Privacy Policy

PostPilot ("we", "us", or "our") operates the PostPilot social media management platform at postpilot.zegobyte.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We collect information you provide directly to us, including:

• Account information (name, email address, password)
• Organization and brand details you create within the platform
• Social media account credentials and OAuth tokens (encrypted at rest)
• Content you create, schedule, or publish through PostPilot
• Billing information (processed by Paddle — we do not store card details)
• Usage data and analytics related to your posts and account activity

We use the information we collect to:

• Provide, maintain, and improve the PostPilot service
• Publish content to your connected social media accounts on your behalf
• Send transactional emails (post status, approval requests, notifications)
• Generate analytics and insights about your social media performance
• Process billing and manage your subscription
• Respond to your support requests and communications

When you connect social media accounts, PostPilot receives OAuth access tokens and account data from those platforms. We use this data solely to publish content and retrieve analytics on your behalf. We do not sell this data to third parties.

PostPilot integrates with Instagram and Facebook via the Meta Graph API, LinkedIn via the LinkedIn Marketing API, Pinterest via the Pinterest API v5, and TikTok via the TikTok Content Posting API. Your use of these integrations is also subject to each platform's own privacy policy and terms of service.

All data is stored on self-hosted servers. Social media access tokens are encrypted using AES-256-GCM encryption before storage. We implement industry-standard security measures including HTTPS/TLS for all data in transit and regular database backups.

We do not sell your personal data. We may share data with:

• Paddle — for payment processing and subscription management
• Anthropic (Claude API) — for AI caption generation and content analysis
• OpenAI — for AI image generation
• Social platforms — content shared as required to publish posts
• Law enforcement or regulatory authorities when required by law

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent and disconnect social accounts at any time

To exercise these rights, contact us at ahmadomer63@gmail.com.

PostPilot uses essential cookies for authentication session management only. We do not use third-party advertising or tracking cookies.

PostPilot is not directed at children under 13. We do not knowingly collect personal information from children under 13.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date.

If you have questions about this Privacy Policy, please contact us: