PostFuze

Legal

Privacy Policy

Last updated: June 2026

1. Introduction and scope

This Privacy Policy explains how PostFuze (“PostFuze,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the PostFuze website, dashboard, REST API, MCP server, and related services (the “Service”). It applies to information we process as a business when you create an account and use the Service. It does not cover the practices of the third-party social networks you connect, which are governed by their own privacy policies. By using the Service, you agree to this Policy together with our Terms of Service.

2. Information we collect

  • Account information. Your name, email address, organization name, password (stored only as a salted hash), and preferences you provide when you register or configure your Account.
  • OAuth tokens for connected social accounts. When you connect a social network, we receive and store access and refresh tokens and basic profile identifiers (such as your handle, account ID, and connected pages or boards) needed to publish on your behalf. These tokens are stored encrypted at rest and are used only to perform the actions you direct.
  • Content you schedule and publish. The posts, captions, comments, media (images and video), schedules, and metadata you submit through the Service, along with per-account delivery status and limited engagement metrics returned by the platforms.
  • Usage and billing data. API request logs, post counts and usage metering, plan and subscription details, and payment information processed by our payment provider (we do not store full card numbers).
  • Device, log, and cookie data. IP address, browser and device information, timestamps, and cookies or similar technologies used to operate, secure, and improve the Service.

3. How we use information

  • to provide, operate, and maintain the Service, including composing, scheduling, and publishing your content to the accounts you select;
  • to authenticate you, secure your Account, and prevent fraud, abuse, and unauthorized access;
  • to meter usage, calculate fees, process payments, and send service and billing communications;
  • to provide support, respond to your requests, and notify you of changes or issues;
  • to monitor, debug, and improve performance, reliability, and features of the Service;
  • to comply with legal obligations and enforce our Terms.

We do not sell your personal information, and we do not use the content you publish to train models for unrelated purposes.

4. Social-platform data and OAuth

When you connect a Third-Party Platform (for example, X, LinkedIn, Instagram, TikTok, YouTube, Facebook, Threads, Bluesky, Pinterest, or Google Business), you authorize PostFuze to access that account through OAuth with the scopes required to publish and to read delivery status and limited analytics. We request the minimum scopes necessary, use the data only to perform the actions you initiate, and never post on your behalf except as you direct through scheduling or the API. You can revoke access at any time from your PostFuze dashboard or from the platform’s own settings; revoking access deletes or invalidates the associated tokens and may prevent pending scheduled posts from being delivered.

5. Sharing and sub-processors

We share information only as needed to run the Service: with the Third-Party Platforms you choose to publish to; with service providers (“sub-processors”) who act on our behalf under contractual confidentiality and security obligations — including cloud hosting and storage, payment processing, error monitoring, and email delivery; and where required to comply with law, enforce our Terms, or protect the rights, safety, and security of PostFuze, our users, or the public. If PostFuze is involved in a merger, acquisition, or sale of assets, information may be transferred subject to this Policy. We do not sell or rent personal information.

6. Cookies and tracking

We use strictly necessary cookies to keep you signed in and to secure sessions, and limited analytics to understand aggregate usage and improve the Service. We do not use third-party advertising cookies. You can control cookies through your browser settings; disabling strictly necessary cookies may prevent the Service from working correctly.

7. Data retention

We retain your information for as long as your Account is active and as needed to provide the Service. OAuth tokens are retained until you disconnect the account or close your Account. Published and scheduled content and delivery logs are retained to provide history and support, and usage and billing records are retained as required for accounting and legal compliance. When information is no longer needed, we delete or anonymize it. You can request deletion as described below.

8. Security

We use technical and organizational measures designed to protect your information, including encryption of OAuth tokens and other secrets at rest, encryption in transit (TLS), scoped API keys, access controls and tenant isolation, and ongoing monitoring. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to incidents. Report security concerns to [email protected].

9. International transfers

PostFuze operates and uses sub-processors in the United States and other countries. Where we transfer personal data across borders — including from the European Economic Area, the United Kingdom, or Switzerland — we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms. By using the Service, you understand your information may be processed in countries with data-protection laws different from those of your own.

10. Your rights (GDPR / CCPA)

Depending on where you live, you may have rights to access the personal information we hold about you, to correct or update it, to request its deletion, to receive a portable copy, to object to or restrict certain processing, and to withdraw consent. California residents have the right to know what personal information we collect and how it is used and shared, to request deletion, and not to be discriminated against for exercising these rights; we do not sell personal information. To exercise any right, contact us at [email protected]. We will verify your request and respond within the time required by applicable law. You may also lodge a complaint with your local data-protection authority.

11. Children’s privacy

The Service is not intended for children under 18, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact and Data Protection Officer

For privacy questions or to exercise your rights, contact our Data Protection Officer at [email protected], or write to us at [email protected]. For general support, see your dashboard or email [email protected].