Posthive is built with privacy in mind. This policy explains what we collect, why we collect it, and how you can control it. We keep it plain English no legalese walls.
Posthive is an open-source social media scheduling tool licensed under AGPL-3.0. When you use the hosted version at posthive.app, the data controller is the Posthive team. If you self-host Posthive, you are the data controller for your own instance.
When you register we collect your email address and a bcrypt-hashed password. We never store your password in plain text.
OAuth tokens and app passwords (e.g. Bluesky) are stored AES-256-GCM encrypted in our database. The encryption key is never stored in the database only in the server environment. We cannot read your tokens without the key.
The text and images you schedule are stored so we can publish them at the time you choose. Media files are stored on Supabase Storage (hosted version) or local disk (self-hosted). We do not analyse your content.
We collect basic server logs (IP address, request path, timestamp) for debugging and abuse prevention. These are not sold or shared with third parties.
Payments are handled by Dodo Payments. We never see or store your card details only a customer ID and subscription status returned by the payment processor.
We keep your data for as long as your account is active. When you delete your account, all personal data including social account credentials and scheduled posts is permanently deleted within 30 days. Anonymised aggregate statistics (total post count etc.) may be retained.
The hosted version of Posthive uses the following sub-processors:
Each processor has its own privacy policy. We only share the minimum data required for them to perform their service.
We use a single HTTP-only cookie to store your session (JWT refresh token). This cookie is strictly necessary for the app to function and does not track you across other sites. We do not use advertising cookies.
Depending on your jurisdiction you may have the right to:
To exercise any of these rights, email us at gunasheelan208@gmail.com. We will respond within 30 days.
We use industry-standard practices: HTTPS everywhere, AES-256-GCM credential encryption, bcrypt password hashing, HTTP-only secure cookies, and rate limiting on auth endpoints. No system is 100% secure if you discover a vulnerability please disclose it responsibly to gunasheelan208@gmail.com.
If you run Posthive on your own infrastructure, this policy does not apply to your instance. You are the data controller and are responsible for your users' data under applicable law.
We may update this policy as the product evolves. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top will always reflect the current version.
Questions about this policy? Reach us at gunasheelan208@gmail.com.