PostSmith logo
Sign InGet started
Legal

Privacy Policy

Last Updated: May 12, 2026

PostSmith is committed to responsible data practices across all publishing and integration systems. This policy documents how we collect, process, protect, and manage information across the platform — including connected social media accounts, AI systems, and workflow infrastructure.

Minimal Necessary Access

We request only the permissions required for stated platform functionality.

Official APIs Only

All platform connections use authorized OAuth flows and official developer APIs.

Encrypted Infrastructure

Credentials, tokens, and sensitive data are encrypted in transit and at rest.

Transparent Processing

We document what we collect, why we collect it, and how it is used.

Table of Contents

1.Introduction

Welcome to PostSmith.

PostSmith is an AI-powered content operations and publishing platform designed for creators, founders, agencies, teams, and businesses managing content across multiple social media platforms and digital channels.

This Privacy Policy explains:

  • What information we collect
  • How information is processed
  • How platform integrations operate
  • How AI and automation features work
  • How data is stored and protected
  • What rights users have
  • How users can contact us

By accessing or using PostSmith, users acknowledge and agree to the practices described in this Privacy Policy.

2.Company Information

PostSmith Inc.

Delaware C-Corporation · United States

Website: https://postsmith.app

Contact: support@postsmith.app

3.Scope Of This Policy

This Privacy Policy applies to:

  • The PostSmith website
  • The PostSmith application and dashboard
  • Waitlist and onboarding systems
  • AI-powered content tools
  • Automation systems
  • APIs and integrations
  • Connected social media accounts
  • Analytics and workflow systems
  • Customer support interactions

This Privacy Policy applies whether users interact through desktop, mobile, API, or third-party integrations.

4.Information We Collect

4.1 Account & Identity Information

When users create an account, request access, subscribe, or interact with PostSmith, we may collect:

  • Full name
  • Email address
  • Username
  • Password (hashed and encrypted)
  • Profile information
  • Company or brand name
  • Billing country
  • Timezone
  • Language preferences
  • Subscription information
  • Team or workspace metadata

4.2 Connected Platform Integration Data

PostSmith supports integrations with multiple third-party services and platforms, including: Instagram, Facebook, Threads, LinkedIn, TikTok, YouTube, Google services, Pinterest, X (Twitter), Bluesky, WordPress, Meta Pages, Business Manager assets, and additional future integrations.

Depending on permissions explicitly granted by the user, PostSmith may access:

  • Public profile information
  • Account identifiers
  • User IDs
  • Business account identifiers
  • Managed pages or channels
  • Social account metadata
  • Media publishing permissions
  • Scheduling permissions
  • Analytics and engagement metrics
  • Audience metrics
  • Content performance metrics
  • Messaging permissions
  • Webhook events
  • Post status metadata
  • Content delivery statuses
  • Platform tokens and refresh tokens
  • Connected workspace relationships
  • OAuth authorization metadata
  • Integration configuration settings

PostSmith only accesses data authorized through official OAuth authorization flows and platform APIs. PostSmith does not collect or store third-party platform passwords.

4.3 OAuth Tokens & Integration Credentials

To maintain platform connectivity and publishing capabilities, PostSmith may securely process and store:

  • Access tokens
  • Refresh tokens
  • OAuth scopes
  • Webhook verification data
  • Integration status information
  • Platform permission states
  • Token expiration metadata
  • Connected asset relationships

These credentials are encrypted in transit and at rest. Tokens are used exclusively for authorized publishing, scheduling, analytics retrieval, synchronization, platform communication, and automation execution.

PostSmith does not sell, expose, or intentionally share integration credentials with unauthorized third parties.

4.4 Content & Media Data

Users may upload, create, generate, store, or process draft posts, captions, images, videos, documents, campaign plans, publishing schedules, brand assets, templates, approval workflows, team comments, AI-generated content, workspace data, content libraries, and metadata associated with content operations. This information is necessary for platform functionality.

4.5 AI & Automation Data

PostSmith includes AI-powered generation, workflow, and automation capabilities. The platform may process:

  • User prompts
  • AI instructions
  • Brand voice preferences
  • Automation rules
  • Content transformation requests
  • Workflow actions
  • Publishing logic
  • Scheduling rules
  • Generated outputs
  • AI interaction metadata

AI processing may involve trusted infrastructure or model providers. Users remain responsible for reviewing all generated content before publication.

