email address, or use the in-app account deletion control. We will delete your personal data and revoke stored OAuth tokens within 30 days of a verified request, except where we are required to retain specific records to comply with law, resolve disputes, or enforce our agreements.

You may also revoke AutoPostr's access to any connected account directly with the provider — for example via Google Account permissions for Google/YouTube connections.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete the personal information we hold about you, and to withdraw consent for processing based on consent. To exercise any of these rights, contact privacy@autopostr.app. We will respond within the time required by applicable law.

8. Security

We use industry-standard safeguards including encryption in transit (TLS) and at rest, scoped access controls, audit logging, and regular dependency review. OAuth tokens are stored encrypted. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security but we will notify affected users without undue delay if a breach affecting personal data occurs.

9. International transfers

AutoPostr is operated from the United States and our processors may store and process data in other countries. By using AutoPostr you understand your information may be transferred to jurisdictions whose data protection laws differ from your own. Where required, we rely on standard contractual clauses or equivalent safeguards.

10. Children

AutoPostr is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@autopostr.app and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or in-app notice and update the "Last updated" date above. Continued use of AutoPostr after the effective date constitutes acceptance of the revised policy.

12. Contact

Questions, requests, or complaints? Email privacy@autopostr.app.