postbolt.ai

Privacy Policy

Last updated: April 17, 2026

Overview

Postbolt (“Postbolt,” “we,” or “us”) builds software that helps marketing teams create, review, and publish social media content. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Postbolt you agree to the practices described below.

Information we collect

Account information

When you sign up, we collect your name, email address, and organization. If you authenticate through a social identity provider, we receive the profile fields that provider exposes (typically name, email, and avatar URL).

Content you create

Postbolt stores the briefs, captions, images, videos, brand assets, and schedules you create inside the product. Content you generate belongs to you; we process it only to provide the service.

Usage analytics

We log product events (page views, button clicks, API calls) to understand how Postbolt is used, surface errors, and improve the product. These logs may include IP address, device type, and browser information.

Connected social accounts

When you connect LinkedIn, X, Instagram, Facebook, TikTok, or YouTube, Postbolt stores the OAuth tokens required to publish on your behalf. We use these tokens only for the actions you authorize (for example, publishing a post you have approved).

How we use information

  • To provide, operate, and maintain the Postbolt service.
  • To authenticate users and keep accounts secure.
  • To generate captions, images, and videos on your behalf.
  • To publish content to the social platforms you connect.
  • To improve the product, diagnose issues, and prevent abuse.
  • To send transactional emails (account, billing, security) and, with your consent, product updates.

Third-party services

Postbolt uses a small number of carefully chosen subprocessors to run the service:

  • Supabase — Postgres database, authentication, and file storage.
  • Anthropic — large-language-model inference for generating captions and briefs.
  • Google / OpenAI — image and video generation models, when enabled for your workspace.
  • Vercel / Remotion — hosting and video rendering.
  • Social platform APIs — LinkedIn, Meta, X, TikTok, and YouTube APIs to publish content you have approved.

Each subprocessor handles data under its own agreements. We share only what is required to provide the specific feature.

Data retention and deletion

We retain your content for as long as your account is active. You can delete individual posts, images, and videos inside the product. If you delete your workspace, we remove associated content from production systems within 30 days. Backups are retained for up to 90 days and then overwritten.

Cookies

Postbolt uses a small number of first-party cookies for authentication, session management, and CSRF protection. We do not use third-party advertising cookies. You can clear cookies in your browser at any time; some features will not work without authentication cookies.

Security

We encrypt data in transit with TLS and at rest using industry-standard encryption. Access to production systems is limited to engineers on call and gated by SSO and 2FA. We review our security posture regularly and fix issues we find.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. Email privacy@postbolt.ai and we will respond within 30 days.

Changes to this policy

We’ll update this page when we make material changes and notify active customers by email. Continued use of Postbolt after an update means you accept the revised policy.

Contact

Questions? Reach us at privacy@postbolt.ai.