Privacy Policy

1. Introduction

PostMite (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use PostMite’s services, including AI-generated content creation, scheduling, and automated posting to third-party platforms.

2. Information We Collect

A. Account Information

When you sign up using Supabase Auth, we collect:

• Email address
• Authentication metadata
• Profile details (e.g., name, if provided)

B. Content You Create

You own all content you create inside PostMite. We store:

• Topics
• Generated captions
• Media notes
• Scheduled posts
• Posting history

C. Integration Tokens

If you connect social media accounts (e.g., Facebook or Instagram), PostMite stores encrypted API tokens so the app can perform actions on your behalf such as posting or scheduling content.

Tokens are encrypted at rest in Supabase and never shared with third parties except the platform they belong to.

D. AI Interaction Data

When you request captions or media ideas, your prompt is sent to OpenAI’s API. We do not use or store this information outside of what is required to generate your content.

3. How We Use Your Information

We use your data to:

• Authenticate your account
• Create and store AI-generated captions
• Save drafts and schedule future posts
• Post content to connected platforms on your behalf
• Maintain secure, personalized access to your dashboard
• Improve PostMite’s performance and reliability

We do **not** sell your data. We do **not** use your content for AI training unless required externally by the AI provider (which we do not opt into).

4. How Your Data Is Stored & Protected

PostMite uses Supabase for secure authentication and database storage. All user-generated content, schedules, and media notes are protected by **Row Level Security (RLS)**, meaning:

• You can only access your own data
• No user can view or interact with other users’ posts
• Database access is strictly permissioned

Token data (such as platform API tokens) is encrypted at rest.

5. When & How We Share Data

We only share your data in the following limited circumstances:

• With **OpenAI**, to process AI caption requests (your prompt + topic)
• With **Meta/Facebook/Instagram**, to publish scheduled or automated posts
• When required by law (subpoena, court order, etc.)

We do **not** share or sell your personal data to advertisers, brokers, or marketing networks.

6. Your Rights Over Your Data

You have the right to:

• Access your data
• Edit your posts, content, or profile
• Delete content at any time
• Disconnect integrations
• Request deletion of your account

If you delete your account, all associated content and scheduling data is permanently removed.

7. Children’s Privacy

PostMite is not intended for individuals under 13 years old. If you are a parent or guardian and believe a minor has created an account, please contact us so we can remove the account promptly.