PostPilot
Back to home

Legal

Privacy Policy

Last updated May 1, 2026

This Privacy Policy explains what information PostPilot (“we”, “our”) collects when you use the Service, how we use it, and the choices you have. We try to keep this short and readable.

1. Information We Collect

Account information. When you sign in with Google we receive your name, email address, and profile picture from your Google account. We do not receive your Google password.

Generation inputs and outputs. The topic, platform, and tone you submit are sent to our AI provider (Google Gemini) to produce a draft. We store the prompt and the generated post in your private post history so you can search, favorite, and re-use it.

Usage data. We log basic technical information such as request timestamps, the platform/tone selected, and counts of generations to enforce free-tier limits and improve the Service.

Cookies. We use first-party cookies (provided by Supabase) to keep you signed in. We do not use third-party advertising cookies.

2. How We Use Information

  • To authenticate you and provide the Service.
  • To generate, save, and display your post drafts.
  • To enforce free-tier limits and prevent abuse.
  • To respond to support requests.
  • To debug, monitor, and improve the Service.

We do not use your prompts or generated posts to train AI models, and we do not sell your data.

3. Who We Share With

We share data only with infrastructure providers we rely on to operate the Service:

  • Google— for sign-in (OAuth) and AI generation (Gemini API). Google's privacy practices apply when you authenticate with them.
  • Supabase— our database and authentication backend. Your account record and post history are stored here.
  • Hosting provider— serves the Service and processes incoming requests.

We may also disclose information when required by law, to protect our rights, or in connection with a corporate transaction such as a merger or acquisition.

4. Data Retention

We keep your account information and post history for as long as your account is active. When you delete a post from your history, it is soft-deleted immediately and removed from our database within 30 days. When you delete your account, we remove your personal data within 30 days, except where we are required to keep records for legal or accounting reasons.

5. Your Rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to certain kinds of processing. You can exercise most of these rights directly in the app (deleting individual posts, deleting your account). For anything else, email us at zeeshanofficial337@gmail.com.

If you are in the EEA or UK and believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority.

6. Security

We use TLS for data in transit, store data in managed cloud databases with encryption at rest, and follow least-privilege access for our internal tooling. No system is perfectly secure, so we cannot guarantee absolute security — but we take it seriously and respond to reports promptly.

7. Children

PostPilot is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe we may have inadvertently collected such data, please contact us and we will delete it.

8. International Transfers

Our service providers operate globally and your data may be processed outside the country where you live. We rely on appropriate safeguards (such as standard contractual clauses) offered by these providers for cross-border transfers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If the changes are material, we will notify you through the Service or by email before they take effect.

10. Contact

Privacy questions or requests? Email zeeshanofficial337@gmail.com.