Privacy Policy

Account data: your email, display name, and a password hash (or an OAuth token if you signed in via Google).

Connected accounts: social-platform access tokens managed by our integration provider (PostForMe), plus the platform username and avatar URL we display in-app.

Content: posts, media, captions, schedules, tags, and drafts you create.

Usage: minimal server logs (IP, user-agent, route) for security and debugging. No ad-tracking cookies.

Billing: handled by Stripe. We never see or store card numbers.

• Deliver your posts to the social platforms you connected.
• Show you analytics and status pulled from those platforms.
• Enforce plan limits and process billing.
• Send transactional email (account + billing events).
• Improve reliability via error and performance monitoring.

We do not sell your data. We do not train AI models on your private content.

We share data with a small set of processors to run the service:

• Supabase — database and authentication.
• PostForMe — social platform OAuth and publishing.
• Stripe — billing and invoices.
• OpenAI — AI caption generation (prompts only; no stored history).

You can export or delete your data at any time from Settings → Profile. Deleting your account removes your content from our database; backups are retained up to 30 days before being purged. You can also request a copy of your data by emailing privacy@octoposta.com.

We use first-party cookies for session management and preferences (theme, timezone, etc.). See our Cookie Policy for the full list.

Octoposta is not directed to children under 16. If you believe we've collected data from a child under 16, email us and we'll delete it.

We'll notify you by email or an in-app notice when this policy changes materially.

For any privacy question, email privacy@octoposta.com.