Privacy Policy

We collect the following categories of data:

We use your data to:

• Provide and operate the Reposte service — generating outputs, saving history, managing your account
• Send content to AI providers to produce your repurposed posts
• Publish content to social platforms when you authorize it
• Process your subscription and billing via Stripe
• Send transactional emails: account confirmation, billing receipts, important service updates
• Enforce usage limits, detect abuse, and maintain service integrity
• Improve the product based on aggregate usage patterns

We do not sell your data. We do not use your data for advertising or behavioral profiling. We do not use your uploaded content to train our own AI models.

When you use Reposte, content you upload is sent to third-party AI services to generate outputs:

• Anthropic (Claude API) — Text content (transcripts, articles, pasted text, extracted document content) is sent to Anthropic's Claude models to generate platform-native posts. Anthropic processes this content to return a response and does not use API inputs to train their models under their current API usage policy.
• OpenAI (Whisper) — Audio files you upload (for podcast or audio repurposing) are sent to OpenAI's Whisper API for transcription. The resulting transcript is then passed to Claude for generation.
• OpenAI (GPT-4o) — Images and screenshots you upload are sent to OpenAI's vision API to extract and understand text content.

We do not send your content to these providers for any purpose other than generating your requested output.

Reposte relies on the following infrastructure and service providers:

• Supabase — Database and authentication. Your account data, history, Brand Voice data, and OAuth tokens are stored in Supabase-hosted databases. Data is stored in the United States.
• Vercel — Application hosting and serverless functions. Web requests pass through Vercel's infrastructure to reach our application.
• Stripe — Payment processing. Stripe handles all billing securely. Their use of your data is governed by Stripe's Privacy Policy.
• Anthropic — AI content generation. Subject to Anthropic's Privacy Policy.
• OpenAI — Audio transcription and image understanding. Subject to OpenAI's Privacy Policy.
• LinkedIn API — Used to publish content to your LinkedIn account when you authorize it. We access only the scopes needed for posting.
• X/Twitter API — Used to publish content to your X account when you authorize it. We access only the scopes needed for posting.

When you connect a social account (LinkedIn or X/Twitter) for direct publishing, you authorize Reposte to post content on your behalf. Specifically:

• We store an encrypted OAuth access token for the connected account
• We use this token only when you explicitly click "Publish" or schedule a post
• We do not read your social media feed, messages, follower data, or any data beyond what is needed to post
• You can revoke access at any time from your Reposte account settings, or directly from LinkedIn's or X's app settings

We use cookies for one purpose: keeping you logged in. When you sign in, a secure, HTTP-only session cookie is set so you don't have to re-authenticate on every visit.

We do not use cookies for advertising, cross-site tracking, or behavioral profiling. We do not use third-party tracking cookies.

You can clear cookies through your browser settings at any time. Doing so will sign you out of Reposte.

We use basic server-side analytics to understand how the product is being used — for example, which features are most used and where users encounter friction. This data is aggregated and not tied to individual identities for any advertising purpose.

We do not use Google Analytics, Meta Pixel, or any advertising-network analytics tools.

Account data is retained as long as your account exists.

Repurpose history is stored for as long as you're an active user. Pro users have full history; Free users may have limited retention.

Connected account OAuth tokens are stored until you disconnect the account or delete your Reposte account.

Uploaded files (audio, PDFs, images) are processed and not retained beyond what is necessary to complete your request.

When you delete your account, all personal data associated with it — account info, history, Brand Voice data, and OAuth tokens — is deleted within 30 days. Some billing records may be retained for legal compliance (e.g., proof of subscription for tax purposes) as required by law.

You have the following rights over your data:

• Access: You can view all content in your Reposte account at any time from within the app.
• Export: Contact us at hello@reposte.app to request an export of your data.
• Correction: You can update your account email and other information from your settings.
• Deletion: You can request deletion of your account and all associated data by emailing hello@reposte.app with the subject "Delete my account." We'll process it within 30 days.
• Revoke social access: You can disconnect connected LinkedIn or X/Twitter accounts from your Reposte settings at any time.

If you are in the EU or UK, you may also have rights under GDPR/UK GDPR including the right to lodge a complaint with your local supervisory authority.

We take reasonable steps to protect your data:

• All data is transmitted over HTTPS/TLS
• Passwords are hashed and never stored in plain text
• OAuth tokens for connected social accounts are encrypted at rest
• Database access is restricted to application-level credentials with least-privilege access
• Our infrastructure providers (Supabase, Vercel) maintain their own security certifications and practices

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

Reposte is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has created an account, contact us at hello@reposte.app and we will delete the account promptly.

Reposte is operated in the United States. If you access the service from outside the US, your data may be transferred to and processed in the US. By using Reposte, you acknowledge this. We rely on our third-party providers' data transfer mechanisms where applicable.

We may update this Privacy Policy. When we do, we'll update the "Last updated" date above. For significant changes that affect how we handle your data, we'll notify you by email at least 14 days before the changes take effect.

Continuing to use Reposte after changes are posted means you accept the updated policy.

Questions about this Privacy Policy or your data? Reach us at:

Reposte
hello@reposte.app
reposte.app