Privacy Policy

Last updated: May 13, 2026

PostingPilot is operated by The Hollis Organization Inc ("we", "us"). We take your privacy seriously and only collect what's necessary to run the service.

What we collect

Account data: email address, name, password hash, and any profile fields you provide during onboarding.
Brand profile: the voice, audience, pillars, and reference images you upload to ground your post generations.
Generated content: posts, images, and videos created through the service. You own this content.
Channel connections: OAuth tokens for connected social accounts. Tokens are stored encrypted and never shared.
Usage telemetry: per-user generation counts (so we can enforce tier limits) and aggregated analytics.

What we don't collect

We don't sell your data to anyone — ever.
We don't train AI models on your private content.
We don't read posts that haven't been generated through us.

Third-party services

Supabase — database, storage, authentication.
OpenAI — text generation. Your prompts are sent to OpenAI's API; per their policy, API content is not used to train their models.
MuAPI — image and video generation.
Stripe — payment processing. We never store your card details ourselves.
LinkedIn / X / Meta — only when you explicitly connect a channel for publishing.

Your rights

Export — download every record we hold for you at any time from Settings, or via /api/account/export.
Delete — wipe your account permanently from Settings, or via /api/account/delete. Storage files and database rows are removed within 24 hours.
Correct — edit your brand profile and account details at any time in Settings.

Data retention

Active accounts retain data indefinitely. Cancelled accounts are purged within 30 days. Generation logs (used for billing reconciliation) are retained for 12 months.

Contact

Questions, complaints, or data requests: privacy@hollisorganization.com

This is a starting-point policy and will be updated before public launch with a lawyer review.