Last updated: June 1, 2026

Privacy Policy

AIPoster (“we”, “us”, or “our”), operated by [PLACEHOLDER: Legal entity name and registration details once formally registered], is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights under applicable Indian law, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Information Technology Act, 2000.

By using the AIPoster platform (“Service”), you consent to the collection and processing of your personal data as described in this Policy.

1. Information We Collect

We collect the following categories of information when you use the Service:

a) Account and identity data

• Name and email address provided by Google or GitHub when you authenticate via OAuth;
• Profile picture URL (if provided by your OAuth provider);
• Account preferences and settings.

b) Brand and content data

• Brand profiles you create, including brand name, voice guidelines, and target audience descriptions;
• Content drafts, AI-generated posts, scheduled posts, and published post records;
• Images and media files you upload to the platform;
• Social media account connection credentials (access tokens).

c) Usage and analytics data

• Post performance analytics retrieved from connected social media platforms (impressions, engagement, reach);
• Feature usage logs, session data, and platform interaction events;
• IP address and browser or device information.

d) Payment data

• Subscription plan and billing history. Payment card details are processed directly by Razorpay and are not stored on AIPoster servers;
• Transaction identifiers and payment status records provided by Razorpay.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To create and manage your account, enable social media scheduling, and provide all platform features;
• AI content generation: To transmit your content prompts and brand profile data to third-party AI provider APIs for the purpose of generating social media content (see Section 3 for full disclosure);
• Analytics: To display post performance data within your dashboard;
• Billing: To manage your subscription, process payments through Razorpay, and maintain billing records;
• Communication: To send service-related notifications, security alerts, and, where you have consented, product updates;
• Security and integrity: To detect and prevent fraudulent or abusive use of the Service;
• Legal compliance: To meet our obligations under applicable law.

3. AI Data Processing Disclosure

This section is important. Please read it carefully before using the AI content generation features.

When you use AIPoster to generate content, your inputs — including your prompts, brand profile information, and any contextual data you provide — are transmitted to one or more of the following third-party AI provider APIs:

• Anthropic, Inc.(Claude) — based in the United States;
• OpenAI, LLC(GPT models) — based in the United States;
• Google LLC(Gemini) — based in the United States;
• DeepSeek— based in the People’s Republic of China.

These providers process your data on their own infrastructure in jurisdictions outside India. By using the AI generation features of the Service, you consent to this international transfer and processing of your data. We select the AI provider based on your plan settings and system defaults; you may have the option to select a preferred provider within your account settings.

We do not knowingly transmit sensitive personal data (such as financial information, health data, or government identification numbers) to AI providers. You should not include such data in your content prompts.

Each AI provider has its own data retention and usage policies. We encourage you to review the privacy policies of these providers. AIPoster does not control how these providers store or use data transmitted via their APIs.

4. Data Storage and Security

Your data is stored using the following infrastructure:

• Database: Neon (serverless PostgreSQL) — account data, brand profiles, post records, analytics, and application data are stored here. Neon provides encryption at rest and in transit;
• File storage: AWS S3 (`upkram-app` bucket) — images and media files you upload are stored here. Access is controlled via AWS IAM policies. Data is encrypted at rest using AWS server-side encryption;
• Authentication sessions: Session tokens are managed by NextAuth.js and stored in your browser as secure, HTTP-only cookies.

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. However, no internet transmission or electronic storage system is completely secure. In the event of a personal data breach affecting your rights and freedoms, we will notify you and the relevant authority as required by the DPDP Act, 2023.

5. Data Sharing

We do not sell your personal data. We share your data only as necessary to provide the Service, with the following categories of recipients:

• AI providers (Anthropic, OpenAI, Google, DeepSeek): Content prompts and brand context transmitted for AI generation, as described in Section 3;
• Razorpay: Billing and payment information necessary to process your subscription;
• Social media platforms: Content and scheduling instructions transmitted to platforms you have connected, using the access tokens you have authorised;
• Cloud infrastructure providers (AWS, Neon): Data stored on their platforms for service operation;
• Legal or regulatory authorities: Where required by applicable law, court order, or government request.

6. Cookies and Tracking

We use the following cookies and session mechanisms:

• Session cookies: Set by NextAuth.js to maintain your authenticated session. These are essential for the Service to function and cannot be disabled while you are logged in;
• CSRF tokens: Set by NextAuth.js to protect against cross-site request forgery attacks.

We do not currently use third-party advertising cookies or behavioural tracking cookies. If this changes, we will update this Policy and seek your consent where required.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account and profile data is retained until you delete your account;
• Post and content data is retained until you delete it or delete your account;
• Payment and billing records are retained for a minimum of 7 years as required under Indian tax and accounting laws;
• System logs may be retained for up to 90 days for security and debugging purposes.

When you delete your account, we will delete or anonymise your personal data within a reasonable period, except where retention is required by law.

8. Your Rights Under the DPDP Act, 2023

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights in respect of your personal data:

• Right to access: The right to obtain a summary of personal data held about you and the purposes for which it is processed;
• Right to correction and erasure: The right to request correction of inaccurate or incomplete personal data and erasure of data that is no longer necessary or where consent has been withdrawn;
• Right to grievance redressal: The right to have grievances addressed by our Grievance Officer (see Section 9);
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal;
• Right to nominate: The right to nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact us at airrakeshkumarsharma@gmail.com. We will respond within the period required by applicable law.

9. Data Protection / Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we have designated a Grievance Officer to address data-related concerns:

We will acknowledge grievances within 5 business days and endeavour to resolve them within 30 days of receipt.

10. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. Under the DPDP Act, 2023, processing of personal data of a child requires verifiable parental consent; accordingly, persons under 18 must not register for or use the Service. If we become aware that we have collected personal data from a person under 18 without appropriate consent, we will take prompt steps to delete that data. If you believe a minor has provided us with personal data, please contact us immediately.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside India, specifically the United States (by Anthropic, OpenAI, and Google) and the People’s Republic of China (by DeepSeek). These countries may not have data protection laws equivalent to those in India. By consenting to this Privacy Policy and using the AI generation features of the Service, you expressly consent to such cross-border transfers as permitted under the DPDP Act, 2023.

We will update this section if the Central Government notifies specific restricted countries under the DPDP Act and such restrictions affect our data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page and, where reasonably practicable, by sending an email notification to your registered address. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

Effective date: June 1, 2026