Legal & Policies

Last updated: February 17, 2026

1. Overview

PostCraft ("we", "us", "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. We are committed to transparency: we only collect the data that is stored in our database and nothing more.

2. Data We Collect

Data	Purpose	Storage
Email address	Authentication and account identification	Supabase Auth
Full name	Display in the app (profile, preview)	Supabase Database
Post drafts	Draft history and auto-save	Supabase Database
Usage counters	Enforce daily limits (posts, AI generations)	Supabase Database
Subscription tier	Determine feature access and limits	Supabase Database
PayHere Customer ID	Link your account to payment processing	Supabase Database

3. Data We Do NOT Collect

We do not use advertising cookies or tracking pixels
We do not sell, rent, or share your personal data with third parties for marketing purposes
We do not collect browsing history, device fingerprints, or location data
We do not store your password in plain text — authentication is handled by Supabase with industry-standard hashing (bcrypt). Your password is never accessible to us
We do not store credit card details — all payment processing is handled entirely by PayHere

4. Third-Party Services

OpenAI (AI Refinement)

When you use the "Magic Refine" feature, your post content is sent to OpenAI's API for processing. This data is subject to OpenAI's Terms of Use and Privacy Policy. We do not control how OpenAI processes or retains this data.

PayHere (Payments)

Payment processing is handled by PayHere. Your payment information is collected and processed directly by PayHere and is subject to PayHere's Privacy Policy. We only store a PayHere Customer ID to link your account — we never see or store your card number, CVV, or billing address.

Supabase (Database & Auth)

User data and authentication are managed by Supabase. Data is encrypted at rest and in transit. Row Level Security (RLS) ensures each user can only access their own data.

5. Your Rights

Access: You can view all data associated with your account within the application (posts, profile information).
Deletion: You may request complete deletion of your account and all associated data by contacting us. We will process deletion requests within 30 days.
Portability: Your post content is always available for you to copy from the application.
Correction: You can update your profile information at any time through the application.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (profile, posts, usage records) will be permanently removed within 30 days. Daily usage records older than 90 days may be automatically purged.

7. Security

We implement industry-standard security measures including: encrypted database connections (TLS), Row Level Security policies ensuring data isolation between users, HTTP-only authentication cookies, server-side secret management (API keys are never exposed to the browser), and webhook signature verification for payment events.

2. Data We Collect

Data	Purpose	Storage
Email address	Authentication and account identification	Supabase Auth
Full name	Display in the app (profile, preview)	Supabase Database
Post drafts	Draft history and auto-save	Supabase Database
Usage counters	Enforce daily limits (posts, AI generations)	Supabase Database
Subscription tier	Determine feature access and limits	Supabase Database
PayHere Customer ID	Link your account to payment processing	Supabase Database

3. Data We Do NOT Collect

We do not use advertising cookies or tracking pixels

We do not sell, rent, or share your personal data with third parties for marketing purposes

We do not collect browsing history, device fingerprints, or location data

We do not store your password in plain text — authentication is handled by Supabase with industry-standard hashing (bcrypt). Your password is never accessible to us

We do not store credit card details — all payment processing is handled entirely by PayHere

4. Third-Party Services

OpenAI (AI Refinement)

PayHere (Payments)

Supabase (Database & Auth)

User data and authentication are managed by Supabase. Data is encrypted at rest and in transit. Row Level Security (RLS) ensures each user can only access their own data.

5. Your Rights

Access: You can view all data associated with your account within the application (posts, profile information).

Deletion: You may request complete deletion of your account and all associated data by contacting us. We will process deletion requests within 30 days.

Portability: Your post content is always available for you to copy from the application.

Correction: You can update your profile information at any time through the application.

7. Security