Last updated: June 29, 2026

Privacy Policy

Posthive is built with privacy in mind. This policy explains what we collect, why we collect it, and how you can control it. We keep it plain English no legalese walls.


1. Who we are

Posthive is an open-source social media scheduling tool licensed under AGPL-3.0. When you use the hosted version at posthive.app, the data controller is the Posthive team. If you self-host Posthive, you are the data controller for your own instance.

2. What we collect

Account information

When you register we collect your email address and a bcrypt-hashed password. We never store your password in plain text.

Social account credentials

OAuth tokens and app passwords (e.g. Bluesky) are stored AES-256-GCM encrypted in our database. The encryption key is never stored in the database only in the server environment. We cannot read your tokens without the key.

Post content & media

The text and images you schedule are stored so we can publish them at the time you choose. Media files are stored on Supabase Storage (hosted version) or local disk (self-hosted). We do not analyse your content.

Usage data

We collect basic server logs (IP address, request path, timestamp) for debugging and abuse prevention. These are not sold or shared with third parties.

Billing information

Payments are handled by Dodo Payments. We never see or store your card details only a customer ID and subscription status returned by the payment processor.

3. What we do not collect

  • We do not use tracking pixels or third-party analytics scripts.
  • We do not sell, rent, or trade your data to any third party.
  • We do not read or analyse the content of your scheduled posts.
  • We do not build advertising profiles.

4. How we use your data

  • Publishing posts - your content and credentials are used solely to post on your behalf at the scheduled time.
  • Authentication - your email and hashed password authenticate you to the app.
  • Transactional email - we send password reset emails via Resend. No marketing email without your consent.
  • Billing - subscription status determines which plan features are available to you.

5. Data retention

We keep your data for as long as your account is active. When you delete your account, all personal data including social account credentials and scheduled posts is permanently deleted within 30 days. Anonymised aggregate statistics (total post count etc.) may be retained.

6. Third-party services

The hosted version of Posthive uses the following sub-processors:

  • Supabase - database and file storage (EU/US regions)
  • Upstash / Railway Redis - job queue
  • Dodo Payments - payment processing
  • Resend - transactional email

Each processor has its own privacy policy. We only share the minimum data required for them to perform their service.

7. Cookies & local storage

We use a single HTTP-only cookie to store your session (JWT refresh token). This cookie is strictly necessary for the app to function and does not track you across other sites. We do not use advertising cookies.

8. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, email us at gunasheelan208@gmail.com. We will respond within 30 days.

9. Security

We use industry-standard practices: HTTPS everywhere, AES-256-GCM credential encryption, bcrypt password hashing, HTTP-only secure cookies, and rate limiting on auth endpoints. No system is 100% secure if you discover a vulnerability please disclose it responsibly to gunasheelan208@gmail.com.

10. Self-hosted instances

If you run Posthive on your own infrastructure, this policy does not apply to your instance. You are the data controller and are responsible for your users' data under applicable law.

11. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top will always reflect the current version.

12. Contact

Questions about this policy? Reach us at gunasheelan208@gmail.com.

© 2026 Posthive. Open source under AGPL-3.0.
PrivacyTerms