Privacy Policy

1. What we collect

When you create an account, we collect your email address and password (stored as a bcrypt hash — we never see your plaintext password).

When you connect integrations, we store OAuth access tokens for GitHub, Notion, and Slack. We only access the specific data you authorize:

• GitHub: PR titles, descriptions, and merge metadata. We never read your source code.
• Notion: Page titles and text content of selected pages only.
• Slack: Messages from selected channels only (messages under 20 characters are ignored).

2. How we use your data

Your data is used exclusively to generate LinkedIn post drafts. Specifically:

• Work events (PR merges, doc updates, messages) are sent to Anthropic's Claude API to generate draft posts.
• Your writing samples are analyzed once to create a tone profile, then used as context for draft generation.
• We do not sell, share, or use your data for advertising.

3. Third-party services

We use the following third-party services:

• Anthropic (Claude): AI model for draft generation. Subject to Anthropic's Privacy Policy.
• Stripe: Payment processing. We never store your card details. Subject to Stripe's Privacy Policy.
• Cloudflare: DNS and CDN. Subject to Cloudflare's Privacy Policy.

4. Data storage & security

Your data is stored on a Hetzner VPS in the EU. All connections use TLS encryption. Access tokens are stored encrypted at rest. We use industry-standard security practices including bcrypt password hashing and HMAC webhook verification.

5. Data retention & deletion

Your data is retained as long as your account is active. You can request full account deletion by emailing [email protected]. Upon deletion, we remove all your personal data, integration tokens, drafts, and work events within 30 days.

6. Cookies

We use a JWT token stored in your browser for authentication. We do not use tracking cookies, analytics cookies, or any third-party cookies.

7. Your rights

You have the right to access, correct, or delete your personal data at any time. You can disconnect integrations from your dashboard, which immediately revokes our access. For any privacy-related requests, contact us at [email protected].

8. Changes

We may update this policy from time to time. We'll notify you of significant changes via email. Continued use of ShipPost after changes constitutes acceptance.