Privacy Policy

Account information you provide: email address, display name, and mobile number.

Data from connected social accounts: post metadata, performance metrics (views, likes, comments), and follower counts. We do not store your social media passwords — only OAuth access tokens required to act on your behalf.

Usage data: which features you use, pages you visit, and errors encountered — used to improve the product.

To provide core features: publishing posts, syncing analytics, and running automation rules on your behalf.

To improve the product: aggregate, anonymised usage data helps us understand what to build next.

To provide support: access to your account data allows us to diagnose issues when you contact us.

We do not sell your personal data to third parties.

We share data only with service providers required to operate StarlingPost: Firebase (Firestore, Auth), Vercel (hosting and cron), OpenAI (AI features).

All providers are contractually bound to appropriate data protection obligations.

We will comply with lawful requests from authorities where required by applicable law.

Your data is retained for as long as your account is active.

If you delete your account, we delete your Firestore document and all sub-collections (posts, automation rules, dedup records) immediately.

Backup and log data may persist for up to 30 days after deletion.

Access: request a copy of the data we hold about you.

Correction: update your display name and mobile via the Profile page. Email corrections require contacting support.

Deletion: delete your account from Settings → Danger Zone. This removes all associated data.

For any other requests, contact support@starlingpost.com.

OAuth tokens are stored encrypted in Firestore. Passwords are managed by Firebase Authentication and never stored by us.

All data is transmitted over HTTPS. We do not log OAuth tokens in plaintext.