Privacy Policy

Last updated: April 2026

1. Information We Collect

Account Information

  • Email address โ€” for authentication and notifications
  • Display name โ€” shown in the application
  • Password โ€” stored as a bcrypt hash (never in plaintext)

Persona Data (provided by you during onboarding)

  • Professional role, industry, goals, audience, interests
  • Writing tone preferences, sample posts, bio
  • This data is used solely to personalize AI-generated content for you

LinkedIn Data

  • LinkedIn OAuth tokens โ€” stored encrypted (Fernet encryption)
  • LinkedIn app credentials (client ID, client secret) โ€” stored encrypted
  • LinkedIn user ID โ€” for publishing on your behalf
  • We do NOT access your LinkedIn feed, connections, or messages

Content Data

  • Posts you generate, edit, schedule, and publish
  • AI generation metadata (topic, tone, model used)
  • Generated images associated with posts

Usage & Security Data

  • Audit log (login, signup, publish events with IP address)
  • Request logs (method, path, response time โ€” no request bodies)

2. How We Use Your Data

  • Content generation โ€” your persona data shapes AI-generated posts
  • LinkedIn publishing โ€” your tokens enable posting on your behalf
  • Analytics โ€” your post history powers publishing analytics (no external tracking)
  • Account management โ€” authentication, notifications, subscription lifecycle
  • Security โ€” audit trail for detecting unauthorized access

3. Data Sharing

We do NOT sell, rent, or share your personal data with third parties, except:

  • AI providers โ€” your post topics and persona context are sent to AI services (Gemini, Groq, Together, HuggingFace) for content generation. These providers process the data per their own privacy policies.
  • LinkedIn โ€” when you publish, content is sent to LinkedIn's API using your authorized credentials
  • Email provider โ€” your email address is shared with our email service (Resend) for transactional emails
  • Legal compliance โ€” if required by law, court order, or government request

4. Data Security

  • Passwords are hashed with bcrypt
  • LinkedIn tokens and API keys are encrypted with Fernet (AES-128-CBC)
  • JWT session tokens with configurable expiry
  • HTTPS enforced in production
  • Security headers: HSTS, X-Frame-Options, CSP, X-Content-Type-Options
  • Rate limiting on authentication endpoints

5. Data Retention

  • Your data is retained as long as your account is active
  • Audit logs are retained indefinitely for security purposes
  • Upon account deletion, all personal data is permanently removed (cascading delete)

6. Your Rights

  • Access โ€” you can view all your data through the application
  • Correction โ€” you can edit your persona and account info at any time
  • Deletion โ€” you can request account deletion, which removes all your data
  • Disconnect โ€” you can disconnect your LinkedIn account at any time

7. Cookies

We use a single essential cookie (pa_session) for authentication. No tracking cookies, no analytics cookies, no third-party cookies.

We use localStorage for theme preference (light/dark mode) only.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above.

9. Contact

For privacy-related questions or data deletion requests, contact us at the email address provided in the application.