Privacy Policy

Last updated: 19 May 2026

PostMCP ("we", "us") provides social posting infrastructure for AI agents. This policy describes what we collect, how we use it, and your choices.

Data we collect

• Account identifiers — email and workspace metadata from Clerk when you sign in.
• Publishing credentials — OAuth tokens issued by platforms you connect (LinkedIn, X, Mastodon, Bluesky, Threads, Reddit, TikTok, YouTube, etc.). Stored encrypted at rest.
• Post payloads — text, media, and scheduling metadata you send to the API, CLI, or MCP server. Retained per the retention policy.
• Operational logs — request traces, error reports, and webhook delivery state, retained for debugging and audit.

How we use data

• To execute posts and scheduled jobs you initiate.
• To deliver webhook notifications and surface failures.
• To compute usage for billing.
• To investigate incidents, abuse, and platform policy violations.

We do not sell personal data. We do not use post content to train models.

Subprocessors

• Clerk — authentication and session management.
• Stripe — billing and payments.
• Vercel — application hosting.
• Railway / Hetzner — worker and database infrastructure.
• Platform APIs (LinkedIn, X, Mastodon, Bluesky, etc.) — recipients of posts you instruct us to publish.

Retention

OAuth tokens persist while the connection is active and are deleted when you disconnect or revoke. Post payloads and operational logs are retained for the windows documented in data retention.

Your rights

You can disconnect accounts, delete posts, export your data, and request account deletion at any time. For data subject requests under GDPR / CCPA, email privacy@postmcp.dev.

Cookies and analytics

The marketing site (www.postmcp.dev) uses no third-party tracking. The dashboard application uses a single first-party session cookie managed by Clerk to keep you signed in. We do not run advertising pixels and do not share usage data with marketing platforms. First-party product analytics, where enabled, are recorded against your workspace ID only and never against a marketing cookie.

International transfers

Our primary infrastructure runs in EU regions (Hetzner DE and Vercel EU). Some subprocessors (Clerk, Stripe) may transfer data to the United States under Standard Contractual Clauses and the EU-US Data Privacy Framework. We do not transfer raw post payloads outside of our processing regions.

Changes to this policy

We will post material changes to this page and update the date at the top. If a change broadens the categories of data we collect we will email workspace owners before the change takes effect.

Contact

Questions about this policy: privacy@postmcp.dev. For general support, billing, and security topics see the contact page.