Privacy Policy

Last Updated: June 2026

1. Introduction

posthell ("we", "our", or "us") is a social media post scheduler operated by Rohan Gotwal as a sole proprietor. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use posthell to compose, schedule, and publish posts to your connected social networks.

By using posthell, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (for sign-in via a one-time code)
  • Name (optional)
  • Subscription and billing information (processed by DodoPayments; we do not store your card details)

2.2 Connected Social Accounts

When you connect a social network, the connection (OAuth) is brokered by our publishing partner, Zernio. We store only a reference to that connection so we can publish on your behalf:

  • The network (e.g. X, LinkedIn, Instagram), your handle, display name, and avatar
  • A connection identifier from Zernio and the connection status

We do NOT store your social network passwords or access tokens. Those are held by Zernio, which performs publishing for us. When you disconnect an account, we delete our reference and ask Zernio to revoke its access.

2.3 Content You Create

To provide the service, we store the content you give us:

  • Post text, including any per-network variations you write
  • Media you upload (images and video)
  • Schedules, draft status, and the publishing outcome of each post

2.4 Usage Analytics

We use a third-party analytics tool (AnalyzeUser) on our marketing and application pages to understand how the product is used and to improve it. This may collect:

  • Pages visited and basic interactions
  • Browser type, device type, and operating system
  • Approximate location (country/city, derived from IP address)
  • Referrer information (the site that led you to us)

We do not use this data for advertising or to track you across unrelated websites.

3. How We Use Your Information

We use the collected information to:

  • Publish and schedule your posts to the networks you connect
  • Provide and maintain the service, including drafts, the calendar, and post analytics
  • Process payments and manage your subscription and post credits
  • Send sign-in codes and service notifications (for example, a low-credit or failed-payment notice)
  • Improve the product and develop new features
  • Prevent fraud and abuse, and comply with legal obligations

We do NOT:

  • Sell your data to third parties
  • Use your content or data for advertising
  • Post anything on your behalf that you did not schedule or request
  • Read or use your content for any purpose other than operating the service

4. Data Storage and Retention

4.1 Data Retention Periods

We retain your posts, scheduled content, media, and connected-account references for as long as your account is active. When you disconnect an account, its reference is removed and we ask our publishing partner (Zernio) to revoke access.

Account information is retained until you delete your account.

4.2 Data Storage Location

Your data is stored in secure databases provided by Supabase (PostgreSQL) and on hosting provided by Vercel. These providers may process data in various regions; please refer to their privacy policies for details.

5. Data Sharing and Disclosure

We share data only in the following circumstances:

5.1 Service Providers

  • Zernio: Brokers the connection to each social network and publishes your posts
  • Supabase: Database hosting and authentication
  • DodoPayments: Payment and subscription processing
  • Resend: Transactional and service email delivery
  • AnalyzeUser: Product usage analytics
  • Vercel: Application hosting

These providers are bound to protect your data and use it only for the purposes we specify. When you publish a post, its content is necessarily shared with the social networks you have chosen.

5.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests.

6. Your Rights (GDPR & CCPA)

If you are located in the European Economic Area (EEA), California, or other regions with data protection laws, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("Right to be Forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format. You can export your data at any time from Settings
  • Right to Object: Object to processing of your data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at: rohangotwal3@gmail.com

We will respond to your request within 30 days (or as required by applicable law).

7. Cookies and Local Storage

posthell uses browser storage that is essential to the service, primarily to keep you signed in (managed by our authentication provider, Supabase). We do not use advertising or cross-site tracking cookies.

Our analytics provider (AnalyzeUser) may set cookies or use local storage to measure product usage as described in Section 2.4. You can control cookies through your browser settings, though disabling essential storage may prevent you from signing in.

8. Data Security

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Row-level access controls and authenticated APIs
  • Holding social network credentials with our publishing partner rather than in our own database
  • Secure API key management

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

Our service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We rely on our service providers' safeguards, including standard contractual clauses where applicable, and compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our website. The "Last Updated" date at the top indicates when changes were made.

Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us: