Privacy Policy

Information We Collect

PostPilot is a self-hosted AI content automation platform. We collect minimal information required to provide our services:

• Account Information: Name, email address, and hashed passwords.
• API Keys: Keys you provide (OpenAI, Anthropic, etc.) are encrypted at rest using AES-128.
• LinkedIn Tokens: OAuth tokens generated when you connect your account, used solely for publishing posts on your behalf.

How We Use Your Data

Your data is used exclusively to power the automation features of PostPilot:

• To generate post content and images using your linked AI providers.
• To schedule and publish posts to your LinkedIn profile.
• To sync and display analytics for your published posts.

We never sell your data or share your API keys with third parties.

Security First

Security isn't an afterthought at PostPilot. We implement industry-standard encryption protocols:

• Encryption at Rest: All sensitive credentials (API keys, secrets) are encrypted before hitting our database.
• TLS Encryption: All data transmitted between your browser and our servers is secured via HTTPS.
• Sandboxed Execution: AI generations are processed in secure environments to prevent data leakage.

Third Party Services

PostPilot integrates with several third-party APIs (OpenAI, Stability AI, Tavily, LinkedIn). Your use of these features is also subject to their respective privacy policies. We recommend reviewing their terms when providing your own API keys.