← Back to PostPilot

Privacy Policy

Last updated: February 21, 2026

1. Introduction

PostPilot ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use our AI-powered social media content creation platform ("the Service").

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and password when you create an account, or your Google account details if you sign in with Google OAuth
  • Business information: Business name, industry, phone number, address, website URL, description, and services
  • Brand assets: Photos, logos, and images you upload, along with labels and descriptions you assign to them
  • Brand preferences: Brand colors, fonts, tone, voice profile, and style settings
  • User prompts: Instructions and prompts you provide to generate social media content
  • Payment information: Billing details processed securely through our payment provider (we do not store your full credit card number)
  • Support messages: Communications you send through our support feature

2.2 Information We Collect From Your Website

When you provide a website URL for scanning, we collect publicly available information including:

  • Page titles, meta descriptions, and metadata
  • Text content from headings, paragraphs, and lists across multiple pages
  • Color values from stylesheets and inline styles
  • Font families from CSS and linked stylesheets
  • Images (up to 20) from your website, excluding tracking pixels, icons, and other non-content images
  • Links to internal pages (we may crawl up to 8 subpages for additional content)

2.3 Information Collected Automatically

  • Usage data: Features you use, posts you generate, and how you interact with the Service
  • Device information: Browser type, operating system, and screen resolution
  • Log data: IP address, access times, and pages viewed
  • Local storage: Onboarding progress and preferences stored in your browser

3. How We Use Your Information

We use your information to:

  • Provide the Service: Generate AI-powered social media posts, designs, and captions tailored to your brand
  • Brand extraction and analysis: Process your website data to automatically identify your brand colors, fonts, voice, and business details
  • Store and manage assets: Host your uploaded photos and scraped images so they can be used in generated designs
  • Personalize your experience: Customize content suggestions, prompt starters, and design styles based on your brand profile
  • Process payments: Manage your subscription and billing through our payment provider
  • Communicate with you: Send service-related emails, respond to support requests, and notify you of important updates
  • Improve the Service: Analyze usage patterns to enhance features, fix issues, and develop new functionality
  • Track usage: Monitor your post generation count against your subscription limits

4. How We Share Your Information

We do not sell your personal information. We share your data only with third-party service providers as necessary to operate the Service, in the following categories:

  • AI processing: Your business information, brand voice, prompts, and uploaded photos are sent to AI providers to generate social media designs and captions
  • Cloud storage: Your uploaded photos and scraped website images are stored on secure cloud infrastructure
  • Payment processing: Your billing information is processed by our payment provider. We do not store your full credit card details
  • Database and authentication: Your account information, brand data, generated posts, and conversation history are stored on secure cloud database services
  • Email: Your email address is shared with our email provider for sending transactional emails

We may also share your information if required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

5. Data Storage and Security

  • Your data is stored on servers in the United States through our cloud infrastructure providers.
  • We use encryption in transit (HTTPS/TLS) for all data transmitted between your browser and our servers.
  • Passwords are hashed and salted; we never store plaintext passwords.
  • Payment information is handled entirely by our PCI DSS compliant payment provider.
  • While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • We retain your account data, brand assets, and generated content for as long as your account is active.
  • Onboarding progress is stored locally in your browser and can be cleared by you at any time.
  • After account deletion, we will delete your personal data, brand assets, and generated content within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).
  • Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data and account
  • Data portability: Request a copy of your data in a portable format
  • Opt out: Opt out of marketing communications at any time
  • Restrict processing: Request that we limit how we use your data in certain circumstances

To exercise any of these rights, contact us at postpilothq@proton.me. We will respond within 30 days.

8. Cookies and Local Storage

PostPilot uses:

  • Authentication cookies: Essential cookies to keep you signed in and manage your session
  • Local storage: To save your onboarding progress and editor preferences in your browser so you can resume where you left off

We do not use third-party advertising or tracking cookies.

9. Children's Privacy

PostPilot is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes, we will notify you via email or through the Service. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

postpilothq@proton.me

© 2026 PostPilot. All rights reserved.