Back
Privacy Policy for PostOnce
Effective Date: May 21, 2026 Welcome to PostOnce. This Privacy Policy explains how PostOnce collects, uses, stores, and protects information when you use https://postonce.to, our dashboard, publishing tools, automation workflows, APIs, and related services (collectively, the "Service"). PostOnce is a social media crossposting and publishing automation platform for creators, teams, and businesses. We use the information described below to help you connect social accounts, create or schedule content, configure workflows, and publish or crosspost content to supported platforms. ------------------------------------------------------------ 1. Data We Collect ------------------------------------------------------------ We collect the following categories of data: - Account Data: Your name, email address, profile image, account settings, subscription status, and related account information. - Billing Data: Payment, subscription, invoice, and billing details processed by Stripe. We do not store full payment card numbers on our servers. - Submitted Content: Posts, captions, media files, thumbnails, links, hashtags, drafts, scheduled posts, workflow rules, account selections, and other content or settings you submit to the Service. - Connected Account Data: Basic account information and OAuth access tokens from platforms you choose to connect, including supported services such as Instagram, TikTok, YouTube, Facebook, LinkedIn, X, Threads, Bluesky, Pinterest, Reddit, and others we may support. Tokens are used to provide the actions you request and are encrypted at rest where applicable. - YouTube API Data: When you connect your YouTube account, PostOnce accesses: - Your YouTube channel ID and basic channel information - Video metadata (title, description, tags, visibility settings) - Thumbnails you upload - Video upload and processing status We do not access or store YouTube analytics, comments, subscriber data, or unrelated channel data unless a future feature clearly asks for additional permission. - Usage and Device Data: Log data, browser type, device information, IP address, referral URLs, page views, product events, crash/error reports, and similar information used for security, analytics, support, and product improvement. - Cookies and Local Storage: Cookies, localStorage, and similar technologies used to keep you signed in, remember preferences, protect sessions, measure performance, and improve the Service. ------------------------------------------------------------ 2. Purpose of Data Collection ------------------------------------------------------------ We collect and use your data to: - Create and manage your PostOnce account. - Connect and authenticate your social media accounts. - Upload, schedule, publish, crosspost, sync, and manage content based on your settings. - Adapt content for selected platforms and store drafts, workflow rules, and publishing history. - Process subscriptions, trials, payments, refunds, invoices, and account limits. - Provide support, troubleshoot issues, prevent abuse, and secure the Service. - Measure product usage, improve performance, and develop new features. - Send product, billing, security, and service-related communications. We do not sell your personal data, OAuth tokens, submitted content, or YouTube API Data. ------------------------------------------------------------ 3. How We Use, Process, and Share Your Data ------------------------------------------------------------ We share data only as needed to operate the Service: - With the social platforms you connect, when you ask PostOnce to publish, schedule, upload, update, sync, or otherwise manage content on those platforms. - With service providers that help us operate PostOnce, such as hosting, database, authentication, payments, analytics, email, affiliate tracking, error monitoring, performance monitoring, and customer support providers. - When required by law, subpoena, court order, or other valid legal process. - To protect PostOnce, users, third-party platforms, or the public from abuse, fraud, security threats, or legal harm. We do not use YouTube API Data for advertising, profiling, or unrelated analytics. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with law, or protect security. ------------------------------------------------------------ 4. Cookies and Local Device Storage ------------------------------------------------------------ PostOnce uses cookies, localStorage, and similar technologies to: - Log you into your account - Remember your settings - Maintain session security - Improve user experience - Understand product usage and performance You can control cookies through your browser settings, but disabling cookies may prevent parts of the Service from working correctly. ------------------------------------------------------------ 5. User Control, Data Deletion & Revoking Access ------------------------------------------------------------ You can request deletion of all data associated with your PostOnce account by contacting support@postonce.to. When your account is deleted, stored account data, submitted content, workflow data, and OAuth tokens are deleted or de-identified within 30 days unless retention is required for security, billing, legal, tax, or compliance reasons. You may revoke PostOnce's access to your YouTube data at any time directly from your Google account: https://myaccount.google.com/connections?filters=3,4 You may also revoke or disconnect other connected social accounts through PostOnce or through the third-party platform's own account settings. Disconnecting an account removes the stored access tokens for that account and prevents future publishing through that connection. ------------------------------------------------------------ 6. Children's Privacy ------------------------------------------------------------ PostOnce is not intended for children. We do not knowingly collect data from children under the age of 13. If you believe a child has provided personal data to PostOnce, contact support@postonce.to and we will take appropriate steps to delete it. ------------------------------------------------------------ 7. YouTube API Services ------------------------------------------------------------ PostOnce uses YouTube API Services to allow creators to upload, schedule, and manage their own videos. By using PostOnce, you agree to: - YouTube Terms of Service: https://www.youtube.com/t/terms - Google Privacy Policy: https://policies.google.com/privacy We access YouTube data only with your permission and only for the scopes you approve. You may revoke PostOnce's access to YouTube at any time at https://myaccount.google.com/connections?filters=3,4. ------------------------------------------------------------ 8. Other Platform APIs ------------------------------------------------------------ PostOnce integrates with social media APIs for posting, scheduling, syncing, and managing content on platforms such as Instagram, TikTok, YouTube, Facebook, LinkedIn, X, Threads, Bluesky, Pinterest, and Reddit. We collect only the permissions and tokens needed to provide the connected features you authorize. Use of each connected platform remains subject to that platform's own terms and privacy policy. ------------------------------------------------------------ 9. Data Protection Measures ------------------------------------------------------------ - OAuth tokens and sensitive information are encrypted at rest. - All communication is protected by SSL/TLS. - Access controls restrict internal data exposure. ------------------------------------------------------------ 10. Deleted Data ------------------------------------------------------------ When you delete your account or request deletion, PostOnce-related data is deleted or de-identified within 30 days unless retention is needed for legitimate business, security, billing, legal, tax, or compliance reasons. Backups may retain deleted data for a limited period before automatic expiration. ------------------------------------------------------------ 11. Processors We Use ------------------------------------------------------------ We use trusted third-party processors solely as needed: - Vercel (hosting) - Supabase (database) - Stripe (payments) - PostHog (product analytics) - Vercel Analytics and Speed Insights (site analytics and performance) - RefGrow (affiliate program) - Plunk (email and product communication events) - Meta (conversion measurement, where enabled) ------------------------------------------------------------ 12. Law Enforcement ------------------------------------------------------------ We only disclose data to law enforcement when legally required by a valid court order. We notify the user whenever legally permitted. ------------------------------------------------------------ 13. Location of Site and Data ------------------------------------------------------------ PostOnce operates from Canada and uses service providers that may process data in Canada, the United States, the European Union, and other locations where those providers operate. By using the Service, you understand that your information may be transferred to and processed in these locations. ------------------------------------------------------------ 14. Changes to This Privacy Policy ------------------------------------------------------------ We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as by email or in-product notice. The effective date above shows when this Privacy Policy was last updated. ------------------------------------------------------------ 15. Contact Information ------------------------------------------------------------ For questions or concerns regarding this Privacy Policy, contact: support@postonce.to Thank you for trusting PostOnce with your information!