Privacy Policy

1. Information We Collect

Account information. When you register we collect your name, email address, and a password hash. If you sign in with Google we receive your name, email address, and profile picture from Google.

Content you create. Text posts, images, captions, and scheduling data you enter into PostRaxa are stored to provide the service.

Social platform credentials. To publish on your behalf we store encrypted access tokens issued by the social platforms you connect. We never store your social platform password.

Usage & log data. We automatically collect IP address, browser type, referring URL, pages visited, and timestamps when you interact with our service.

Billing information. If you purchase a plan, payment is processed by our third-party payment provider. We only store the plan name, billing cycle, and a transaction reference — not your full card number.

Communications. If you contact us via the contact form or email, we store your name, email, and the content of your message.

2. How We Use Your Information

• Provide, operate, and maintain the PostRaxa platform
• Authenticate your identity and keep your account secure
• Publish content to social media platforms on your scheduled times
• Process payments and manage your subscription
• Send transactional emails (account confirmation, password reset, payment receipts)
• Respond to support requests and contact form submissions
• Analyse aggregate, anonymised usage to improve our product
• Detect and prevent fraud, abuse, or violations of our Terms of Service
• Comply with legal obligations

We do not sell your personal data, use it to train AI models, or share it with advertisers.

3. Information Sharing

We share your information only in the following limited circumstances:

• Social platforms. We send your content and credentials to the social media APIs solely to fulfil your publishing requests.
• Service providers. We use trusted third-party services for hosting, email delivery, and payment processing. These processors are contractually bound to protect your data and use it only for the service they provide.
• Legal requirements. We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of PostRaxa, our users, or others.
• Business transfer. In the event of a merger or acquisition, user data may transfer to the acquiring entity. We will notify you before a different privacy policy applies.

4. Data Storage & Security

Your data is stored in a MySQL database on secured servers. Social platform tokens are stored encrypted at rest. Passwords are hashed using bcrypt and are never stored in plaintext.

We implement industry-standard measures including HTTPS/TLS encryption for data in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

5. Cookies & Tracking

PostRaxa uses the following types of cookies and local storage:

• Session tokens. A session token stored in localStorage keeps you logged in between page visits.
• Preferences. Small values stored in localStorage remember UI preferences such as dismissed banners.
• Analytics. If enabled, anonymised event data may be sent to a self-hosted analytics service. No third-party advertising cookies are used.

You can clear cookies and local storage through your browser settings at any time, though this will log you out of the application.

6. Social Platform Connections

When you connect a social account (Facebook, Instagram, Twitter/X, LinkedIn, TikTok, Pinterest, YouTube, Snapchat) you grant PostRaxa permission to publish content on your behalf using the platform's official API. Specifically:

• We request only the minimum permissions needed to schedule and publish posts.
• Access tokens are stored encrypted and are never exposed to other users.
• You can revoke PostRaxa's access at any time from your social platform's settings or from within PostRaxa's account settings.
• We do not read your private messages, follower lists, or any data beyond what is necessary to publish the content you create.

7. Your Rights

Depending on your jurisdiction you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Ask us to correct inaccurate or incomplete data.
• Deletion. Request deletion of your account and associated personal data.
• Portability. Receive your data in a structured, machine-readable format.
• Objection / Restriction. Object to or restrict certain processing activities.
• Withdrawal of consent. Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days.

8. Children's Privacy

PostRaxa is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes we will notify registered users by email or via an in-app notice. Your continued use of PostRaxa after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please reach out:

• Contact form: www.postraxa.com/contact
• Email: privacy@postraxa.com

We aim to respond to all privacy enquiries within 5 business days.