Privacy Policy

1. Who we are

PostRapid is an AI-powered post writing tool for professionals worldwide. We are operated as an independent product and act as the Data Controller (under GDPR) and Data Fiduciary (under India's DPDP Act) for all personal data we collect. Our contact email is postrapid.work@gmail.com.

2. What data we collect

We collect only what is necessary to provide the service:

• ·Account data — your email address and encrypted password when you register with email, or your name and email provided by Google if you sign in with Google.
• ·Profile information — name, profession, city, industry, years of experience, writing tone, topics, and audience preferences that you provide when setting up your profile. This is entirely optional beyond what is needed to generate posts.
• ·Content you create — posts and drafts you generate or save inside the platform, and images you upload to attach to posts.
• ·Payment data — when you upgrade, your payment is handled directly by our payment processor. We do not receive or store your card number, CVV, or bank details. We only receive a payment confirmation and your subscription status.
• ·LinkedIn access token — if you connect your LinkedIn account (Starter and Pro plans), we store a limited-scope access token to publish posts on your behalf at scheduled times. We do not access your LinkedIn messages, connections, or any data beyond what is required to post content.
• ·Usage data — basic logs of features used and pages visited, used for security monitoring and improving the service. We do not use third-party analytics or advertising trackers.

3. Lawful basis for processing (GDPR)

For users in the EEA, we process personal data under the following lawful bases:

• ·Performance of a contract (Article 6(1)(b)) — processing your account data, profile, and content is necessary to provide the PostRapid service you have signed up for. Without this, we cannot operate your account or generate posts.
• ·Consent (Article 6(1)(a)) — connecting your LinkedIn account for scheduling is entirely optional and based on your explicit consent. You can withdraw this consent at any time by disconnecting your LinkedIn account from your Profile settings.
• ·Legitimate interests (Article 6(1)(f)) — we process basic usage logs to detect fraud, protect account security, and monitor service stability. Our legitimate interest is maintaining a safe and functional platform. This does not override your rights.
• ·Legal obligation (Article 6(1)(c)) — we retain payment records as required by applicable financial and tax regulations.

4. How we use your data

• ·To generate AI posts personalised to your profession, tone, and topics
• ·To save your drafts, manage your account, and maintain your plan and credit balance
• ·To process payments and manage your subscription
• ·To send transactional emails only — account confirmation, payment receipts, and password reset links. We do not send marketing emails.
• ·To publish or schedule posts to LinkedIn, where you have explicitly connected your account and chosen to do so
• ·To detect and prevent fraud, abuse, and unauthorised access
• ·We do not sell your data to third parties
• ·We do not use your posts or profile to train AI models
• ·We do not use your data for advertising profiling or behavioural targeting

5. Data processors and third parties

To deliver the service, we use the following categories of sub-processors. Each is bound by a data processing agreement and is required to handle your data in compliance with applicable privacy law:

• ·Authentication & database hosting — stores your account, profile, posts, and drafts securely in encrypted cloud infrastructure. Data may be stored in the United States or EU regions.
• ·AI content generation — your idea and profile details are sent to an AI language model to generate post content. The provider does not retain your data beyond the immediate API call and does not use it for training.
• ·Payment processing — handles card transactions securely. We never receive or store your full card number. The processor is PCI-DSS compliant.
• ·Application hosting & delivery — hosts the PostRapid web application. Your requests are processed through their infrastructure.

You can request the full list of named processors by emailing postrapid.work@gmail.com.

6. International data transfers

Some of our processors are based in or operate infrastructure in the United States or other countries outside the European Economic Area (EEA) or India. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission for EEA transfers, and equivalent contractual protections for transfers from India. By using PostRapid, you acknowledge that your data may be processed in these jurisdictions.

7. Data retention

We retain personal data only as long as necessary:

• ·Account & profile data — retained while your account is active. Deleted within 30 days of a verified account deletion request.
• ·Posts and drafts — deleted when you delete them individually, or within 30 days of account deletion.
• ·Payment records — retained for up to 7 years as required by financial and tax regulations, even after account deletion.
• ·LinkedIn access token — deleted immediately when you disconnect your LinkedIn account or when your account is deleted.
• ·Usage logs — retained for up to 90 days for security monitoring, then automatically purged.

8. Your rights

Depending on your location, you have the following rights over your personal data. EEA users have these rights under GDPR. Indian users have equivalent rights under the DPDP Act. All users can exercise these rights regardless of jurisdiction.

• ·Right to access — you can request a copy of all personal data we hold about you.
• ·Right to rectification — you can correct inaccurate data at any time from your Profile settings page, or by contacting us.
• ·Right to erasure — you can request deletion of your account and all associated personal data. Payment records are excluded where retention is required by law.
• ·Right to data portability — you can request your data in a structured, machine-readable format (JSON or CSV).
• ·Right to restrict processing — you can ask us to pause processing of your data in certain circumstances, such as while a dispute is being resolved.
• ·Right to object — you can object to processing based on legitimate interests. We will stop unless we have compelling grounds that override your interests.
• ·Right to withdraw consent — where processing is based on consent (such as the LinkedIn integration), you can withdraw it at any time without affecting the legality of prior processing. To withdraw LinkedIn consent, disconnect your account from Profile settings.
• ·Right to lodge a complaint (EEA users) — if you believe we are not handling your data lawfully, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
• ·Right to grievance redressal (Indian users) — under India's DPDP Act, you can raise a data-related complaint with us directly. See Section 12 (Grievance Officer) below.

To exercise any of these rights, email us at postrapid.work@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing the request.

9. Data storage and security

Your data is stored in encrypted cloud infrastructure with strict access controls. All connections use HTTPS/TLS encryption in transit. Passwords are hashed and never stored in plain text. We follow industry-standard security practices and limit internal access to personal data on a need-to-know basis. In the event of a data breach that poses a significant risk to your rights and freedoms, we will notify affected users and relevant authorities within 72 hours as required by GDPR, or within the timeframe required by applicable law. No system is 100% secure — please use a strong, unique password and enable two-factor authentication where available.

10. Cookies

We use only strictly necessary cookies required for authentication and session management (to keep you logged in). We do not use advertising cookies, tracking cookies, or any form of cross-site tracking. No cookie consent banner is required for strictly necessary cookies under GDPR and the ePrivacy Directive. If we ever introduce non-essential cookies, we will update this policy and obtain your consent first.

11. Children's privacy

PostRapid is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at postrapid.work@gmail.com and we will delete the account promptly.

12. Grievance officer (India — DPDP Act)

In accordance with India's Digital Personal Data Protection Act, 2023, users in India may raise data-related grievances with our designated contact:

• ·Grievance contact: PostRapid Data Team
• ·Email: postrapid.work@gmail.com
• ·Response time: We will acknowledge your grievance within 48 hours and resolve it within 30 days.

If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India, once constituted under the DPDP Act.

13. Changes to this policy

We may update this policy from time to time to reflect changes in the law or our practices. We will notify you of significant changes by email at least 14 days before they take effect. The updated policy will always be available at this page with the date of the latest revision. Continued use of PostRapid after changes take effect means you accept the updated policy. If you do not accept the changes, you may close your account before they take effect.

14. Contact

For any privacy-related questions, data requests, or concerns, write to us at postrapid.work@gmail.com. We aim to respond within 5 business days for general queries and within 30 days for formal rights requests.