How PostRelay handles your data

What we collect

We collect information that is reasonably necessary to provide, secure, maintain, and improve the service. Such information may include your email address, authentication identifiers, account and profile information, workspace information, connected platform metadata, subscription or billing state, usage data, and the text, media, links, and scheduling instructions that you submit through the service.

If you connect third-party publishing or social platform accounts, we may also collect and store platform account identifiers, usernames, granted scopes, token expiry information, and the minimum credential material necessary to establish, maintain, and operate the connection.

How we use your data

We use collected information to authenticate users, operate account and workspace functionality, enforce plan and usage limits, process scheduled or requested publishing actions, administer billing, provide customer support, investigate errors, monitor system performance, and improve service reliability and product quality.

We may also use operational and usage information for internal analytics, service improvement, abuse prevention, fraud detection, security monitoring, and compliance purposes. We do not sell your personal data.

Connected accounts and credentials

PostRelay supports integrations that may rely on OAuth, integration tokens, API keys, session credentials, or app-specific passwords, depending on the relevant third-party platform. Any such credential is used only as necessary to provide the connection, publishing, refresh, and related functionality that you enable.

Stored platform credentials are handled on the server side. Access and refresh tokens used by supported integrations are encrypted before being written to the database and are not disclosed back to the client user interface after connection.

Additional information regarding connected account credential handling is available on the connected account security page.

Third-party services

In the ordinary course of providing the service, PostRelay relies on third-party service providers and infrastructure partners, including providers for hosting, database and storage services, billing, background job processing, analytics, authentication, and connected publishing or social platforms.

When you use features that depend on such providers, relevant account, content, event, or credential-related data may be transmitted to the applicable provider to the extent reasonably necessary to complete the requested action. Each third-party provider maintains its own systems and is governed by its own terms and privacy practices.

Retention and deletion

We retain account, workspace, operational, and workflow information for as long as reasonably necessary to provide the service, maintain business and billing records, resolve disputes, investigate abuse, enforce our terms, and satisfy legal, accounting, security, or operational obligations.

If you disconnect a connected account, future use of that connection for publishing or related actions will cease. If you delete your account or request deletion, we will process the request subject to any information we are required or permitted to retain for security, fraud prevention, financial reporting, dispute resolution, audit, or legal compliance purposes.

Security

We implement reasonable administrative, technical, and operational safeguards designed to reduce the risk of unauthorized access, loss, misuse, alteration, or disclosure of data processed through the service. Such measures may include server-side credential handling, encrypted token storage for supported integrations, access controls, and operational monitoring.

Notwithstanding the foregoing, no method of transmission over the internet and no method of electronic storage is completely secure. You remain responsible for maintaining the confidentiality of your account access credentials, connected platform credentials, and any information you elect to upload or process through the service.

Children and sensitive information

PostRelay is intended for business and professional use and is not directed to children. You should not submit highly sensitive personal information to the service unless you are satisfied that such processing is appropriate for your intended use case.

Contact

If you have questions regarding this Privacy Policy, wish to report a privacy concern, or need to request deletion beyond any in-app workflow made available to you, please contact us at epoch.feedback@gmail.com.