Privacy Policy

This policy covers visitors to posterboysocial.com, beta users who create an account, and business owners who connect Facebook Pages or Instagram Business accounts through our product.

Account information: name, email address, workspace name, and password (stored as a salted hash — we never store plaintext passwords).

Brand & content data: onboarding answers, brand books, captions, templates, photos you upload, and scheduled posts you create in the dashboard.

Connected social accounts: when you authorize Meta (Facebook/Instagram), we receive Page and Instagram Business account identifiers, display names, and access tokens required to publish on your behalf. We do not receive your personal Facebook password.

Usage & technical data: IP address, browser type, session cookies, and basic request logs used for security, rate limiting, and debugging.

We use your data to:

• Authenticate you and keep your workspace secure
• Generate brand guidelines and draft social content
• Publish or schedule posts to Facebook and Instagram when you ask us to
• Store media you upload (e.g., to secure cloud storage) so Meta can fetch public URLs
• Improve reliability during beta and respond to support requests

We do not sell your personal information.

posterboy uses the Meta Graph API only after you explicitly connect your accounts in Settings. Scopes we request include publishing and reading engagement data needed to operate posting features (e.g., pages_manage_posts, instagram_content_publish).

We store Page and Instagram Business tokens securely on our servers, scoped to your workspace and location. You can disconnect at any time in Settings, which removes stored tokens for that location.

Meta's own policies also apply to data processed on their platform. See Meta's Privacy Policy.

Session cookie: we set an HTTP-only session cookie when you sign in so you stay authenticated.

OAuth state cookies: short-lived cookies used during Meta connect to prevent CSRF attacks.

Browser local storage: we cache brand books, onboarding answers, and your active location selection locally so the dashboard loads quickly. You can clear this by signing out or removing site data in your browser.

We do not use third-party advertising cookies.

We retain workspace data while your account is active. You may delete your account in Settings → Account → Danger zone, which removes your organization data from our database and clears your login credentials.

Backups and logs may persist for a limited period for security and legal compliance before automatic purging.

We use HTTPS, tenant-scoped database access (row-level security), rate limiting on sensitive APIs, and hashed passwords. No system is perfectly secure — report concerns to hello@posterboysocial.com.

Depending on your location, you may have rights to access, correct, or delete personal data. Email hello@posterboysocial.com and we will respond within a reasonable time.

This policy may change during beta. Material updates will be reflected on this page with a new “Last updated” date.