PPPostPilot AI

Privacy Policy

Last updated: April 23, 2026

1. Introduction

CybriskTech ("we", "us", "our") operates PostPilot AI. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

  • Email address (used for authentication and communication)
  • Display name and profile picture (from Google OAuth or manually set)
  • Password hash (for email-based accounts, stored securely via Firebase Auth)

Connected Platform Data

  • OAuth access and refresh tokens for connected social media accounts
  • Platform profile information (username, profile picture, follower counts)
  • Page/organization data for platforms that require it (Facebook Pages, LinkedIn Organizations)

Usage Data

  • Posts created, scheduled, and published through the Service
  • Media files uploaded for social media posts
  • Credit usage and billing transactions

3. How We Use Your Information

  • To provide and maintain the Service, including publishing posts on your behalf
  • To authenticate your identity and secure your account
  • To send transactional emails (OTP verification, welcome emails, account alerts)
  • To process payments and manage your subscription
  • To generate AI-powered content based on your preferences
  • To improve the Service through aggregated, anonymized usage analytics

4. Data Storage and Security

  • Authentication credentials are managed through Firebase Authentication
  • Application data, including workspaces, posts, billing state, and social connections, is stored in PostgreSQL
  • Media files are stored in Amazon S3 or compatible object storage
  • OAuth tokens are stored server-side in PostgreSQL social account records
  • Sessions are managed via signed JWT tokens with configurable expiry
  • All data is transmitted over HTTPS

5. Third-Party Services

We integrate with the following third-party services to provide the product:

  • Firebase / Google Cloud — Authentication and admin identity services
  • Amazon Web Services / S3-compatible storage — Media file storage
  • Razorpay — Payment processing
  • Resend — Transactional email delivery
  • Groq — AI content generation
  • Hugging Face — AI image and video generation
  • YouTube, LinkedIn, Facebook, Instagram, X (Twitter) — Social media APIs for posting and account management

Each third-party service has its own privacy policy. We only share the minimum data necessary for each integration to function.

6. Data Sharing

We do not sell your personal information. We may share data only:

  • With third-party services listed above, as required to provide the Service
  • When required by law, regulation, or legal process
  • To protect the rights, safety, or property of CybriskTech or its users

7. Your Rights

You have the right to:

  • Access your personal data stored in the Service
  • Correct inaccurate information in your profile
  • Disconnect any linked social media account at any time
  • Delete your account and associated data by contacting support
  • Export your data upon request

8. Cookies and Sessions

We use essential cookies for authentication (session JWT) and OAuth state management. We do not use third-party tracking cookies or advertising cookies.

9. Data Retention

We retain your data for as long as your account is active. When you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for analytics purposes.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy-related questions or data requests, contact us at support@cybrisk.co.