Privacy Policy

Last updated: March 15, 2026

PostCraze ("we", "our", "us") is a social media scheduling and publishing platform. We respect your privacy and are committed to transparency about how we handle your data.

The short version: We only access your social media accounts to publish content that you create and explicitly choose to post. We do not retain your content after publishing. We do not post anything on your behalf without your direct action. We do not sell your data to anyone.

1. What We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile picture from Firebase Authentication. This is used solely to identify you within the app.

Connected Social Media Accounts

When you connect a social media platform, we receive OAuth access tokens that allow us to publish content on your behalf. We currently support the following platforms:

• Twitter / X — via Twitter API v2 and OAuth 2.0
• LinkedIn — via LinkedIn API and OAuth 2.0
• Instagram — via Instagram Graph API (through Meta)
• YouTube — via YouTube Data API v3 and Google OAuth 2.0
• Threads — via Threads API (through Meta)

We never have access to your social media passwords. We only store encrypted OAuth tokens, which you can revoke at any time by disconnecting the account from PostCraze or from the platform's own settings.

Content You Create

When you compose a post in PostCraze, we temporarily store the text, media, and scheduling details needed to publish it. Once content is published or you delete it, we do not retain copies of your posts. Scheduled posts are stored only until their scheduled publish time.

Media Uploads

Images and videos you upload are stored temporarily in Google Cloud Storage for publishing purposes. Media files are automatically deleted after publishing or after 30 days, whichever comes first.

2. What We Do NOT Do

• We never post content without your explicit action — every publish or schedule is initiated by you
• We never read, scrape, or analyze your existing social media content — we only push new posts that you create
• We never sell, share, or trade your personal data with advertisers or third parties
• We never retain your published content after it has been posted to the platform
• We never use your content for training, marketing, or any purpose other than publishing it where you directed

3. How We Use Your Information

• To authenticate your identity and manage your account
• To publish and schedule content to your connected social media accounts — only when you click "Publish" or "Schedule"
• To display your connected accounts and their status in the dashboard
• To send you service-related notifications (e.g., failed posts)
• To improve the reliability and performance of our platform

4. Platform-Specific Data Usage

Twitter / X

We use the Twitter API to post tweets and upload media on your behalf. We access your profile information (username, display name) to show your account in our dashboard. We do not read your timeline, followers, or DMs.

LinkedIn

We use the LinkedIn API to publish posts to your profile. We access basic profile info (name, profile picture) for account display. We do not access your connections, messages, or any other LinkedIn data.

Instagram

We use the Instagram Graph API (via Meta) to publish photos, videos, and reels to your Instagram Business or Creator account. We access basic account info (username, profile picture). We do not read your feed, stories, DMs, or follower data.

YouTube

We use the YouTube Data API v3 to upload videos and set metadata (title, description, tags). We access your channel name and profile picture for account display. We do not access your existing videos, playlists, comments, or analytics.

Threads

We use the Threads API (via Meta) to publish text posts, images, and videos. We access basic profile info for account display. We do not read your Threads feed or replies.

5. Third-Party Services

We rely on the following services to operate PostCraze:

• Firebase (Google) — Authentication and database
• Google Cloud Storage — Temporary media file storage
• Vercel — Application hosting

Each service has its own privacy policy. We only share the minimum data required to provide our service.

6. Data Security

All data is transmitted over encrypted connections (TLS/SSL). OAuth tokens are encrypted at rest using AES-256. We follow security best practices including Firebase security rules and server-side authentication for all API requests. However, no system is 100% secure.

7. Data Retention

• Account data — Kept until you delete your account
• OAuth tokens — Kept until you disconnect the platform or delete your account
• Drafted/scheduled content — Kept until published or deleted by you
• Published content — Not retained after publishing
• Media uploads — Auto-deleted after publishing or 30 days

When you delete your account, all your data is removed within 30 days. Content already published to social media platforms is managed by those platforms.

8. Your Rights

You can at any time:

• Disconnect any social media account from PostCraze
• Delete your PostCraze account and all associated data
• Request a copy of your personal data
• Revoke OAuth access directly from each platform's settings

9. Children's Privacy

PostCraze is not intended for users under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of PostCraze after changes constitutes acceptance.

11. Contact

Questions about this policy? Contact us:

• Email: support@postcraze.com
• Website: postcraze.com