Privacy Policy
Last updated: July 10, 2026
Overview
SimplePost ("we", "our", or "us") provides a hosted social media scheduling and publishing service. This Privacy Policy explains how we collect, use, share, retain, and delete data when you use the SimplePost website, web app, subscriptions, connected social accounts, AI assistant integrations, MCP server, CLI, API, and related services.
SimplePost does not provide a general-purpose AI writing model. When you choose to connect a third-party AI assistant or agent, that assistant may send posting requests to SimplePost so we can validate, preview, schedule, or publish posts for you.
Information We Collect
We collect information needed to operate SimplePost:
- Account data: your name, email address, login provider, account identifiers, preferences, and subscription status.
- Billing data: plan, billing status, invoices, and payment metadata from Stripe. We do not store full card numbers.
- Connected social account data: account IDs, handles, display names, avatars, scopes, connection status, OAuth access tokens, refresh tokens, and other credentials needed to publish on your behalf.
- Post and media data: post text, titles, descriptions, captions, links, media files or media URLs, thumbnails, target accounts, schedules, validation results, previews, drafts, published results, failed results, and platform post IDs or URLs.
- AI assistant and API data: OAuth grants, MCP client metadata, tool requests, tool results, API keys or token metadata, CLI connection metadata, and related logs needed to process authorized assistant or API actions.
- Usage and security data: IP address, user agent, device and browser information, pages visited, authentication events, error logs, rate-limit data, plan-usage counters, and security events.
- Support data: messages, contact details, attachments, and other information you send when requesting help.
How We Use Information
We use your information to:
- Create and secure your SimplePost account.
- Process subscriptions, plan limits, billing status, and invoices through Stripe.
- Connect, reconnect, disconnect, and manage social media accounts you authorize.
- Validate, preview, draft, schedule, publish, update, inspect, or discard posts you create through SimplePost.
- Upload, store, transform, or reference media needed for posts.
- Operate ChatGPT and Claude connectors, the remote MCP server, CLI, API, and other authorized AI assistant workflows.
- Return account lists, validation results, previews, post status, and publishing results to authorized clients.
- Provide support, debug issues, prevent abuse, enforce plan limits, and keep the service secure.
- Comply with law, enforce our terms, and protect SimplePost, users, and third-party platforms.
We do not use your connected social account tokens or Google user data for advertising, building unrelated user profiles, training general AI models, or determining creditworthiness.
AI Assistants, MCP Clients, CLI, and API Access
If you authorize ChatGPT, Claude, Gemini, OpenClaw, an MCP client, the SimplePost CLI, an API key, or another assistant or agent workflow, that client may send SimplePost draft content, media references, target account IDs, posting mode, scheduled time, and related instructions.
SimplePost may return connected account metadata, validation results, previews, draft status, scheduled status, publishing results, errors, and post identifiers to that authorized client. SimplePost does not return your social platform access tokens or refresh tokens through AI assistant tools.
Third-party AI assistants and clients are not controlled by SimplePost. Their handling of your prompts, chats, files, and outputs is governed by their own terms and privacy policies.
Sharing, Transfer, and Disclosure
We share data only as needed to provide SimplePost:
- Social media platforms: we send post content, media, account identifiers, and authorization data to the platforms you choose so posts can be validated, scheduled, or published.
- Authorized AI assistants and clients: we return SimplePost tool results to clients you authorize.
- Stripe: we use Stripe for payment processing and subscription management.
- Hosting, database, storage, analytics, email, security, and infrastructure providers: we use service providers to host and operate SimplePost.
- Legal and safety disclosures: we may disclose information if required by law, to enforce our terms, prevent abuse, or protect rights and security.
We do not sell your personal data. We do not share Google user data with third parties for advertising or data-broker purposes.
Google and YouTube API Services Data
If you connect a YouTube account or use Google authentication, we may receive Google account data, YouTube channel/account metadata, OAuth tokens, scopes, video metadata, media files, thumbnails, upload status, and platform identifiers needed to authenticate you and provide YouTube-related posting features.
Information received from YouTube API Services is also subject to the Google Privacy Policy. SimplePost's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
You can revoke SimplePost's Google access from your Google account security settings. You can also disconnect YouTube inside SimplePost, contact support, or delete your SimplePost account.
Third-Party Services
SimplePost may use or integrate with services including:
- Stripe for billing and subscription management.
- Google and YouTube for authentication and YouTube posting features you authorize.
- TikTok and other supported social platforms for posting features you authorize.
- Plausible Analytics for privacy-friendly website analytics.
- Hosting, database, storage, email, logging, and security providers used to operate the service.
Cookies and Device Storage
SimplePost uses cookies, local storage, session storage, and similar technologies for authentication sessions, security, preferences, draft state, MCP authorization flows, plan usage, and service reliability. Service providers that support hosting, analytics, security, or payments may also use these technologies when needed to provide their services.
Data Retention and Deletion
We retain data only for as long as needed to provide SimplePost, comply with law, resolve disputes, enforce agreements, maintain security, or keep necessary business records.
- Account and profile data is generally retained while your SimplePost account is active.
- Connected social account tokens and metadata are retained while that account remains connected.
- Drafts, scheduled posts, published post records, failed post records, uploaded media, and logs may be retained while your account is active or until you delete them where deletion controls are available.
- Billing records may be retained as required for tax, accounting, dispute, and compliance obligations.
- Security, audit, and abuse-prevention logs may be retained for a limited period after account deletion when needed to protect the service.
When you disconnect a social account, SimplePost deletes or disables the active connection tokens for that account. Some historical post records may remain unless you delete them or request deletion.
When you delete your SimplePost account or request deletion at [email protected], we will delete or anonymize personal data within 30 days unless retention is required by law, payment obligations, security, fraud prevention, or dispute resolution. Content already published to third-party social platforms remains subject to those platforms and may need to be deleted there separately.
Instructions for verified account and data deletion requests are available on the deletion page.
Security
We use technical and organizational safeguards designed to protect your data, including TLS for data in transit, access controls, restricted operational access, and encryption or other protections for sensitive stored data. No internet service can be guaranteed to be completely secure.
Your Rights and Choices
Depending on your location, you may have rights to:
- Request access to personal information we hold about you.
- Request correction or deletion of personal information.
- Disconnect social accounts and revoke OAuth permissions.
- Cancel your subscription.
- Opt out of marketing communications.
To exercise these rights, contact us at [email protected]. We may need to verify your identity before fulfilling a request.
Children
SimplePost is not intended for children. Do not use SimplePost if you are not old enough to enter into a binding agreement or to use the connected social platforms in your jurisdiction.
Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date.
Contact Us
The data controller for the hosted service is Creafex Lab Vladimir Haltakov. If you have questions about this Privacy Policy or want to exercise a privacy right, contact us at [email protected].