planpo.st
FeaturesPlatformsPricingBlogSupport
Sign inStart free trial →
planpo.st

Social scheduling with revenue built in. One platform for creators and businesses who treat social as a growth engine.

Product

SchedulerAnalyticsRevenueAI co-pilot

Resources

ChangelogBlogSupportContact

Company

AboutPricingPlatformsContact

Legal

PrivacyTerms
© 2026 planpo.st · all rights reservedstatus: ● all systems normal
// 01 — PRIVACY

Privacy Policy

Your privacy matters. This policy explains what data we collect when you use planpo.st, why we collect it, and the choices you have.

Last updated: April 2026

Introduction

Welcome to planpo.st ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

By using planpo.st, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

1. Account Information

  • Email address and password (stored hashed, never in plain text)
  • First and last name
  • Profile picture (if provided)
  • Timezone and language preferences
  • Authentication tokens from third-party sign-in providers (e.g. Google OAuth)

2. Connected Social Accounts

When you connect a social network — Instagram, Facebook, X (Twitter), LinkedIn, YouTube, TikTok, Threads, Bluesky, or Pinterest — we store only what is necessary to publish and analyse content on your behalf:

  • Access and refresh tokens issued by the platform, encrypted at rest.
  • Account metadata: account handle, display name, profile picture, and the IDs of pages or channels you grant us access to.
  • Permissions scope you granted during the connection flow, so we only call APIs you have authorised.

You can revoke access at any time from the Connections page or directly in the third-party platform's settings. When you disconnect, we delete the associated tokens immediately.

3. Content & Publishing Data

To let you plan, schedule, and publish, we store:

  • Drafts and scheduled posts: captions, media, hashtags, scheduled publish times, target accounts.
  • Media library: images and videos you upload, along with titles, alt text, and folder organisation.
  • Publishing history: published post IDs, success or failure status, and error details returned by each platform.
  • AI prompts and suggestions: when you use AI features, we store the prompts you submit and the outputs returned so you can revisit and reuse them.

4. Analytics & Revenue Tracking

To show you how your content is performing, we collect or compute:

  • Platform metrics: impressions, reach, engagement, follower counts, and video watch stats, read from the connected platform's analytics APIs.
  • Trackable link data: click counts, referrer, coarse geolocation (country / region), and device type for short links created with planpo.st.
  • Revenue attribution: conversion events you send us (via pixel, webhook, or integration) and the order or revenue values you choose to share, so we can map them back to the post or link that drove them.

5. Payment Information

We use Stripe for payments. We do not store your card details. Stripe handles card data in accordance with PCI DSS. We only store:

  • Stripe customer and subscription IDs
  • Plan, billing interval, and trial status
  • Payment history and invoice metadata

6. Usage & Device Data

  • Browser type, operating system, and device type
  • IP address and coarse location (country / region)
  • Pages viewed, features used, and timing information needed to diagnose performance
  • Error logs and crash reports

7. Service Providers and Subprocessors

planpo.st is built on top of carefully selected service providers. Each one processes a specific subset of your data on our behalf under written data-processing terms (DPAs). We do not sell your personal data to any of them, and they may only use it to deliver the service we have contracted them for.

  • Stripe, Inc. (USA) — payment processing, subscription billing, invoicing, and tax. Stripe receives your email, billing details, and payment-method data directly; we never touch raw card numbers. See the Stripe Privacy Policy.
  • Supabase, Inc. (USA, EU) — authentication, including Google sign-in / OAuth identity. Supabase stores your email, hashed password, and the Supabase user ID we link to your account. Supabase Privacy Policy.
  • MongoDB Atlas (operated by MongoDB, Inc., USA; EU regions available) — primary application database storing accounts, posts, scheduled jobs, analytics rollups, and encrypted social-platform tokens. MongoDB Privacy Policy.
  • Amazon Web Services, Inc. — S3 (or an S3-compatible bucket) for media you upload (images, videos, thumbnails) and signed-URL delivery. AWS receives only the object bytes and access metadata. AWS Privacy Notice.
  • Upstash, Inc. (USA, EU) — Redis-compatible queue and rate-limit cache. Stores transient job data (scheduled-post IDs, retry counters); no long-term personal data. Upstash Privacy Policy.
  • Functional Software, Inc. (Sentry) — error monitoring and performance traces. Receives stack traces and a hashed user ID; we strip request bodies and PII before transmission. Sentry Privacy Policy.
  • Resend, Inc. — transactional email (verification, password reset, scheduled-post receipts) and optional marketing email. Resend processes recipient email addresses and message content. Resend Privacy Policy.
  • Google LLC — Analytics & Tag Manager — aggregated traffic and product-usage analytics. We use IP anonymisation; we only fire GA/GTM after you accept analytics cookies (where required). Google Privacy Policy.
  • Vercel, Inc. / Railway / hosting providers — run the planpo.st web and API servers. They process HTTP request metadata (URL, method, IP) for routing and security. Vercel Privacy Policy.

When AI features are used, prompts and outputs may be sent to a selected model provider (e.g. OpenAI). We disclose the active provider in the relevant feature's UI, and AI features can be disabled per-account from Settings. We do not allow third-party AI providers to train their general-purpose models on your content.

How We Use Your Information

We use the information we collect to:

  • Deliver the Service: schedule and publish your posts, sync media, and present analytics and revenue reporting.
  • Personalise AI features: generate captions, repurpose content, and surface suggestions based on the brand voice and history you have opted in to share.
  • Manage your account: process subscriptions, handle support requests, and keep your team seat assignments up to date.
  • Communicate: send product updates, security alerts, and — only if you opt in — marketing or newsletter emails. You can unsubscribe from marketing email at any time.
  • Improve the product: analyse aggregated, de-identified usage to find bugs and prioritise roadmap work.
  • Keep the Service safe: detect abuse, rate-limit violations, and enforce these policies and connected platforms' terms.
  • Comply with the law: respond to lawful requests and meet our tax, accounting, and regulatory obligations.

We do not train third-party general-purpose AI models on your content without your explicit opt-in, and we never sell your data.

Meta Platform Permissions (Facebook & Instagram)

When you connect a Facebook Page or Instagram Business / Creator account, planpo.st requests a specific set of Meta permissions. We only use the data each permission grants for the purpose described below, and we never sell or share it with third parties beyond the service providers listed in this policy.

Facebook Login permissions

  • pages_show_list — list the Facebook Pages you manage so you can pick which one to connect.
  • pages_read_engagement — read post-level performance metrics (impressions, reach, reactions) shown in your analytics dashboard.
  • pages_read_user_content — read comments left by your audience on posts you have published, so you can see and reply from within planpo.st.
  • pages_manage_posts — publish and schedule text, image, video, carousel, and reel posts to your Page on your behalf.
  • pages_manage_engagement — post replies to comments on your published posts when you reply from planpo.st.
  • instagram_basic — discover the Instagram Business / Creator account linked to your Page and display its username, profile picture, and follower count in the Connections UI.
  • instagram_content_publish — publish images, videos, carousels, reels, and stories to your Instagram account on your behalf.
  • instagram_manage_comments — post replies to comments on your Instagram posts when you reply from planpo.st.
  • instagram_manage_insights — read post-level metrics (reach, saves, shares, plays) to display in your analytics dashboard.

Instagram Login (direct) permissions

If you do not have a Facebook Page, you can connect your Instagram Business or Creator account directly via Instagram Login. The following permissions are requested in that flow only:

  • instagram_business_basic — read your account profile (username, account type, follower / media counts).
  • instagram_business_content_publish — publish images, videos, reels, carousels, and stories on your behalf.
  • instagram_business_manage_comments — post replies to comments on your posts when you reply from planpo.st.
  • instagram_business_manage_insights — read post metrics to power your analytics dashboard.

Storage, retention, and deletion

  • Access tokens issued by Meta are encrypted at rest with AES-256 and only decrypted in memory when a publish or read call is being executed.
  • Long-lived Page access tokens are stored without expiry as required by the Graph API; Instagram Login API tokens are refreshed every 50 days via the platform's official refresh_access_token endpoint.
  • You can disconnect any account at any time from the Connections page in planpo.st. On disconnect we revoke the token with Meta and delete it from our database immediately.
  • If you remove our app from your Facebook account, Meta sends a deauthorization signal to our servers; we delete the corresponding tokens within 24 hours.
  • You can request deletion of all data we hold about you via Facebook's Data Deletion Request flow, by following our Data Deletion Instructions, or by emailing hello@planpo.st.

Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate our platform (hosting, analytics, payment processing). These providers are contractually obligated to protect your data.
  • Third-Party Integrations: When you authorize connections to third-party services, we share necessary data to enable those integrations. You can revoke access at any time.
  • Legal Requirements: When required by law, court order, or government regulation.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.
  • With Your Consent: When you explicitly authorize sharing for specific purposes.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication and password hashing
  • Regular security audits and vulnerability assessments
  • Access controls and employee training on data protection
  • Compliance with industry standards (PCI DSS for payments)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Privacy Rights

Depending on your location, you may have the rights listed below. planpo.st honours these rights for all users regardless of jurisdiction.

Rights of EU / UK / Swiss residents (GDPR / UK GDPR)

You have the rights of access, rectification, erasure, restriction, portability, and objection set out below, plus the right to lodge a complaint with your supervisory authority. The legal bases on which we process your data are: performance of the contract you have with us (delivering the Service), compliance with legal obligations, our legitimate interests in running and securing the Service, and your consent (for cookies and marketing email).

Rights of California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, to access and delete that information, to correct inaccurate information, to opt out of the sale or sharing of personal information, and to limit our use of sensitive personal information. planpo.st does not sell or share personal information for cross-context behavioural advertising. To exercise CCPA rights, email hello@planpo.st with the subject line "California Privacy Request."

Universal rights we honour

  • Access: Request a copy of your personal data.
  • Correction: Update or correct inaccurate information.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Export your data in a machine-readable format.
  • Opt-Out: Unsubscribe from marketing communications (you will still receive essential service updates).
  • Restriction: Request limitation of data processing in certain circumstances.
  • Objection: Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at hello@planpo.st. We will respond within 30 days. For privacy-specific inquiries you may also reach our privacy contact at privacy@planpo.st; this address is monitored by the team member acting as our privacy lead.

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Active Accounts: Data is retained while your account is active.
  • Deleted Accounts: Most data is deleted within 30 days of account deletion, except where legal obligations require longer retention.
  • Financial Records: Payment and subscription data may be retained for up to 7 years for tax and accounting purposes.
  • Anonymized Data: We may retain anonymized, aggregated data for analytics and service improvement.

Children's Privacy

planpo.st is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected information from a child under 13, we will delete that information promptly.

International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence. These countries may have different data protection laws. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including GDPR for European users.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes
  • Displaying a notice in the application

Your continued use of planpo.st after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: hello@planpo.st
  • Support: support@planpo.st
  • Website: https://planpo.st/contact
This Privacy Policy is effective as of April 2026 and applies to all users of planpo.st.