Privacy Policy

Welcome to Post Minion. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at www.postminion.com (the “Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of our Service.

1. Information We Collect

We collect information you provide directly to us and information generated as you use the Service.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account and provide the Service.
• Publish and schedule posts to your connected social media accounts on your behalf.
• Process payments and manage your subscription via Dodo Payments.
• Send transactional emails (e.g., email verification, password reset, account deletion confirmation) via Brevo.
• Monitor and enforce rate limits and detect abuse or unauthorized access.
• Diagnose technical problems and improve the reliability and performance of the Service.
• Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your content or social media tokens for any purpose other than providing the Service features you request.

3. How We Share Your Information

We share your information only in the following limited circumstances:

• Social Media Platforms: When you publish or schedule a post, we transmit your content and use your stored OAuth tokens to interact with the relevant platform API (Meta, TikTok, Google, LinkedIn) on your behalf.
• Infrastructure Providers: We use Google Cloud (Cloud Storage, cloud infrastructure), MongoDB Atlas (database), and Redis-compatible services for core functionality.
• Payment Processor: Dodo Payments processes billing on our behalf. Your payment data is governed by Dodo Payments' privacy policy.
• Email Service: Transactional emails are sent via Brevo. We share only your email address and first name for this purpose.
• Legal Requirements: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Post Minion, our users, or the public.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal information, connected social media tokens, and scheduled content within 30 days, except where we are required to retain data by law or for legitimate business purposes (e.g., fraud prevention).

Media files uploaded to Google Cloud Storage are deleted when the associated post is deleted or your account is removed.

5. Security

We implement industry-standard security measures to protect your data:

• OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM.
• Passwords are hashed with bcrypt before storage; raw passwords are never stored.
• Verification tokens (email, password reset) are stored only as SHA-256 hashes and are single-use.
• All data in transit is encrypted via HTTPS/TLS.
• Rate limiting and CAPTCHA requirements protect sensitive endpoints from abuse.

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update your name and preferences from the User Settings page.
• Deletion: You can request that we delete your personal data under certain circumstances.
• Revoke Social Access: Disconnect any connected social media account at any time from the Accounts page. This deletes the stored access tokens for that platform.
• Portability: Contact us to request an export of your data.

7. Third-Party Social Media Platforms

By connecting a social media account, you authorize Post Minion to access and interact with that platform on your behalf according to the permissions you grant during the OAuth flow. Your use of those platforms is also governed by their respective privacy policies and terms of service (Meta, TikTok, Google, LinkedIn ,etc). We do not control and are not responsible for the data practices of those platforms.

8. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those of your country. We take appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or via a notice in the Service. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: