Privacy Policy

At PowerPost, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content generation platform (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using the Service:

Account Information

• Email address
• Authentication method (Google, Apple, Facebook, or email)
• Profile information provided by third-party authentication providers

Content Information

• Topic descriptions and prompts you submit for content generation
• Platform preferences (Instagram, TikTok, X, YouTube)
• Tone and style preferences
• Custom call-to-action text
• Generated content and outputs

Payment Information

• Subscription tier and status
• Billing history and transaction records
• Note: Payment card details are processed directly by Paddle and are not stored by us

Communication Information

• Contact form submissions (name, email, phone, message)
• Customer support correspondence

1.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

Usage Data

• Generation history and timestamps
• Feature usage patterns
• Credit consumption and transaction history

Technical Data

• IP address (used for rate limiting and security)
• Browser type and version
• Device information
• Operating system
• Referring URLs

1.3 Information from Third Parties

When you authenticate using third-party providers (Google, Apple, Facebook), we receive basic profile information as permitted by your privacy settings with those providers. This typically includes your email address and name.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Improve the Service

• Process your content generation requests
• Maintain your generation history
• Manage your account and subscription
• Process payments and billing
• Provide customer support
• Improve and optimize the Service

2.2 Communication

• Send transactional emails (account verification, password reset, billing)
• Respond to your inquiries and support requests
• Send important service announcements
• With your consent, send marketing communications

2.3 Security and Compliance

• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and Acceptable Use Policy
• Implement rate limiting to prevent abuse
• Comply with legal obligations

2.4 Analytics and Research

• Analyze usage patterns to improve features
• Conduct aggregated, anonymized research
• Monitor service performance and reliability

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

3.1 Contractual Necessity

Processing necessary to provide the Service, including account management, content generation, and subscription handling.

3.2 Legitimate Interests

Processing for our legitimate business interests, including improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.

3.3 Consent

Where we rely on your consent for processing (such as marketing communications), you may withdraw consent at any time.

3.4 Legal Obligation

Processing necessary to comply with legal requirements, such as tax and accounting obligations.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who assist in operating the Service:

• Supabase: Authentication and database services
• Paddle: Payment processing (Paddle acts as Merchant of Record)
• AI Providers: OpenAI, Perplexity, and similar services for content generation
• Cloud Infrastructure: Hosting and content delivery

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose information if required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to valid government requests
• Protect our rights, privacy, safety, or property
• Investigate potential violations of our Terms

4.3 Business Transfers

If PowerPost is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

4.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

5.1 Account Data

We retain your account information and generation history for as long as your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where we are required to retain it for legal purposes.

5.2 Billing Records

We retain billing and transaction records for up to 7 years to comply with tax and accounting requirements.

5.3 Communication Records

Support correspondence and contact form submissions are retained for up to 3 years for quality assurance and to resolve any disputes.

5.4 Anonymized Data

We may retain anonymized, aggregated data indefinitely for analytics and service improvement purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data is encrypted in transit (TLS/HTTPS) and at rest
• Access Controls: Role-based access with the principle of least privilege
• Authentication: Secure authentication through industry-standard providers
• Row-Level Security: Database-level isolation ensuring you can only access your own data
• Regular Audits: Periodic security reviews and vulnerability assessments
• Incident Response: Procedures for detecting and responding to data breaches

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Rights for All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Data Portability: Receive your data in a structured, machine-readable format

7.2 Additional Rights for EEA/UK Users (GDPR)

• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Complaint: Lodge a complaint with your local data protection authority

7.3 California Residents (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA:

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell your data)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Limit use of sensitive personal information

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at hello@powerpost.ai. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequate data protection laws
• Binding corporate rules or other approved mechanisms

Our service providers, including our AI partners and infrastructure providers, may process data in the United States and other countries.

9. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at hello@powerpost.ai, and we will promptly delete such information.

10. Third-Party Services

The Service integrates with third-party services that have their own privacy policies:

10.1 Payment Processing

Paddle processes all payments and acts as Merchant of Record. View their Privacy Policy.

10.2 Authentication

• Supabase: Privacy Policy
• Google: Privacy Policy
• Apple: Privacy Policy
• Facebook: Privacy Policy

10.3 AI Services

• OpenAI: Privacy Policy
• Perplexity: Privacy Policy

We encourage you to review the privacy policies of these third-party services.

11. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service. For detailed information about our cookie practices, please see our Cookie Policy.

11.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how the Service is used

11.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

12. AI and Your Data

This section explains how your data is used in connection with AI-powered features.

12.1 AI Processing

When you use the Service, your content descriptions and preferences are sent to third-party AI providers to generate content. This data is processed to fulfill your generation requests.

12.2 No Training on Your Data

We do not use your content descriptions, generated outputs, or personal information to train or fine-tune AI models. Your data is used solely to provide the Service to you.

12.3 AI Provider Policies

Our AI providers have their own data handling practices. We use API-based integrations where, according to these providers' policies, data submitted through APIs is typically not used for model training. We encourage you to review their privacy policies for more information.

12.4 Aggregated Insights

We may analyze anonymized, aggregated usage patterns to improve the Service. This analysis does not identify individual users and is not used to train AI models.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you through the Service or by email for material changes
• Provide a summary of key changes where appropriate

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EEA/UK residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns.