Privacy Policy
Your privacy matters. Here's exactly what we collect, why, and what control you have.
Last updated: May 26, 2026
Pluripost ("we", "us", "our") operates the pluripost.com platform. This policy explains how we handle your personal information when you use our service.
What we collect
We only collect information that's necessary to provide and improve the service:
- Account information — your name, email address, and password when you sign up.
- Social media tokens — when you connect Facebook, Instagram, LinkedIn, or TikTok, we store encrypted access tokens so we can publish and fetch analytics on your behalf. We never store your social media passwords.
- Content you create — posts, campaigns, media files, brand settings, and other data you add to the platform.
- Usage data — pages visited, features used, and performance metrics. This helps us understand what works and what to improve.
- Device information — browser type, operating system, screen size, and IP address. Collected automatically for security and troubleshooting.
- Payment information — handled entirely by Stripe. We never see or store your full card number.
How we use your data
Your data is used to:
- Provide and maintain the service — publishing your posts, syncing your inbox, generating AI content.
- Improve the platform — understanding which features are used helps us prioritize development.
- Communicate with you — account notifications, product updates, and support responses. No spam.
- Protect accounts — detecting suspicious activity, preventing abuse, and enforcing our terms.
- Meet legal obligations — tax records, fraud prevention, responding to lawful requests.
Social media platforms
When you connect a social account, we request specific permissions from each platform:
Meta (Facebook & Instagram) — we request permissions to manage and publish to your Pages, read engagement metrics, and (if approved) manage your Page inbox. We access only the Pages you explicitly select. We do not read your personal Facebook profile or private messages.
LinkedIn — we request permission to post on your behalf (personal or company page) and read engagement data. We do not access your private LinkedIn messages or connections.
TikTok — we request permission to upload videos and read comment engagement. We do not access your private messages.
You can disconnect any social account at any time from your dashboard settings. When you disconnect, we delete the stored access tokens within 24 hours.
Cookies and tracking
We use a minimal set of cookies:
- Essential cookies — session management, authentication, language preference. These are required for the app to work.
- Analytics — we use privacy-friendly analytics to understand page views and feature usage. No cross-site tracking, no advertising cookies.
- We do not use third-party advertising cookies or trackers. We do not sell your data to advertisers.
Who we share data with
We share data only with services that are necessary to operate the platform:
- Vercel — hosting and CDN.
- Supabase — database and authentication.
- Stripe — payment processing.
- Email providers — transactional emails (account confirmations, notifications).
- AI providers (OpenAI, Anthropic) — when you use AI features, your prompts and content context are sent to generate suggestions. Providers are contractually prohibited from using your data for training.
- Social media platforms — only the content you explicitly choose to publish.
We do not sell, rent, or trade your personal information. Period.
Your rights (GDPR & CCPA)
Whether you're in Europe, California, or anywhere else, you have the right to:
- Access — request a copy of all data we hold about you.
- Correction — fix inaccurate information.
- Deletion — ask us to delete your account and all associated data.
- Portability — receive your data in a machine-readable format.
- Restriction — ask us to stop processing your data while we resolve a concern.
- Objection — opt out of specific processing activities.
- Withdraw consent — for any processing based on consent, you can withdraw at any time.
To exercise any of these rights, email us at privacy@pluripost.com or use the data deletion page.
For GDPR inquiries, our designated data protection contact is reachable at privacy@pluripost.com.
If you're in the EU, you also have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France).
Data retention
We keep your data for as long as your account is active. When you delete your account:
- Your content, social tokens, and profile data are deleted within 30 days.
- Encrypted backups may retain fragments for up to 90 days, after which they are permanently purged.
- Financial records required by law (invoices, tax data) are retained for the legally mandated period (typically 7 years).
Security
We take security seriously: all data is encrypted in transit (TLS) and at rest. Social media tokens are encrypted with AES-256 before storage. Access to production systems is restricted and audited. We use Row Level Security at the database level so that even application bugs cannot leak data across accounts.
Children's privacy
Pluripost is not intended for children under 16. We do not knowingly collect data from minors. If you believe a child has created an account, contact us and we'll delete it promptly.
Changes to this policy
We may update this policy from time to time. When we make significant changes, we'll notify you by email or through a banner on the platform. The "Last updated" date at the top always reflects the current version.
Contact us
Questions about this policy? Reach out:
Or visit our contact page. /contact