PostTimer ("us", "we", or "our") provides tools that help users plan, generate, schedule, and publish content across supported social platforms. This Privacy Policy explains how personal data is collected, used, safeguarded, and disclosed when you use our website, applications, APIs, dashboards, and automation services (collectively, the "Service").
1. Scope and Platform Compliance
This Privacy Policy applies to all PostTimer surfaces, including the web application, public APIs, integrations, background automation services, and related tooling. It also describes how PostTimer complies with applicable developer and data-use requirements imposed by social platforms we integrate with.
- Meta Platform Terms (Facebook and Threads)
- Google API Services and YouTube API Services User Data Policy (including Limited Use requirements)
- TikTok Developer Terms
- X (formerly Twitter) Developer Agreement
- Pinterest Developer Guidelines and App API Terms
This Privacy Policy is publicly accessible without authentication or geo-blocking to meet platform verification requirements.
2. Information We Collect
We collect information necessary to provide, secure, and improve the Service.
Account and Identity Data
- Name, email address, and account identifiers
- Authentication method and role or permission level
- Timezone and basic account preferences
- Session security data such as partial IP address, device identifiers, and user agent
Usage and Diagnostics Data
- Feature usage metadata and timestamps
- Interaction logs needed to enforce plan limits or credits
- Error and diagnostic data used for reliability and debugging
- Anti-abuse signals such as captcha validation and rate-limiting indicators
Connected Social Platform Data
When you connect a supported social account (Facebook, Threads, YouTube, TikTok, X, or Pinterest), we store encrypted access tokens, granted scopes, platform profile identifiers, basic public profile metadata, and token expiration information. These are used only to perform actions you explicitly request.
Content and User-Provided Materials
- Posts, captions, comments, replies, and scheduling instructions
- Uploaded media, drafts, templates, or brand materials
- AI prompts, transcripts, and generated outputs associated with your workflows
Communications
- Support tickets and email correspondence
- Feedback, surveys, and in-app messages
3. How We Use Your Information
- Provide, operate, and secure user accounts
- Authenticate sessions and prevent abuse or fraud
- Connect to authorized social accounts and perform requested actions
- Generate AI-assisted content only for workflows you initiate
- Monitor usage to improve reliability and performance
- Respond to support requests and service communications
- Comply with platform policies and legal obligations
4. Legal Bases for Processing
- Performance of a contract when providing the Service
- Legitimate interests such as security, fraud prevention, and service improvement
- Compliance with legal and regulatory obligations
- User consent where required, which may be withdrawn at any time
5. Platform-Specific Data Use Commitments
PostTimer uses data obtained from social platforms strictly in accordance with their developer policies:
- Meta (Facebook, Instagram, and Threads): Data is used only for features visible in the Service and is never sold, licensed, or used for ad targeting, surveillance, credit decisions, or discrimination.
- Google / YouTube: PostTimer uses YouTube API Services. Use of data complies with the Google API Services User Data Policy, including Limited Use requirements. Data is accessed only to provide user-facing features and is not transferred except as necessary to provide those features, comply with law, or protect security. By using our Service, you also agree to be bound by the Google Privacy Policy at http://www.google.com/policies/privacy.
- TikTok: Data is used solely for publishing, scheduling, and analytics workflows you request and is never reused for advertising or surveillance.
- X: Data is used only for publishing, scheduling, and analytics features initiated by users and is never aggregated, resold, or repurposed beyond expected functionality.
- Pinterest: Data accessed via Pinterest is used solely to provide content scheduling, publishing, and analytics features initiated by you. We do not sell Pinterest data, do not use it for advertising or surveillance, and do not store it beyond what is necessary to provide the Service.
6. Platform Specific Information
Reddit OAuth Scopes
PostTimer uses the following OAuth scopes from Reddit for the following reasons:
- submit - Required to submit Reddit posts on your behalf.
- identity - Required to access your Reddit profile.
- read - Required to perform subreddit searches.
- flair - Required to lookup subreddit flair and attach it to your posts. Flair is required to submit in some subreddits.
- mysubreddits - Required to look up subreddits your account is subscribed to and automatically add them to the Subreddit Manager when you sign up or log into PostTimer.
- edit - Required to perform auto-post removal. If you don't use this feature then PostTimer never edits or deletes any comments or posts.
PostTimer supports signup and login via Google SSO.
PostTimer's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
YouTube
PostTimer uses YouTube API Services to submit YouTube Shorts on your behalf. PostTimer never has access to your Google account password.
PostTimer accesses, collects, stores, and otherwise uses the following information from your Google account and YouTube Channels:
Google Account:
- First name, last name, and email address.
YouTube Channels:
- ID, name, subscriber count, avatar URL, and date created.
YouTube Videos:
- ID, like count, view count, comment count, published date, title, description, and thumbnail URL.
PostTimer only stores information about the YouTube Channels you connect to PostTimer and the YouTube Shorts you publish through PostTimer.
Data about your YouTube Channels and Videos is only ever displayed to you while logged into PostTimer. This data is never shared with any third parties.
This data can be removed at any time by removing your YouTube Channel from PostTimer at Workspace Settings > Social Accounts > Connected Accounts. You can also revoke PostTimer's access to your data via the Google security settings page at https://myaccount.google.com/connections?filters=3,4&hl=en at any time.
For information on Google's Privacy Policy, visit http://www.google.com/policies/privacy.
7. AI and Automated Processing
PostTimer may use trusted AI service providers to process prompts, media, transcripts, or content solely to fulfill workflows explicitly triggered by users. These providers act as data processors and may not use the data for independent purposes.
8. Sharing and Third Parties
We do not sell personal data. We share data only with service providers that help us operate the Service, including infrastructure, security, communications, AI processing, and social platform APIs. All partners are contractually restricted to act only on our instructions.
9. Data Security
- Encryption in transit and at rest, including OAuth tokens
- Secure, HttpOnly session cookies
- Role-based access controls
- Rate limiting, anomaly detection, and abuse prevention
- Documented incident-response procedures
10. Data Retention and Deletion
- Account data is retained while the account is active
- Deleted accounts are deactivated immediately and permanently removed after a recovery window
- Connected platform tokens are deleted immediately upon disconnection or revocation
- Expired or inactive tokens are automatically purged
- Billing and tax records are retained as required by law
- Support and security logs are retained only as long as necessary
11. Your Rights
- Access, correct, or delete your personal data
- Receive a portable copy of your data
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Disconnect social platform integrations at any time
- In addition to our internal deletion procedures, you can revoke PostTimer's access to your Google/YouTube data via the Google security settings page at https://myaccount.google.com/connections?filters=3,4&hl=en.
12. International Data Transfers
Data is primarily stored in the United States. When data must be processed in other regions due to platform APIs or service providers, appropriate contractual or lawful safeguards are used.
13. Children's Privacy
The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children and will delete such data if discovered.
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect operational or platform requirement changes. The last updated date will be revised and material changes will be communicated through the Service.
15. Contact
- Questions or privacy requests can be sent to contact@posttimer.com.