Privacy Policy

EveryPost ("we", "our", or "us") operates the social media management platform available at everypost.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By creating an account or using EveryPost, you agree to the practices described in this policy.

We collect the following categories of information:

• Account information — your name and email address, provided when you sign up via Google or email.
• Social platform credentials — OAuth access tokens and refresh tokens for the social media accounts you connect (Facebook pages, Instagram accounts, Twitter/X). We never store your social media passwords.
• Content you create — post captions, scheduled post data, and brand profile settings you configure in EveryPost.
• Media files — images you upload for use in posts. These are stored in our cloud storage and associated with your account.
• Audio recordings — short voice clips you record when using the voice-to-post feature. Recordings are transcribed and then discarded; we do not retain audio files.
• URLs and web content — web page URLs you submit to extract content for post generation. The extracted text is processed and not stored beyond the current session.
• Technical data — IP address, browser type, and device information collected automatically during normal web requests.

We use the information we collect to:

• Provide and operate the EveryPost service, including generating post content, scheduling, and publishing posts to your connected social accounts on your behalf.
• Authenticate your identity and maintain the security of your account.
• Process images and audio using AI models to deliver generation and editing features.
• Store your uploaded media so you can reuse assets across posts.
• Respond to support requests and communications you send us.
• Comply with legal obligations.

We do not sell your personal data. Your post content and media files are not used to train AI models.

EveryPost relies on the following third-party services to deliver its functionality. Each operates under its own privacy policy.

• Supabase — authentication, database storage, and media file storage. Your account data, OAuth tokens, post content, and uploaded images are stored in Supabase-managed infrastructure with encryption at rest.
• AI content processing — we use third-party AI APIs to generate post captions, analyze and edit images, and transcribe audio. Content you submit for AI processing (text prompts, images, audio) is sent to these APIs and subject to their data handling policies. We do not share your account identity with AI providers.
• Meta (Facebook & Instagram) — we use Meta's APIs to publish posts and retrieve page/account information using permissions you grant during the OAuth flow.
• Twitter/X — we use the Twitter/X API to publish tweets and manage tokens using credentials you authorize via OAuth.
• Google — used as an OAuth sign-in provider if you choose to log in with your Google account.
• Vercel — our hosting provider. Web request data (including IP addresses) passes through Vercel's infrastructure.

We retain your data for as long as your account is active. If you delete your account, we will permanently delete your personal information, OAuth tokens, post history, and uploaded media within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention or legal disputes).

Audio recordings submitted for voice transcription are not stored after processing is complete. Web page content extracted for post generation is not stored beyond your current session.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data.
• Portability — request your data in a structured, machine-readable format.
• Objection / Restriction — object to or restrict certain types of processing.
• Withdraw consent — disconnect any social platform at any time by revoking access in your account settings or directly through the social platform's app permissions page.

To exercise any of these rights, contact us at support@everypost.ai. We will respond within 30 days. Users in the European Economic Area (EEA) and California have additional rights under GDPR and CCPA respectively.

All data transmitted between your browser and our servers is encrypted using TLS. OAuth tokens and user data stored in our database are encrypted at rest. We do not store social media passwords.

No method of transmission over the internet or electronic storage is 100% secure. While we implement industry-standard safeguards, we cannot guarantee absolute security and encourage you to use a strong, unique password for your account.

EveryPost is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with their information, please contact us at support@everypost.ai.

We may update this Privacy Policy from time to time. For material changes, we will make reasonable efforts to notify affected users at least 14 days before the change takes effect. Continued use of EveryPost after the effective date constitutes acceptance of the updated policy.

The date at the top of this page always reflects when the policy was last revised.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

EveryPost
Email: support@everypost.ai