Privacy Policy for PostFuel

Last Updated: April 30, 2025

This Privacy Policy describes how **PostFuel** ("PostFuel", "we", "us", or "our") collects, uses, and shares information about you when you use our PostFuel API, website (`postfuel.dev`), and related services (collectively, the "Service"). **Please replace "PostFuel" here with your actual registered company name or your name if operating as a sole proprietor.**

1. Information We Collect

We collect information you provide directly to us, information generated through your use of the Service, and information we collect automatically from the website:

  • Account Information: When you register, we collect information such as your name, email address, and password (stored securely hashed). If you subscribe, we also store details related to your subscription plan.
  • Payment Information: When you subscribe to a paid plan, our third-party payment processor, **Stripe**, collects and processes your payment card information directly. PostFuel does not store your full payment card details but receives information from Stripe necessary to manage your subscription (like subscription status, billing history reference, and potentially partial card details like the last 4 digits for identification).
  • API Usage Information ("Usage Logs"): We collect metadata about your API interactions, including the endpoints accessed, timestamps, the IP address making the request, user agent details, request parameters (excluding sensitive credentials like API keys within the logs themselves, though the system uses your key for authentication), response status codes, credits consumed, and potentially request duration for performance monitoring.
  • Content Processing Data:
    • When you submit a request to `/generate-preview`, we process the input you provide (e.g., `manual_prompt`, `source_ref_id`, `attached_urls`, `focus_prompt`, `hyperlocal_context`, model choice).
    • If scraping is enabled (`use_scraping=true`), we process the text content extracted from the provided `attached_urls` or source post URLs using our **Diffbot** integration (via our central key). This scraped text is temporarily cached.
    • We submit relevant processed input data (prompts, potentially scraped text snippets) to our AI provider (**OpenAI**) via our central API key to generate content based on your chosen model.
    • We store the final **Generated Content** (`content_html`, suggestions, etc.) associated with your `request_id` in our database for a defined period to allow you to retrieve it via the `/results/{id}` endpoint.
  • Feedback Information: If you submit feedback through our Service (e.g., via the `/feedback` page), we collect the information you provide, including your comments and potentially your contact information if provided, to respond and improve the Service.
  • Website Usage and Analytics Data:
    • We use **Google Analytics** (GA4) to help analyze how users interact with our website. GA4 uses Cookies and similar technologies to collect information such as pages visited, time spent on pages, browser type, operating system, referring URLs, and IP address (which may be anonymized by Google). We use this information solely for internal purposes, such as improving website usability and understanding traffic patterns.
    • Google's ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can learn more about how Google collects and processes data and how to opt-out by visiting Google's site or installing the Google Analytics Opt-out Browser Add-on.
    • We may also use essential cookies necessary for website functionality (e.g., session management, CSRF protection). You may manage cookie preferences through your browser settings. (Consider adding a link to a separate Cookie Policy if you use many cookies or require more detail).

2. How We Use Your Information

We use the information we collect for purposes including:

  • Providing, operating, maintaining, securing, and improving the Service.
  • Processing transactions, managing subscriptions, and tracking credit usage.
  • Authenticating users and preventing fraud.
  • Communicating with you (e.g., service updates, support responses, feedback follow-up).
  • Monitoring and analyzing usage patterns, trends, and API performance.
  • Troubleshooting issues and providing customer support.
  • Enforcing our Terms of Service and complying with legal obligations.

3. How We Share and Disclose Information

We do not sell your personal information. We may share information under the following limited circumstances:

  • With Service Providers ("Sub-processors"): We utilize third-party vendors to perform essential functions. These include:
    • **Payment Processing:** Stripe handles payment information.
    • **Hosting & Infrastructure:** Render.com hosts our application, database (PostgreSQL), and cache/queue (Redis).
    • **AI Generation:** OpenAI processes generation requests sent via our API key.
    • **Web Scraping:** Diffbot processes scraping requests sent via our API key.
    • **Source Fetching:** ScrapingDog processes fetch requests sent via our API key.
    • **Analytics:** Google Analytics processes website usage data.
    • **(Future) Email Delivery:** Potentially email service providers (e.g., Postmark, Mailgun).
    These providers only receive information necessary to perform their designated functions and are obligated to protect your information.
  • Processing Your Requests:** When you use the API, your inputs (prompts, URLs for scraping if enabled, model choice) are processed by the relevant integrated services (OpenAI, Diffbot) through our central accounts to fulfill your request. Your personal PostFuel account information is not directly shared with these AI/Scraping providers during this process.
  • Legal Requirements & Rights Protection:** We may disclose information if required by law or if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, protect user safety, or respond to a valid government request.
  • Business Transfers:** In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to standard confidentiality agreements.
  • With Your Consent:** We may share information for other purposes with your explicit consent.

4. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. Your password is hashed, and sensitive credentials you might provide (like optional Source Credentials, although this feature might be deprecated/removed) would be stored encrypted. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

  • Account Information: Retained while your account is active and for a reasonable period afterward for legitimate business purposes (e.g., accounting, legal compliance).
  • Generated Content Results: Stored for retrieval via the API for a defined period, currently **[Example: 30 days]**, after which they may be deleted. **(You MUST confirm and specify your actual retention period here).**
  • Usage Logs: Retained for analysis, security, and billing purposes for a period, typically up to **[Example: 12 months]**. **(Confirm and specify).**
  • Cached Data (Scraped Text, Fetched Posts):** Retained for short durations necessary for processing requests, typically **[Example: less than 24 hours]**. **(Confirm and specify).**
  • Feedback:** Retained as necessary to address the feedback and improve the service.

You can request deletion of your account and associated personal information subject to legal and contractual restrictions (see Your Rights).

6. Your Rights (Canadian Context)

As PostFuel operates from Canada, your rights are primarily governed by Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA). Subject to applicable law, you may have the right to:

  • **Access:** Request access to the personal information we hold about you.
  • **Correction:** Request correction of inaccurate or incomplete personal information.
  • **Withdraw Consent:** Withdraw your consent to our processing of your personal information (which may affect your ability to use the Service).
  • **Deletion:** Request the deletion of your personal information, subject to legal and operational retention requirements.

To exercise these rights, please contact us using the details below. We will respond to your request in accordance with applicable law and may need to verify your identity.

Note: If you are accessing the Service from other jurisdictions (e.g., Europe, California), you may have additional rights under laws like GDPR or CCPA. Please contact us for inquiries regarding those rights. **(Strongly recommend legal review to ensure proper handling of international user rights).**

7. International Data Transfers

Our Service operates primarily from Canada, but we utilize service providers (like Render, OpenAI, Stripe, Google Analytics) that may process and store information in other countries, including the United States, where privacy laws may differ from your jurisdiction. By using the Service, you consent to the transfer, processing, and storage of your information in these countries.

8. Children's Privacy

The Service is not intended for or directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or relevant laws. If we make material changes, we will notify you by updating the date at the top of the policy and, in some cases, may provide additional notice (such as adding a statement to our website homepage or sending you an email notification). We encourage you to review this policy regularly.

10. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:

**info@postfuel.dev**