Legal

Privacy Policy

Last updated: March 11, 2026

Back to home

1. Overview

post2all is a social media management platform that lets individuals and teams connect social accounts, schedule content, and publish through official platform OAuth and APIs. This policy explains what information we collect, why we collect it, and your choices.

2. Information We Collect

Account and organization information, including name, email, profile image, authentication/session metadata, organization and membership details, and invite records.

Connected account and integration information, including platform identifiers, usernames/display names, avatars, OAuth access and refresh tokens, scopes, token expirations, and connection status for supported social and integration providers.

Content and publishing information, including scheduled post content, media metadata, per-platform post options, target accounts, publishing status, platform post IDs/URLs, and error details when a publish attempt fails.

Uploaded media assets. When you upload media for scheduled posting, we store those assets so you can reuse them later in your workspace.

Basic usage and security data such as IP address, user agent, timestamps, and administrative safety signals (for example, anti-abuse and account security operations).

3. How We Use Information

We use information to provide and operate post2all, authenticate users, manage organizations and permissions, maintain social connections, schedule and publish content, store/retrieve your uploaded assets, troubleshoot delivery failures, improve product performance, and protect the platform from fraud, abuse, and unauthorized access.

4. OAuth and Third-Party Platforms

Social accounts are connected through official OAuth flows provided by each platform. Access is limited by the permissions you grant. We do not receive your platform passwords through OAuth-based connections. You can revoke post2all access at any time from the relevant platform settings and/or by disconnecting the account in post2all.

5. Sharing and Disclosure

We do not sell personal information. We may share data with infrastructure and service providers that help us operate post2all (for example hosting, storage, analytics, and support tooling), with connected platforms when you schedule/publish content, or when required by law, legal process, or to protect rights, security, and safety.

6. Data Retention

We retain account, workspace, and publishing records for as long as needed to provide the service and meet legal, operational, and security obligations. Uploaded media and associated metadata are retained to support your library and post reuse unless deleted by you or removed according to our retention and backup processes.

7. Security

We apply reasonable technical and organizational safeguards to protect information, including controls around authentication, access, and encryption where appropriate. No system is completely secure, and we cannot guarantee absolute security.

All OAuth access tokens and refresh tokens obtained from connected social platforms are encrypted at rest using AES-256 industry-standard encryption before being stored in our database. Tokens are only decrypted in-memory at the moment they are needed to perform an authorized action on your behalf, such as publishing a post or refreshing an expiring token.

8. Your Choices and Rights

You may update account information, disconnect social accounts, and remove content through product controls. Depending on your jurisdiction, you may have rights to request access, correction, deletion, portability, or restriction/objection for certain processing. We may need to verify identity before fulfilling a request.

9. International Data Transfers

If you access post2all from outside the country where our systems or providers operate, your information may be transferred and processed across borders in accordance with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date on this page and may provide additional notice where required.

11. Children and Age Restrictions

post2all is intended for business and professional use by individuals age 18 and older. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will promptly delete it.

12. GDPR and Regional Data Rights

If you are located in the European Union, UK, or other regions with data protection laws, you may have the following rights:

  • Right to access your personal data
  • Right to correct or update inaccurate data
  • Right to request deletion (subject to legal obligations)
  • Right to restrict processing or object to certain uses
  • Right to data portability (receive your data in a machine-readable format)
  • Right to withdraw consent at any time

To exercise these rights, contact us using the details below. We may need to verify your identity before fulfilling requests.

13. California Consumer Privacy

If you are a California consumer under the CCPA/CPRA, you have the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate information, and the right not to be discriminated against for exercising your privacy rights. We do not sell personal information. Contact us to exercise these rights.

14. Cookies and Tracking

post2all may use cookies, web beacons, and similar technologies to track usage patterns, remember preferences, and improve service functionality. You can manage cookie preferences through your browser settings, though some features may not work optimally if cookies are disabled.

15. Data Breach Notification

If we discover a breach of security affecting your personal information, we will notify you as required by applicable law. Notifications will be sent to the email address associated with your account.

16. Third-Party Services and Links

post2all integrates with third-party services (YouTube, Instagram, Facebook, Twitter, LinkedIn, and others). When you authorize connections to these platforms, their terms of service and privacy policies apply to your data on those platforms. We are not responsible for their data practices. Review their policies separately.

17. Data Controller and Processor Roles

When you use post2all as an individual, we act as a data controller for account and account information. When you use post2all to manage content on social platforms, we act as a data processor, processing data according to your instructions. If your employer or organization uses post2all, that organization controls data policies and access.

18. Contact

For privacy questions or requests, contact us at hello@zexa.app. We aim to respond to all requests within 30 days.