Privacy Policy

1. About This Policy

PostPilot is operated by PostPilot Pty Ltd (ACN pending), based in Melbourne, Victoria, Australia ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use the PostPilot platform, website, and related services (the "Service").

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using PostPilot, you agree to the collection and use of information as described in this Policy.

2. Information We Collect

We collect the following categories of personal information:

Account information: Your name, email address, and password when you create an account.

Business information: Your business name, industry, brand colours, fonts, logo, tagline, and brand voice — provided during onboarding and editable in Settings.

Social media handles: Your Instagram handle and Facebook Page ID, used to facilitate auto-posting. We do not collect your social media passwords.

Uploaded content: Video clips and photos you upload to PostPilot each week for content production. These are stored securely in our cloud storage and used solely to produce your weekly content output.

Payment information: Billing is processed by Stripe. We do not store your credit card number, CVC, or full payment details on our servers. Stripe's privacy policy governs the handling of your payment information.

Usage data: Information about how you use the Service, including pages visited, features used, and actions taken within the app. This is used to improve the Service and is not sold to third parties.

Device and technical data: IP address, browser type, operating system, and device identifiers collected automatically when you use the Service.

3. How We Use Your Information

We use your personal information to:

• •Provide and operate the PostPilot Service, including producing your weekly content
• •Process your account registration and manage your subscription
• •Send you transactional emails (content ready notifications, billing receipts, account alerts)
• •Send you SMS notifications if you have opted in
• •Improve and develop the Service based on usage patterns
• •Respond to your support requests
• •Comply with our legal obligations
• •Detect and prevent fraud and abuse of the Service

We will only send you marketing communications with your explicit consent, and you can unsubscribe at any time via the link in any marketing email or by emailing us at hello@postpilot.solutions.

4. Sharing Your Information

We do not sell your personal information. We share your information only as follows:

Service providers: We use third-party services to operate PostPilot, including Supabase (database and file storage), Make.com (workflow automation), Shotstack (video rendering), OpenAI (AI caption generation), AssemblyAI (transcription), Stripe (payments), Resend (transactional email), and Twilio (SMS). These providers process your data on our behalf under data processing agreements and are not permitted to use your data for their own purposes.

Meta Platforms: When you connect your Instagram or Facebook account, we interact with the Meta Graph API to schedule and post your content. Your content is transmitted to Meta's servers in accordance with Meta's Privacy Policy and Terms of Service.

Legal requirements: We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights or the safety of others.

Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Your Uploaded Content

Video clips and photos you upload to PostPilot are stored in secure cloud storage (Supabase). This content is:

• •Used exclusively to produce your weekly PostPilot content output
• •Not used to train any AI models without your explicit consent
• •Not shared with any third party except the rendering and processing services listed in Section 4
• •Retained for the duration of your subscription plus 30 days, after which it is permanently deleted

You retain full ownership and copyright of all content you upload. By uploading content, you grant PostPilot a limited licence to process, transform, and store that content solely for the purpose of providing the Service.

6. Data Storage and Security

Your data is stored on servers located in the Asia-Pacific region (Tokyo, Japan) via Supabase. Some data may be processed by our service providers in other regions, including the United States and European Union, where different privacy laws may apply. We ensure appropriate safeguards are in place for any international transfers.

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Cookies and Tracking

PostPilot uses cookies and similar technologies to:

• •Maintain your login session
• •Remember your preferences
• •Understand how you use the Service (analytics)

We do not use third-party advertising cookies. You can control cookies through your browser settings, though disabling certain cookies may affect the functionality of the Service.

8. Your Rights

Under the Privacy Act 1988 (Cth), you have the right to:

• •Access the personal information we hold about you
• •Correct inaccurate or incomplete personal information
• •Delete your personal information (subject to our legal obligations to retain certain records)
• •Withdraw consent for marketing communications at any time
• •Data portability — request a copy of your data in a machine-readable format
• •Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information

To exercise any of these rights, email us at hello@postpilot.solutions. We will respond within 30 days.

9. Data Retention

We retain your personal information for as long as your account is active. If you cancel your subscription or request account deletion:

• •Your account data (name, email, settings) is deleted within 30 days
• •Your uploaded content (video clips, photos) is deleted within 30 days
• •Billing records are retained for 7 years as required by Australian tax law
• •Anonymised usage data may be retained indefinitely for service improvement purposes

You can request immediate deletion by emailing hello@postpilot.solutions.

10. Children's Privacy

PostPilot is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the Service. Your continued use of PostPilot after changes are made constitutes acceptance of the updated Policy. The date of the most recent revision is shown at the top of this page.

12. Contact Us

For any privacy-related questions, requests, or complaints:

PostPilot Pty Ltd Melbourne, Victoria, Australia Email: hello@postpilot.solutions

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.