Privacy Policy

PostOnce (“we”, “us”, “our”) is a social content scheduling platform that helps you write once and cross-post to LinkedIn, Bluesky, and Reddit. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Account information

When you sign up, we collect your name, email address, and profile image through Clerk, our authentication provider. This information is synced to our database to manage your account.

Content you create

We store the posts you write, AI-generated platform variants, and scheduling preferences. Your content is used solely to provide the service — writing, repurposing, scheduling, and publishing your posts.

Connected platform accounts

When you connect LinkedIn, Reddit, or Bluesky, we store authentication credentials (OAuth tokens or app passwords) needed to publish on your behalf. For Bluesky, you provide a handle and app password directly. For LinkedIn and Reddit, we use standard OAuth 2.0 authorization flows.

Analytics data

We collect engagement metrics (views, likes, comments, shares, clicks, and follower changes) from your connected platforms to display in your unified analytics dashboard.

Payment information

Payments are processed by Polar and/or Stripe. We store your subscription status, plan type, and provider customer ID. We do not store your credit card number or full payment details — those are handled entirely by our payment processors.

• AI content repurposing — Your master post is sent to Anthropic's Claude API to generate platform-specific variants for LinkedIn, Bluesky, and Reddit. Only the post content and target platform are sent; no personal information is included.
• Scheduled publishing — We use your connected account credentials to publish approved content at your chosen time via our scheduling infrastructure (Inngest).
• Analytics — We fetch engagement metrics from platform APIs using your connected account tokens to display unified analytics.
• Account management — Your email and name are used to identify your account, send service-related communications, and provide support.

We take the security of your data seriously:

• All platform credentials (OAuth tokens, app passwords) are encrypted at rest using AES-256-GCM encryption before being stored in our database. They are only decrypted in memory when needed to publish content or fetch analytics.
• Authentication is handled by Clerk, which provides industry-standard session management and security.
• Database access uses Supabase with Row Level Security enabled and service-role access controls.
• All data is transmitted over HTTPS/TLS.

We share your data with the following third-party services only as necessary to provide the product:

• Clerk — Authentication and user management.
• Supabase — Database hosting and storage.
• Anthropic (Claude API) — AI content repurposing. Only your post content is sent; no personal data.
• Inngest — Scheduled task execution for publishing and analytics sync.
• Polar / Stripe — Payment processing and subscription management.
• LinkedIn, Reddit, Bluesky — Content publishing and analytics retrieval via their respective APIs.

We do not sell your personal information to any third party.

Your content, analytics, and account data are retained as long as your account is active. When you delete your account, all associated data — including posts, variants, analytics, connected accounts, and subscription records — is permanently deleted from our database. Encrypted credentials are destroyed immediately upon account deletion or when you disconnect a platform.

You have the right to:

• Access, update, or delete your account information at any time through your settings page.
• Disconnect any linked platform account, which immediately removes the stored credentials.
• Export your post content and analytics data.
• Request complete deletion of your account and all associated data by contacting us.

We use cookies and local storage only for authentication session management (via Clerk) and theme preferences (light/dark mode). We do not use tracking cookies or third-party advertising pixels.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email. Continued use of PostOnce after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@postonce.app.