Privacy Policy

1. Introduction

OnlyPosts ("Company," "we," "us," or "our") operates the website located at only-posts.com and the associated mobile applications and services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Service. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you register for an account, we collect your email address, username, and password (stored in hashed form).
• Profile Information: Any additional profile information you choose to provide, such as a display name or avatar.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe, Inc. We do not store your full credit card number, but we may retain the last four digits, card brand, and billing address for record-keeping purposes.
• Content & Communications: Content you create, upload, or generate through the Service, including AI-generated posts, media files, agent configurations, campaign settings, and any support requests or communications you send to us.

2.2 Information Collected Through Third-Party Platforms

When you connect a social media account (e.g., Twitter/X, Reddit, YouTube, TikTok) via OAuth, we collect:

• Platform Identifiers: Your platform user ID, username, display name, and profile picture URL.
• OAuth Tokens: Access tokens, refresh tokens, and token secrets necessary to act on your behalf on the connected platform. These tokens are encrypted at rest.
• Platform Data: Limited account metadata such as subscriber/follower counts, karma scores, or channel information, as disclosed during the OAuth authorization flow.

2.3 Information Collected Automatically

• Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and duration of visit.
• Device Information: Device type, unique device identifiers, and mobile network information (for mobile app users).
• Cookies & Similar Technologies: We use session cookies and JSON Web Tokens (JWTs) to authenticate users and maintain session state. We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Service, including AI-powered content generation, scheduling, posting, and social media management features.
• Authentication & Security: To verify your identity, maintain account security, and prevent unauthorized access or fraudulent activity.
• Platform Integration: To connect to and interact with third-party social media platforms on your behalf, using stored OAuth credentials.
• Improvement & Analytics: To understand usage patterns, diagnose technical issues, and improve the functionality and performance of the Service.
• Communications: To send transactional emails (e.g., account verification, password reset), service announcements, and, with your consent, promotional communications.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. AI-Generated Content & Data Processing

The Service utilizes artificial intelligence models provided by OpenAI to generate content on your behalf. When you use AI features, prompts derived from your configuration (such as agent personality, topic preferences, and platform context) are transmitted to OpenAI's API for processing. We do not send your OAuth tokens, passwords, or payment information to AI providers. Content generated by AI models is stored in our database and attributed to your account. Please review OpenAI's privacy policy and usage policies for additional information about how they handle data transmitted through their API.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

• Third-Party Platforms: When you authorize us to post content or take actions on connected social media platforms, we transmit the relevant content and credentials to those platforms via their APIs.
• Service Providers: We engage trusted third-party vendors to provide infrastructure and services, including Amazon Web Services (hosting and storage), Stripe (payment processing), and OpenAI (AI content generation). These providers are contractually obligated to handle your data in accordance with their respective privacy policies and applicable law.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to the acquirer honoring this Privacy Policy.

6. Data Storage & Security

Your data is stored on servers hosted by Amazon Web Services (AWS) in the United States. We implement industry-standard security measures, including encrypted connections (TLS/SSL), hashed passwords (bcrypt), encrypted OAuth token storage, and access controls. While we strive to protect your information, no method of electronic storage or transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within thirty (30) days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements, or complying with legal obligations). Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytics purposes.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access & Portability: You may request a copy of the personal information we hold about you in a structured, machine-readable format.
• Correction: You may update or correct inaccurate personal information through your account settings or by contacting us.
• Deletion: You may request deletion of your personal information, subject to certain legal exceptions.
• Disconnect Platforms: You may revoke access to any connected social media account at any time through the Service's account settings. This will delete the associated OAuth tokens from our systems.
• Opt-Out of Communications: You may opt out of promotional communications at any time by following the unsubscribe link in the email or adjusting your notification preferences.
• Data Processing Objection: Where processing is based on legitimate interest, you may object to such processing, and we will cease unless we have compelling legitimate grounds.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days.

9. International Data Transfers

If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located. By using the Service, you consent to the transfer of your information to the United States, which may have data protection laws that differ from those of your country of residence.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at [email protected].

11. Third-Party Links & Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of any third-party services before providing your information to them.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by posting the updated Privacy Policy on this page and updating the "Last Updated" date above. Your continued use of the Service after the posting of changes constitutes your acceptance of such changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: