Privacy Policy
Last updated: July 13, 2026
This Privacy Policy explains how GoPostAuto ("GoPostAuto", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our website at gopostauto.com and our AI marketing platform (the "Service"). GoPostAuto helps you generate, schedule, and publish content to Facebook, Instagram, and LinkedIn.
By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
We collect the following categories of information:
- Account information — your name and email address when you create an account, and your profile avatar if you upload one.
- Workspace content — the posts, captions, drafts, comments, approvals, brand kits, schedules, and other content you create or upload within your workspaces.
- Uploaded media — images and other media files you upload to attach to your posts.
- Social account connection tokens — OAuth access and refresh tokens for the Facebook, Instagram, and LinkedIn accounts you choose to connect, plus basic account metadata such as the connected page/profile name and ID.
- Engagement metrics — reach, impressions, likes, comments, and similar statistics we retrieve for the posts you publish through the Service.
- Billing information — subscription and payment status. Card details are handled directly by our payment processor, Stripe; we do not store full card numbers.
- Technical data — limited log and device data (such as IP address and browser type) needed to operate and secure the Service.
2. How We Use Your Information
- To provide, operate, and maintain the Service and your workspaces.
- To generate content with AI at your request and to schedule and publish the content you approve to your connected social accounts.
- To retrieve and display engagement metrics for content you publish.
- To process subscriptions and payments.
- To communicate with you about your account, security, and service updates.
- To detect, prevent, and address fraud, abuse, and security issues.
- To comply with legal obligations and enforce our Terms of Service.
We never sell your personal data, and we do not use your workspace content or connected social data for advertising or to train third-party AI models beyond what is strictly required to fulfil your requests.
3. Facebook, Instagram and LinkedIn Data
When you connect a social account, we request only the permissions needed to provide the Service and store the resulting OAuth tokens encrypted at rest. We use these tokens solely to publish the content you schedule and to read engagement metrics for your own posts. We never post without your instruction, and we never read your private messages or unrelated content.
The permissions we request and why:
- Facebook & Instagram — Pages and content publishing (e.g. pages_show_list, pages_read_engagement, pages_manage_posts, instagram_basic, instagram_content_publish, business_management): to list the Pages and Instagram professional accounts you manage, publish the posts you schedule, and read engagement metrics for those posts.
- LinkedIn — Sign in and posting (e.g. openid, profile, email, w_member_social and the relevant organization/page permissions where you manage a Company Page): to identify your account, publish the posts you schedule, and read engagement metrics for those posts.
You can disconnect any social account at any time from Settings → Connections → Disconnect. Disconnecting immediately deletes the stored access and refresh tokens for that account. Our use and transfer of information received from Meta APIs and the LinkedIn Marketing APIs adhere to their respective Platform Terms and Developer Policies.
4. How We Store and Protect Your Data
Your data is stored in our managed database and object storage provided by Supabase. OAuth tokens for connected social accounts are encrypted at rest. Access to production data is restricted, and row-level security isolates each workspace's data from others.
5. Third-Party Processors
We share data with a limited set of processors only as needed to run the Service:
- Supabase — database, file storage, and authentication.
- Anthropic — AI generation of content you request. Prompts and the text you ask us to generate are processed to return results to you.
- Stripe — subscription billing and payment processing.
- Meta (Facebook / Instagram) and LinkedIn Platform APIs — to publish your content and retrieve engagement metrics for your posts.
6. Data Retention
We keep your personal data for as long as your account is active. We also operate an automated retention policy that runs nightly to minimise the data we hold:
- Detailed engagement metric snapshots are downsampled after 14 days and removed after 365 days.
- Publishing attempt logs and social account event logs are removed after 90 days.
- Expired OAuth state records and stale rate-limit records are removed automatically.
- Read notifications are removed after 60 days.
When you delete your account, or disconnect a social account, the associated data is deleted as described in our Data Deletion Instructions.
7. Your Rights
Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can:
- Access and update your profile from Settings → Profile.
- Export your workspace content from within the app.
- Delete your account and all associated data from Settings → Profile → Delete my account.
- Contact us to exercise any of these rights (see Contact below).
8. Cookies
We use strictly necessary cookies and similar local storage to keep you signed in, remember your active workspace, and store your theme preference. We do not use third-party advertising cookies.
9. Children's Privacy
The Service is not directed to children. You must be at least 16 years old (or 13 where permitted by local law with appropriate consent) to use GoPostAuto. We do not knowingly collect data from children under these ages; if we learn we have, we will delete it.
10. International Data Transfers
We and our processors may store and process your data in countries other than your own, including the United States. Where required, we rely on appropriate safeguards such as standard contractual clauses to protect your data during international transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version here and revise the "Last updated" date above. Material changes will be communicated through the Service where appropriate.
12. Contact Us
If you have questions about this Privacy Policy or your data, contact us at privacy@gopostauto.com.