Coming soon — Repostify is in early access. Some platforms & features are still rolling out.
Repostify

Privacy Policy

Last updated: June 6, 2026

Repostify ("we", "us") respects your privacy. This policy explains what data we collect, why, and what we do with it. Plain language, no dark patterns.

What we collect

From you

  • Google account info (email, name, profile picture) — to sign you in and authenticate API calls.
  • Tasks & reminders you create in the app — stored in Vercel Redis.
  • Your own social platform credentials — when you connect a platform, we store your account's access. Either OAuth tokens we receive on your behalf (e.g. Pinterest, LinkedIn, Discord) or API keys you paste in yourself (e.g. Twitter/X, Facebook, Threads). These are encrypted at rest with AES-256-GCM in our database, isolated per user, and used only to publish the posts you trigger. We never post without your action, and you can disconnect a platform at any time, which deletes its stored credentials.
  • YouTube channel ID + video metadata — used to fetch your videos for cross-posting.
  • Billing data — your plan, trial status, and subscription expiry. Payments are processed by PayPal; we never see or store your card or PayPal login details, only PayPal's order/transaction ID and the resulting plan.
  • Contact form submissions — saved in Redis with a timestamp.

Automatically

  • Session cookies — set by NextAuth.js for authentication. Required for the app to work.
  • Vercel access logs — IP, user-agent, request timestamps. Used for debugging and abuse prevention. Retained for 30 days.
  • Hashed IP address — to enforce the 14-day free trial fairly and prevent trial abuse, we store a one-way salted hash of your IP. We cannot recover the original IP from this hash.

What we DON'T collect

  • We don't use Google Analytics, Facebook Pixel, or any third-party tracker.
  • We don't sell your data. Ever.
  • We don't train AI models on your data. Captions are generated per request by Google Gemini; we don't store them after the post is created.

Third-party services we use

To provide the Service, we send data to:

  • Vercel — hosting, Redis storage
  • Google (Identity, YouTube Data API, Gemini) — sign-in, video metadata, AI captioning
  • PayPal — payment processing for paid plans
  • The social platforms you connect (Pinterest, LinkedIn, Discord, Twitter/X, Facebook, Instagram, Threads, Reddit, forums) — only the post content you trigger, sent using your own connected account
  • Gmail SMTP (if you configure email reminders) — for sending reminder emails to your inbox

For Pinterest specifically: we use the Pinterest API only to read your boards (boards:read) so you can choose a destination, and to create Pins on your behalf (pins:write) when you trigger a post. We do not read, modify, or store any other Pinterest data, and we never post without your explicit action.

Each has its own privacy policy. We only send the minimum data needed.

Your rights

  • Access — request a copy of all data we hold about you
  • Deletion — request complete deletion of your account and data
  • Correction — request fixes to inaccurate data
  • Export — get your tasks and settings as JSON

Email alphagen.codes@gmail.com for any of these. We'll respond within 30 days.

Cookies

We use the minimum cookies necessary for sign-in and session management (set by NextAuth.js). No advertising or tracking cookies.

Children

Repostify is not directed at children under 13. We don't knowingly collect data from them.

Data retention

We keep your account data as long as your account is active. After deletion, backups expire within 90 days. Vercel access logs roll off after 30 days.

Security

All traffic is HTTPS. Authentication tokens are JWT-signed. Your connected social-platform credentials (OAuth tokens and any API keys you paste in) are encrypted at rest using AES-256-GCM before being written to our database, with each user's credentials isolated from every other user's.

That said: no system is 100% secure. Don't connect accounts to Repostify that you couldn't survive being leaked.

Changes

We may update this policy. Material changes will be flagged here with a new "Last updated" date.

Contact

Questions or requests: /contact or alphagen.codes@gmail.com.