Skip to main content

    Privacy Policy

    Last updated: December 23, 2025

    Your Privacy Matters

    Post Pilots is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our service.

    Information We Collect

    Account Information

    • Email address (for authentication)
    • Password (encrypted with bcrypt)
    • Instagram Business Account credentials (encrypted with AES-256)

    User Content

    • Images you upload (stored securely in Cloudflare R2)
    • Post captions and scheduling preferences
    • Post history and statistics

    Usage Data

    • IP addresses (sanitized for GDPR compliance)
    • Device and browser information
    • Feature usage analytics

    How We Protect Your Data

    • Encryption at Rest: All sensitive data (passwords, API keys, tokens) is encrypted using AES-256-GCM encryption
    • Encryption in Transit: All data transmission uses HTTPS/TLS
    • Rate Limiting: Protection against brute force attacks and abuse
    • Session Management: 30-minute idle timeout for automatic logout
    • Audit Logging: All security-critical operations are logged
    • CSRF Protection: Double Submit Cookie pattern with HMAC signatures

    How We Use Your Information

    We use your information to:

    • Provide and maintain the Instagram carousel posting service
    • Generate AI-powered captions for your images
    • Schedule and publish posts to your Instagram account
    • Send service-related notifications (post failures, schedule reminders)
    • Improve our service through usage analytics
    • Comply with legal obligations and enforce our Terms of Service

    We never sell, rent, or share your personal information with third parties for marketing purposes.

    Your Rights (GDPR)

    Under GDPR, you have the following rights:

    • Right to Access: Request a copy of your personal data
    • Right to Rectification: Correct inaccurate or incomplete data
    • Right to Erasure: Request deletion of your data (30-day retention period)
    • Right to Data Portability: Export your data in JSON format
    • Right to Withdraw Consent: Opt-out of data processing at any time

    To exercise your rights, visit your account settings or contact us.

    Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us: