Privacy Policy

Postora (“we”, “us”, “our”) is operated by Yukti software Technologies, based in India. We provide an automation tool that converts blog content into social media posts.

For any privacy questions or to exercise your rights under this policy, contact us at support@postora.pro.

We collect only the data required to operate the service:

• Account information: your email address, optional display name, and a securely-hashed password (never stored in plain text).
• Blog data: the public RSS feed URL you provide, your blog name, and metadata about articles published on that feed (titles, URLs, images, excerpts).
• Social connections: OAuth access tokens for the platforms you connect (Facebook Pages, Instagram Business). We never see or store your social-network password.
• Generated content: AI-generated captions, suggested platforms, and engagement scores produced by Postora for your articles.
• Usage data: when you log in, how many posts you create, and which features you use, for billing and product improvement.
• Payment data: if you subscribe, Razorpay handles your card details directly. We only receive a payment ID, order ID, and plan-activation confirmation — never your card number, CVV, or banking credentials.
• Support correspondence: messages you send us by email.

Your data is used solely to operate the service:

• Authenticating you and keeping your session secure.
• Fetching new articles from your RSS feed every 10 minutes.
• Generating captions via AI providers (see Section 5) and saving them in your account.
• Publishing posts to the social accounts you have connected, using OAuth tokens.
• Processing payments and enforcing plan limits.
• Sending you transactional emails about account events (sign-up confirmation, payment receipts, important security notices).
• Investigating abuse or violations of our Terms of Service.

Where applicable (e.g. for users in the EU/UK), we process data on the following bases: contract performance (operating your account), legitimate interest (security, fraud prevention, product improvement), legal obligation (tax, accounting), and consent (where required for marketing).

We use a small set of trusted vendors to operate Postora. Each receives only the data they need to perform their function:

• Supabase — database hosting, authentication. Stores your account and blog data.
• Netlify — application hosting and CDN.
• OpenRouter — AI caption generation. Article titles and excerpts are sent to generate captions; we don’t share your name, email, or payment info.
• Razorpay — payment processing. Handles card details and PCI compliance directly.
• Meta (Facebook & Instagram) — receives your content via OAuth when you choose to publish.
• cron-job.org — schedules our automatic RSS checks.

We do not use cookies or scripts from advertising networks. We do not run analytics that personally identify you to third parties.

We use the minimum necessary:

• Authentication cookies set by Supabase to keep you logged in.
• Local storage for UI preferences (e.g. dashboard view).

We do not use third-party tracking, advertising, or analytics cookies.

Postora’s primary database is hosted on Supabase infrastructure. Application logic runs on Netlify edge servers. Both providers operate globally, with primary processing in regions of their choosing. By using Postora, you consent to your data being processed in these locations.

• Active account data: retained as long as your account is active.
• After deletion: when you delete your account, your blog data, posts, captions, and OAuth tokens are removed within 30 days.
• Billing records: retained for up to 7 years to satisfy tax and accounting obligations under Indian law.
• Support emails: retained for up to 2 years to provide consistent help if you contact us again.

You can:

• Access & export the data we hold on you — email support@postora.pro and we’ll send you an export within 14 days.
• Correct inaccurate data via your account settings, or by emailing us.
• Delete your account from the dashboard at any time. This permanently removes your data within 30 days, subject to legal retention obligations (Section 8).
• Disconnect any social account from Settings — this immediately revokes our OAuth token and stops future publishing.
• Withdraw consent for any processing based on consent.

To exercise any of these rights, contact support@postora.pro.

We follow standard practices to protect your data: HTTPS for all traffic, hashed passwords, encrypted storage at the database level, OAuth tokens stored in restricted-access tables, and regular dependency updates.

No system is completely secure. If a breach occurs that affects you, we will notify you within 72 hours of confirming the incident, where required by law.

Postora is not intended for users under 18. We do not knowingly collect data from children. If you believe a minor has created an account, contact us and we will delete it promptly.

If we make material changes to this policy, we’ll update the “Last updated” date above and notify active users by email at least 14 days before the changes take effect. Continued use of Postora after the effective date constitutes acceptance.

For all privacy questions, data requests, or complaints:

• Email: support@postora.pro
• Operated by: Yukti software Technologies, India