Privacy Policy

Postbird (“Postbird”, “we”, “us”) is an AI-powered scheduling tool that helps you draft, schedule, and publish posts to LinkedIn. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to the Postbird web application and related services (the “Service”).

By creating an account or using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

We collect only what we need to run the Service:

• Account information. Your email address and a securely hashed password when you sign up with email, or — if you sign in with Google — your name, email address, and profile picture as provided by Google.
• Profile information. Your display name, headline, avatar image, and timezone. Avatar images you upload are stored in our cloud storage and served via a public URL.
• Connected social accounts. When you connect LinkedIn, we store the account identifier, display name, access and refresh tokens, granted scopes, and token expiry needed to publish on your behalf.
• Content you create. Post drafts, text content, hashtags, uploaded media (images and documents), scheduling times, and publishing status and logs.
• AI generation data. The topics, tone, audience, and length you submit to our AI features, along with the generated content and the model used.
• Billing information. If and when paid plans launch, subscription status and billing identifiers are processed by our payment provider (Stripe). We do not store your full card details.

• Provide, operate, and maintain the Service — authentication, scheduling, and publishing.
• Generate post content through our AI features at your request.
• Publish posts to your connected accounts at the times you choose.
• Enforce plan limits (for example, the Free plan’s scheduled-post cap) and manage subscriptions.
• Communicate with you about your account, security, and service changes.
• Detect, prevent, and address abuse, fraud, and technical issues.

We do not sell your personal information, and we do not use the content of your posts to train our own models.

When you use our AI features, the topic and preferences you provide are sent to our AI provider (the Lovable AI Gateway, which routes requests to large language models such as Google Gemini) to generate post content. We send only the inputs needed to fulfil your request. Generated content is stored in your account so you can review and reuse it.

Postbird publishes on your behalf to LinkedIn using the access you grant when connecting your account. We use your stored tokens solely to publish the content you schedule and to record the result in your publishing logs.

We share data with a small number of processors strictly to operate the Service:

• Supabase / Lovable Cloud — hosting, authentication, database, and file storage.
• Google — optional Google sign-in (OAuth) and, via our AI gateway, AI content generation.
• LinkedIn — publishing posts to your connected account (when live publishing is enabled).
• Stripe — payment and subscription processing for paid plans (when available).

These providers process data on our behalf under their own security and privacy terms. We do not authorize them to use your data for their own purposes.

We retain your account and content for as long as your account is active. You can delete your posts and disconnect social accounts at any time. When you delete your account, your profile, posts, AI generations, publishing logs, connected accounts, and subscription records are permanently removed from our active systems, subject to short-lived backups and any retention required by law.

• Access and update your profile from the Profile page.
• Disconnect LinkedIn at any time from Settings.
• Change your password or delete your account from the Profile page.
• Request a copy or deletion of your personal data by contacting us.

Passwords are stored hashed, access is restricted by row-level security so each user can only reach their own data, and sensitive credentials and operations run on the server side. No method of transmission or storage is completely secure, but we take reasonable measures to protect your information.

Postbird is not directed to children under 16, and we do not knowingly collect personal information from them.

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by notifying you.

Questions about this policy or your data? Email us at appdev.kodxsystem@gmail.com.