Privacy Policy

1. Who We Are

PostEngine AI Solutions (“PostEngine”, “we”, “us”) operates the postengine.co platform. PostEngine is a user-assistive workflow platform. All publishing actions remain user-initiated and user-controlled.

This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what choices you have. It applies to all users of the PostEngine web application and related services.

2. Information We Collect

2.1 Account Information

When you create an account we collect your name, email address, and password. Passwords are salted and hashed before storage—we never store them in plain text.

2.2 LinkedIn Data

If you choose to connect your LinkedIn account, we access profile information and content metrics through LinkedIn’s official API, limited to the OAuth scopes you explicitly grant. We do not access your private messages, connections list, or any data outside the granted scopes.

2.3 Content You Create

Drafts, ideas, brand voice settings, publishing preferences, approval decisions, and scheduling choices you create within the platform are stored to provide the service.

2.4 AI Processing Data

When you use AI-assisted features, your brand profile and content context are sent to our AI provider (OpenAI) to generate suggestions. We do not use your content to train AI models. Requests are processed in real time and are not retained by the AI provider beyond what is needed to fulfil the request.

2.5 Usage & Diagnostic Data

We collect anonymised usage patterns (pages visited, features used, performance timings) to improve the service. We do not use third-party analytics trackers or advertising pixels.

3. How We Use Your Information

• Provide, operate, and maintain PostEngine
• Generate AI-assisted content drafts based on your brand preferences
• Schedule and publish content that you explicitly approve
• Analyse content performance and provide insights
• Build and refine your personal voice model (used only for your account)
• Enforce plan limits and usage quotas
• Send service-critical notifications (outages, security events, billing)
• Improve the platform and develop new features

We do not sell your personal information. We do not use your data for advertising. We do not share it with third parties for their marketing purposes.

4. Legal Basis for Processing

We process your data based on:

• Contract performance: Processing necessary to provide the service you signed up for.
• Legitimate interest: Improving the platform, preventing abuse, and maintaining security.
• Consent: Where required for optional features such as LinkedIn integration or AI-assisted content generation.

5. Data Storage & Security

Your data is hosted on AWS cloud infrastructure in secured virtual private networks. LinkedIn access tokens are encrypted with AES-256-GCM before storage. All connections to the platform use TLS encryption. We apply the principle of least privilege to all internal access controls.

While we implement industry-standard safeguards, no system is completely immune to risk. If we become aware of a security breach affecting your data, we will notify you in accordance with applicable law.

6. Third-Party Services

We share data with the following categories of service providers, strictly as needed to operate the platform:

• LinkedIn API — Content publishing and analytics retrieval, governed by LinkedIn’s terms of service and your granted OAuth scopes.
• OpenAI — AI-assisted content generation. Content is processed in real time; it is not used to train models.
• AWS — Cloud infrastructure, compute, database, and object storage.

We do not share your data with data brokers, advertising networks, or any other third parties beyond what is described above.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (for example, financial transaction records). Aggregated, anonymised data that cannot identify you may be retained indefinitely for analytics purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your account and associated data
• Export your content data in a portable format
• Revoke your LinkedIn connection at any time
• Object to or restrict certain types of processing
• Opt out of non-essential communications

To exercise any of these rights, contact us at support@postengine.co. We will respond within 30 days.

9. Cookies & Local Storage

We use essential session cookies for authentication and locale preferences. We do not use third-party tracking cookies, advertising cookies, or fingerprinting techniques. No cookie consent banner is required because we do not use non-essential cookies.

10. International Data Transfers

Our infrastructure is hosted in AWS regions. If you access the service from outside the hosting region, your data will be transferred internationally. We rely on industry-standard contractual safeguards to protect data during such transfers.

11. Children’s Privacy

PostEngine is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact

For privacy-related questions, concerns, or requests, contact us at support@postengine.co.