Privacy Policy

PostFlash ("we", "us", "PostFlash") provides a social media scheduling and automatic publishing service for Instagram, Facebook, TikTok and YouTube. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

• Account data: name, email address and password hash when you create a PostFlash account.
• Social account data: when you connect Instagram, Facebook, TikTok or YouTube via official OAuth, we receive basic profile information (such as username, display name, profile picture, account/page IDs) and access tokens needed to publish on your behalf.
• Content you upload: images, videos, captions, hashtags and scheduling metadata.
• Usage data: logs of scheduled and published posts, errors and timestamps used to operate the service.
• Billing data: processed by our payment provider; we store only the subscription status and plan.

PostFlash uses TikTok Login Kit and the official TikTok Content Posting API to allow you to connect your TikTok account and publish content you authorize. When you connect TikTok, we may receive basic profile information (open id, union id, display name, avatar) and the scopes you explicitly approve during the OAuth consent screen.

The same principle applies to Instagram, Facebook (Meta) and YouTube (Google): PostFlash only accesses what you explicitly authorize through their official login flow, and only uses those permissions to deliver the scheduling and publishing features you requested.

• To publish the content you schedule to the social accounts you connected.
• To display the status of your scheduled and published posts.
• To operate, secure and improve the service.
• To send transactional emails (account, billing, security).
• To comply with legal obligations.

We do not sell your personal data. We do not use your social content to train AI models.

Data is stored on secure, encrypted infrastructure. Access tokens are stored encrypted and used only by automated server processes to publish on your behalf. We retain your data while your account is active and for the period required by law after deletion.

You can revoke PostFlash's access at any time by:

• Disconnecting a social account from inside the PostFlash dashboard (Settings → Connected accounts).
• Revoking PostFlash directly from the social platform:
  • TikTok: Settings → Security & Permissions → Manage app permissions.
  • Instagram/Facebook: Meta Accounts Center → Apps and websites.
  • YouTube/Google: myaccount.google.com/permissions.
• Deleting your PostFlash account by contacting support@postflash.app.

When you delete your account, we delete your stored content, tokens and profile within 30 days, except where retention is required by law.

PostFlash relies on official APIs from TikTok, Meta (Instagram/Facebook) and Google (YouTube), and on infrastructure and payment providers. Your use of those platforms is governed by their own terms and privacy policies.

PostFlash is not directed to children under 13 (or the minimum age in your jurisdiction).

We may update this policy. Material changes will be communicated by email or in-app.

For privacy questions or data requests, contact support@postflash.app.