Privacy Policy

We collect the following types of information:

Account Information

• Name and email address (provided during sign-up or via Google OAuth)
• Profile picture (from Google OAuth, if used)
• Password (stored as a secure hash; never in plaintext)
• Billing information (processed by Stripe; we store only plan and subscription status)

Social Media Account Data

• TikTok OAuth access tokens and refresh tokens (encrypted at rest)
• TikTok account display names, profile pictures, and account IDs
• No TikTok passwords are ever stored

Content Metadata

• Video files and captions you upload for posting (temporarily stored, deleted after upload)
• Post metadata: captions, hashtags, scheduled times, posting status
• Workflow configurations you create

Usage Analytics

• Pages visited, features used, and interaction patterns (via Vercel Analytics)
• IP address and browser/device information for security and analytics
• Error logs and performance data to improve the Service

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process your social media posts and scheduled content on your behalf
• Manage your subscription and process payments
• Send you service-related emails (account confirmations, billing receipts, important updates)
• Respond to your support requests
• Detect, prevent, and investigate fraud and security incidents
• Analyze usage patterns to improve the Service
• Comply with legal obligations

We do not sell your personal data. We do not use your content to train AI models. We do not share your data with third parties except as described in this policy.

We use the following third-party services to operate Multi-Post. Each has its own privacy practices:

Stripe

Payment processing. Stripe collects and stores your payment card information under their PCI-compliant infrastructure. We never store your full card details. See Stripe’s Privacy Policy.

TikTok API

We use TikTok’s Content Posting API to post content on your behalf. Your TikTok OAuth tokens are used solely for this purpose and are encrypted at rest.

Google OAuth

Optional sign-in via Google. If you sign in with Google, we receive your name, email, and profile picture from Google.

Vercel Analytics

Privacy-focused analytics for our web application. Vercel Analytics does not use cookies and collects only aggregate, anonymized data about page views and performance.

Neon (PostgreSQL)

Our database provider. Your data is stored in a PostgreSQL database hosted by Neon on AWS infrastructure. Data is encrypted in transit and at rest.

• Account data: Retained for the duration of your account. Deleted within 30 days of account closure.
• Video files: Temporarily stored during upload processing. Automatically deleted from our servers after successful upload to the social platform (typically within minutes).
• Post metadata and history: Retained for the duration of your account to support your content history.
• OAuth tokens: Retained while your social accounts are connected. Deleted immediately upon disconnecting an account.
• Billing records: Retained for 7 years as required for tax and accounting purposes.
• Analytics data: Aggregated and anonymized data may be retained indefinitely.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (“right to be forgotten”). You may delete your account at any time from account settings.
• Portability: Request a machine-readable export of your data.
• Objection: Object to or restrict certain types of data processing.

To exercise any of these rights, email us at privacy@multi-post.app. We will respond within 30 days.

Multi-Post uses minimal cookies strictly necessary to operate the Service:

• Session cookies: Used to keep you logged in during your session. These are deleted when you close your browser.
• Authentication cookies: Persistent cookies used to remember your login across sessions (if you choose “Remember me”).

We do not use advertising cookies or third-party tracking cookies. Vercel Analytics operates without cookies.

We take security seriously. Our measures include:

• All data transmitted over HTTPS (TLS 1.2+)
• OAuth tokens encrypted at rest in our database
• Passwords stored using industry-standard hashing (bcrypt)
• Regular security reviews and dependency updates
• Access to production systems limited to authorized personnel

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@multi-post.app.

Multi-Post is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected such information, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date and, where appropriate, by email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

For privacy-related questions or to exercise your rights, contact us at: