Privacy

Privacy Policy

Last updated: May 1, 2026

Who we are

Posts Finder ("we", "us") is operated by the team at support@postsfinder.com. This policy explains what personal data we collect, how we use it, and what rights you have over it.

Information we collect

Account data — your email address, display name, hashed password, and (if you sign in with Google) your Google account ID and avatar URL.
Authentication metadata — account creation time, last login time, email verification status, and failed login counts (used for lockout protection).
Connected platform tokens — if you connect a Twitter/X or LinkedIn account, we store the OAuth credentials needed to call those APIs on your behalf. Tokens are scoped to your user only and are not shared with other users.
Server logs — standard request logs (IP, user agent, path, status code) retained for up to 30 days for security and debugging.

How we use information

We use account data to authenticate you, protect the dashboard, send transactional email (verification, password reset), and operate features you trigger (such as exports and connected-account scrapes). We do not sell personal data and do not use it for advertising.

Google API Services User Data Policy — Limited Use disclosure

When you sign in with Google, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Google account data only to provide the user-facing sign-in feature.
We do not transfer Google user data to third parties except as needed to provide or improve the sign-in feature, comply with applicable law, or as part of a merger, acquisition, or sale of assets with appropriate notice.
We do not use Google user data for serving advertisements.
We do not allow humans to read Google user data unless we have your explicit consent, it is required for security, to comply with law, or the data has been aggregated and anonymized.

Public data shown in the dashboard

The dashboard organizes posts and metadata that are publicly available on supported sources (Reddit, Twitter/X, LinkedIn, etc.). This content is not "personal data we collect from you"; it is third-party public content. You are responsible for using exported data in compliance with the source platform's terms and applicable law.

Cookies

We set a single first-party session cookie that keeps you logged in. We do not use third-party tracking cookies and do not run third-party analytics that profile you across sites.

Your rights

If you have an account, you can:

Export your data — request a JSON copy of everything we hold about you from your account privacy page.
Delete your account — permanently remove your account and all associated data (including connected platform tokens).
Disconnect a platform — revoke any connected Twitter/LinkedIn token from /app/accounts.

Under GDPR (if you are in the EU/UK) you also have the right to request access, rectification, restriction, and to lodge a complaint with your local data protection authority.

Data retention

Account data is retained for as long as your account exists. When you delete your account, we delete your row and your platform tokens immediately. Server logs roll off after 30 days. Backups, if any, are overwritten on a rolling weekly basis.

Security

Passwords are hashed with a modern salted hash. Connections to the site use HTTPS. Connected platform tokens are stored server-side and never exposed to other users.

Changes to this policy

If we make material changes we will update the "Last updated" date and, where appropriate, notify you by email.

Contact

Questions or requests can be sent to support@postsfinder.com.