Privacy Policy

1.1 Account Information

When you create a PostSpread account, we collect:

• Full name - to personalize your dashboard and communications
• Email address - for account verification, notifications, and support
• Profile information - any additional details you choose to share

1.2 Billing Information

For paid plans, we securely collect:

• Payment method details - processed through our trusted payment partners
• Billing address - required for payment processing and tax compliance
• Transaction history - to maintain accurate billing records

1.3 Social Media Credentials

To provide our core functionality, we collect:

• OAuth tokens and access keys - to connect and post to your social media accounts
• Account usernames and profile data - from connected platforms
• Posting permissions - as granted by you for each connected account

1.4 Content and Usage Data

We process:

• Your posts and media - content you create and schedule through PostSpread
• Analytics data - performance metrics from your connected social accounts
• Usage patterns - how you interact with our platform to improve our service

1.5 Technical Information

Our systems automatically collect:

• Device and browser information - to ensure compatibility and security
• IP addresses and location data - for security and service optimization
• Cookies and similar technologies - to enhance your experience

2.1 Core Service Delivery

• Enable posting and scheduling across your connected social media platforms
• Provide analytics and insights about your social media performance
• Sync content and maintain consistent posting schedules
• Deliver notifications about post status and account activities

2.2 Account Management

• Authenticate your identity and maintain account security
• Process payments and manage your subscription
• Provide customer support and respond to your inquiries
• Send important service updates and policy changes

2.3 Service Improvement

• Analyze usage patterns to enhance our platform features
• Troubleshoot technical issues and optimize performance
• Conduct research to develop new tools and capabilities
• Ensure our service remains secure and reliable

3.1 Social Media APIs

PostSpread integrates with various social media platforms including Facebook, Instagram, X (Twitter), LinkedIn, and others. When you connect these accounts:

• We access only the permissions you explicitly grant
• Your data is subject to each platform's respective terms and privacy policies
• We store minimal necessary data to maintain functionality

3.2 YouTube Integration

For YouTube functionality, we utilize YouTube API Services. By connecting YouTube:

• You agree to YouTube's Terms of Service (https://www.youtube.com/t/terms)
• Your YouTube data is also governed by Google's Privacy Policy
• We only access data necessary for posting and analytics features

4.2 Limited Sharing

We may share your information only in these specific circumstances:

• With social media platforms - to execute posts and retrieve analytics as you've requested
• With service providers - trusted partners who help us operate our platform (payment processors, hosting services, analytics tools)
• For legal compliance - when required by law or to protect our rights and users' safety
• Business transfers - if PostSpread is acquired or merged, your data may be transferred under equivalent privacy protections

4.3 Data Processing Partners

Our key partners include:

• Payment processors for secure billing
• Cloud hosting providers for data storage and service delivery
• Analytics services for performance monitoring (anonymized data only)

5.1 Security Measures

We implement robust security practices:

• Encryption - All sensitive data is encrypted both in transit and at rest using industry-standard protocols
• Access controls - Strict employee access limitations and authentication requirements
• Regular audits - Ongoing security assessments and vulnerability testing
• Secure infrastructure - Enterprise-grade hosting with multiple security layers

5.2 OAuth Token Security

Social media access tokens are:

• Encrypted using AES-256 encryption
• Stored separately from other account data
• Regularly rotated and monitored for suspicious activity
• Never exposed in logs or transmitted unencrypted

6.1 Account Control

You can:

• Access your data - download a copy of your account information
• Update information - modify your profile and account details at any time
• Delete content - remove posts, scheduled content, and account data
• Disconnect platforms - revoke access to connected social media accounts

6.2 Communication Preferences

You control:

• Email notifications - customize which updates you receive
• Marketing communications - opt out of promotional emails (service emails will continue)
• Push notifications - manage mobile and browser notification settings

6.3 Data Portability

Upon request, we can provide your data in a commonly used format for transfer to other services.

7.1 Active Accounts

We retain your information as long as your account remains active and for legitimate business purposes.

7.2 Account Deletion

When you delete your account:

• Personal information is removed within 30 days
• Some data may be retained for legal compliance or security purposes
• Anonymized usage data may be kept for service improvement

7.3 Inactive Accounts

Accounts inactive for 24 months may be automatically deleted after email notification.

8.2 How to Request Data Deletion

You can delete your data through:

• Account Settings - Go to Settings → Account → Delete Account

  This will permanently delete your account and all associated data

• Email Request - Send a deletion request to [email protected]

  Include your registered email address for verification

• Facebook Data Deletion - If you signed up via Facebook Login, you can also request deletion through your Facebook settings

  Go to Facebook → Settings → Apps and Websites → PostSpread → Remove

8.3 What Gets Deleted

When you request data deletion, we permanently remove:

• Your account information (name, email, profile data)
• All scheduled and published posts
• Connected social media account tokens
• Billing information and transaction history
• Analytics and usage data
• All uploaded media files

8.4 Deletion Timeline

Data deletion process:

• Immediate: Your account is deactivated immediately
• Within 30 days: All personal data is permanently deleted from our active systems
• Within 90 days: Data is removed from backups and archives

8.5 Legal Retention

Some data may be retained longer if required by law:

• Financial records for tax/accounting purposes (up to 7 years)
• Fraud prevention and security logs
• Legal compliance and dispute resolution

This data is kept in a restricted format and is not used for any other purpose.

11.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our practices or services
• Legal or regulatory requirements
• User feedback and industry best practices

11.2 Notification Process

For material changes, we'll notify you via:

• Email to your registered address
• Prominent notice in the PostSpread dashboard
• Updates posted on our website

Continued use of PostSpread after policy changes indicates your acceptance of the updated terms.

12.1 Privacy Questions

For any privacy-related questions or concerns:

• Email: [email protected]
• Support Portal: Available through your PostSpread dashboard
• Response Time: We aim to respond within 48 hours

12.2 Data Protection Officer

For users in regions with specific data protection laws, you may contact our Data Protection Officer at: [email protected]

13.1 European Union (GDPR)

EU residents have additional rights including:

• Right to rectification and erasure
• Right to data portability
• Right to object to processing
• Right to lodge complaints with supervisory authorities

13.2 California (CCPA)

California residents may:

• Request information about data collection and sharing
• Request deletion of personal information
• Opt out of the sale of personal information (though we don't sell data)
• Not be discriminated against for exercising privacy rights

13.3 Other Jurisdictions

We comply with applicable data protection laws in all regions where we operate.