1. Overview
💡
TL;DR: PostPlank collects only what we need to run the product, we never sell your data, and you can delete your account and all associated data at any time.
PostPlank Labs, Inc. ("PostPlank", "we", "us", or "our") operates the PostPlank platform, accessible at postplank.io. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.
By using PostPlank, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please do not use our services.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and improve the service: Power the post builder, carousel generator, scheduling, and all other PostPlank features.
- Personalise your experience: Tailor AI writing suggestions to your voice, industry, and past content.
- Process payments: Charge your subscription and send receipts and billing notifications.
- Communicate with you: Send product updates, onboarding emails, support replies, and (with your consent) marketing communications.
- Ensure security: Detect and prevent fraud, abuse, and unauthorised access to your account.
- Meet legal obligations: Comply with applicable laws, regulations, and lawful requests from authorities.
- Analyse and improve: Understand how users interact with PostPlank to fix bugs and prioritise new features.
⚠️
We do not use your content (posts, carousels, writing) to train AI models shared across other users without your explicit consent.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
Service providers
We work with trusted third-party vendors who help us operate PostPlank. These parties are contractually bound to handle data securely and use it only for the purposes we specify:
- Stripe — Payment processing
- AWS / Cloudflare — Infrastructure and content delivery
- OpenAI — AI writing assistance (prompts are not stored or used for training per OpenAI's API terms)
- Postmark / SendGrid — Transactional email delivery
- Mixpanel / PostHog — Product analytics (anonymised)
- Intercom — Customer support chat
Business transfers
If PostPlank is acquired, merged, or undergoes a significant asset transfer, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
Legal requirements
We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of PostPlank, our users, or others.
5. Cookies & Tracking
PostPlank uses cookies and similar tracking technologies to enhance your experience and understand how our platform is used.
Types of cookies we use
- Essential cookies: Required for the platform to function — login sessions, security tokens, billing flow. Cannot be disabled.
- Analytics cookies: Help us understand feature usage and improve PostPlank. You can opt out in your account settings.
- Preference cookies: Remember your settings such as theme, language, and editor preferences.
- Marketing cookies: Used on our marketing website to understand how visitors find us. Not set inside the logged-in app.
You can control cookies through your browser settings. Disabling essential cookies will affect platform functionality. You can also opt out of analytics tracking in Settings → Privacy within your PostPlank account.
6. Data Retention
We keep your data for as long as your account is active or as needed to provide you services.
- Account data: Retained until you delete your account. Permanently erased within 30 days of deletion request.
- Content (posts, carousels): Deleted immediately when you delete them, or within 30 days of account deletion.
- Billing records: Retained for 7 years to comply with financial and tax regulations.
- Support conversations: Retained for 2 years to maintain context for ongoing support.
- Log data: Automatically purged after 90 days.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of all personal data we hold about you.
- Correction: Ask us to correct inaccurate or incomplete information.
- Deletion: Request deletion of your account and all associated personal data ("right to be forgotten").
- Portability: Receive your data in a structured, machine-readable format (JSON or CSV).
- Objection: Object to processing your data for direct marketing at any time.
- Restriction: Ask us to restrict processing of your data in certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
✅
To exercise any of these rights, go to Settings → Privacy & Data in your account, or email us at privacy@postplank.io. We will respond within 30 days.
8. Security
We implement industry-standard technical and organisational measures to protect your personal information:
- All data transmitted to and from PostPlank is encrypted via TLS 1.2+.
- Passwords are hashed using bcrypt and never stored in plain text.
- Access to production systems is restricted to authorised personnel with MFA enforced.
- We conduct regular security audits and vulnerability assessments.
- Payment data is handled entirely by Stripe (PCI-DSS Level 1 certified) — we never touch your raw card numbers.
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@postplank.io. We aim to acknowledge reports within 24 hours.
9. Third-Party Services
PostPlank integrates with and links to third-party services including LinkedIn, Google, and Stripe. These services have their own privacy policies, and we encourage you to review them:
Our inclusion of these links does not imply endorsement of their practices. We are not responsible for the privacy practices of external websites or services.
10. Children's Privacy
PostPlank is not directed at, and does not knowingly collect personal information from, anyone under the age of 16. If we learn that we have collected personal data from a child under 16 without verified parental consent, we will delete it immediately.
If you believe we may have collected information from a child under 16, please contact us at privacy@postplank.io.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to all registered users at least 14 days before the changes take effect.
- Display a banner inside the PostPlank app for significant changes.
Your continued use of PostPlank after changes take effect constitutes acceptance of the revised policy. If you disagree with the changes, you may delete your account before they take effect.