4.6 Analytics & Performance Data

PostSmith may collect operational and analytical data including published post performance, engagement metrics, click-through metrics, reach and impressions, automation usage statistics, workflow activity, scheduling activity, content interaction analytics, feature usage metrics, and workspace activity logs. Analytics are used to improve platform performance, workflows, reliability, and user experience.

4.7 Payment & Subscription Information

Payments are processed through third-party payment providers such as Stripe. PostSmith does not store full payment card details on its own servers. We may retain billing email, subscription status, invoice metadata, transaction history, tax-related metadata, and plan and usage information.

4.8 Technical, Device & Usage Information

We may automatically collect:

  • IP addresses
  • Browser information
  • Device information
  • Operating system information
  • Session activity
  • Access timestamps
  • Referral URLs
  • Error logs
  • Performance logs
  • API usage data
  • Crash diagnostics
  • Cookie identifiers
  • Security events
  • Infrastructure telemetry

5.How Information Is Used

PostSmith uses collected information to:

  • Provide and operate platform functionality
  • Authenticate users
  • Manage subscriptions and billing
  • Connect third-party integrations
  • Publish and schedule content
  • Synchronize social platform data
  • Generate AI-assisted content
  • Execute automation workflows
  • Improve infrastructure reliability
  • Monitor system health and abuse prevention
  • Provide analytics and reporting
  • Deliver customer support
  • Comply with legal obligations
  • Develop new features and integrations
  • Detect fraud, spam, abuse, or unauthorized activity
  • Enforce platform policies and agreements

PostSmith does not sell personal information to advertisers.

6.Social Media Platform Integrations

PostSmith integrates with external platforms exclusively through officially supported APIs, OAuth systems, and developer frameworks. Users explicitly authorize integrations before any platform access occurs.

Depending on the connected service, PostSmith may publish content on behalf of users, schedule posts, retrieve analytics, synchronize publishing status, manage drafts and workflows, access managed pages or business assets, receive webhook updates, retrieve engagement metrics, and synchronize content metadata.

Connected platforms maintain independent privacy policies and developer rules. Users remain subject to the policies and terms of each integrated platform, including: Meta Platforms, LinkedIn, Google, TikTok, Pinterest, X Corp., WordPress, Bluesky, and additional providers.

PostSmith cannot guarantee uninterrupted access to third-party APIs, platform availability, or integration continuity. External platforms may modify API permissions, rate limits, developer policies, publishing capabilities, authentication systems, or data access restrictions without notice.

7.AI Systems & Generated Content

PostSmith includes AI-powered systems for content generation, rewriting, optimization, planning, automation, workflow assistance, content transformation, and scheduling recommendations.

Users acknowledge:

  • AI outputs may contain inaccuracies
  • Generated content requires human review
  • AI systems may produce incomplete or incorrect outputs
  • Users remain fully responsible for published material
  • AI-generated content ownership may depend on applicable law and platform policies

PostSmith does not publicly train proprietary models on private customer workspace data without consent.

8.Cookies & Tracking Technologies

PostSmith uses cookies and related technologies for authentication, session management, security, performance monitoring, usage analytics, preference storage, platform optimization, and fraud prevention.

Additional information is available in the Cookie Policy.

9.Data Sharing

9.1 Service Providers

PostSmith may share limited information with infrastructure and operational providers supporting cloud hosting, AI infrastructure, analytics systems, authentication systems, payment processing, email delivery, security monitoring, error tracking, and CDN and storage systems. Examples may include Amazon Web Services (AWS), Google Cloud, Cloudflare, Stripe, OpenAI, and additional infrastructure providers.

9.2 Legal Requirements

Information may be disclosed where reasonably necessary to comply with applicable law, respond to lawful requests, protect platform security, investigate abuse or fraud, enforce agreements, or protect rights, safety, or operations.

9.3 Corporate Transactions

If PostSmith undergoes a merger, acquisition, financing, corporate restructuring, or asset sale, user information may be transferred as part of the transaction.

10.Data Retention

PostSmith retains information only as long as reasonably necessary for service operation, legal compliance, security purposes, platform integrity, billing records, dispute resolution, and enforcement of agreements.

Users may request account deletion subject to legal obligations, fraud prevention requirements, security retention requirements, and financial and tax obligations. Certain backup or system records may persist temporarily after deletion requests.

11.Security & Infrastructure

PostSmith implements commercially reasonable safeguards including:

  • HTTPS/TLS encryption
  • Encrypted token storage
  • Access controls
  • Infrastructure isolation
  • Authentication systems
  • Secure OAuth flows
  • Monitoring and logging systems
  • Internal permission controls
  • Abuse detection systems

However, no system can guarantee absolute security.

Users are responsible for maintaining credential security, protecting connected accounts, reviewing granted permissions, managing team member access, and monitoring authorized integrations.

12.International Data Transfers

PostSmith infrastructure and providers may operate across multiple jurisdictions. By using the platform, users acknowledge that information may be processed or stored in countries outside their own jurisdiction, including the United States.

13.User Rights & Choices

Depending on applicable law, users may have rights to:

  • Access personal information
  • Correct inaccurate information
  • Request deletion
  • Export data
  • Restrict processing
  • Object to certain processing activities
  • Withdraw consent where applicable

Requests may be submitted to support@postsmith.app. Identity verification may be required before processing requests.

14.Waitlist, Marketing & Communications

Users joining the waitlist or subscribing to updates may receive product announcements, access notifications, platform updates, feature releases, roadmap updates, and service communications.

Users may unsubscribe at any time using provided unsubscribe mechanisms. PostSmith does not intentionally send spam communications.

15.Children's Privacy

PostSmith is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that such information has been collected, we will take reasonable steps to remove it.

16.Third-Party Services & External Links

The platform may contain links or integrations connected to third-party websites, services, APIs, or applications. PostSmith is not responsible for third-party privacy practices, external platform policies, external content, API availability, or third-party security controls. Users should review the policies of external services independently.

17.Changes To This Privacy Policy

PostSmith may update this Privacy Policy periodically. If material changes occur, users may be notified through website notices, email communications, platform notifications, or dashboard announcements.

Continued use of PostSmith after updates constitutes acceptance of the revised policy.

18.Contact Information

Privacy-related questions, legal requests, or data inquiries may be submitted to:

support@postsmith.app

Website: https://postsmith.app

19.Platform Disclaimer

PostSmith provides publishing infrastructure, workflow systems, automation systems, AI-assisted tooling, and integration capabilities.

Users remain solely responsible for published content, marketing claims, copyright compliance, platform policy compliance, brand communications, AI-generated output review, regulatory compliance, content legality, and usage of connected accounts.

PostSmith does not guarantee audience growth, engagement performance, monetization results, platform reach, algorithmic visibility, API availability, third-party platform stability, or publishing success rates.

Third-party platforms maintain independent control over their ecosystems, APIs, moderation systems, and policies.

20.Meta Platform Disclosure

For Meta platform integrations including Facebook, Instagram, Threads, and related Meta services, PostSmith uses Meta APIs and OAuth authorization systems to connect authorized accounts, publish and schedule content, retrieve analytics, synchronize business assets, manage connected pages, and process webhook events.

Users may revoke Meta permissions at any time through Meta account settings. Meta platform usage remains subject to Meta Terms, Meta Platform Terms, Meta Developer Policies, Instagram Platform Policies, and Threads API rules.

21.API & Developer Infrastructure

PostSmith may provide APIs, webhooks, integrations, and developer functionality. API usage may involve authentication metadata, request logging, rate limiting, security monitoring, usage analytics, and abuse prevention systems.

Unauthorized API usage, scraping, reverse engineering, or abuse of platform infrastructure may result in account restriction or termination.

22.Business & Team Workspaces

Workspace administrators and team owners may have access to workspace activity, team member actions, publishing history, workflow operations, shared content libraries, approval systems, and workspace analytics.

Users participating in team workspaces acknowledge that certain operational data may be visible to authorized workspace administrators.

23.Data Minimization Commitment

PostSmith is designed to minimize unnecessary data collection where reasonably possible. The platform aims to request only necessary permissions, reduce excessive data retention, limit unnecessary processing, use official API scopes only, and maintain a principle-of-least-access architecture where practical.

24.Jurisdiction & Governing Framework

This Privacy Policy shall be interpreted in accordance with applicable laws of the United States and the State of Delaware, without limiting mandatory rights available under applicable consumer privacy regulations.

Users accessing the platform from other jurisdictions are responsible for ensuring lawful use within their region.

25.Final Statement

PostSmith is built as a structured content operations system focused on responsible publishing, workflow clarity, automation, and scalable content management.

Privacy, platform integrity, secure integrations, and transparent infrastructure practices remain core operational priorities as the platform evolves.