Privacy Policy

Last updated: March 2, 2026

01What We Collect

PostViral connects to your social media accounts via the Late API. We access your public profile information, media posts, insights metrics (views, reach, saves, shares), and comments — solely to provide analytics and automation features within this tool.

When you sign up, we collect your email address and any information you provide during onboarding (website URL, brand preferences).

02How We Use Your Data

We use the information we collect to:

  • Display your reel performance metrics and analytics
  • Match published reels to content scripts for feedback loops
  • Generate and post AI-assisted comment replies (when enabled)
  • Schedule content via third-party publishing tools
  • Generate scripts and carousels in your brand voice
  • Send transactional emails (welcome, usage alerts, weekly digests)

03AI Processing

Content you create or import may be sent to third-party AI services (Anthropic Claude, Google Gemini) for processing. This includes script generation, analysis, and brand voice matching.

We do not use your content to train AI models. Your data is processed in real-time and not retained by AI providers beyond the request.

04Data Storage

Your data is stored securely in Supabase (PostgreSQL) with encryption at rest. API tokens and credentials are encrypted server-side and never exposed to the client.

We use Vercel for hosting and Stripe for payment processing. Each handles data according to their respective privacy policies.

05Data Sharing

We do not sell your data to any third parties. Data is shared only with:

  • AI service providers (Anthropic, Google) for content processing
  • Stripe for payment processing
  • Resend for transactional emails
  • Apify for optional Instagram scraping

All third-party processors are bound by data processing agreements.

06Cookies

We use a single session cookie (cm_session) for authentication. We do not use tracking cookies or third-party analytics cookies.

07Data Retention

Your data is retained for as long as your account is active. Upon account deletion, we retain your data for 30 days (to allow recovery), after which it is permanently deleted.

API usage logs are retained for 90 days for billing purposes.

08Your Rights

You have the right to:

  • Access your personal data (export via Settings)
  • Correct inaccurate data (via Settings)
  • Delete your account and all associated data
  • Disconnect your Instagram account at any time
  • Object to automated decision-making

09Security

We implement industry-standard security measures including encrypted connections (TLS), secure credential storage, row-level security in our database, and regular security audits.

10Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

11Contact

For any privacy questions or data requests, contact us at privacy@postviral.ai.

Terms of Service

© 2026 PostViral

Ask about your brand

Knowledge Chat

Ask anything about your brand, scripts, frameworks, performance data, and more.