Privacy Policy

Last updated: 19 June 2026

PostDodo is a social media scheduling tool that publishes posts to the accounts you connect and confirms they went out. This policy explains what we collect, why, who we share it with, and the control you have over it. We keep it plain on purpose.

Who we are

PostDodo (“PostDodo”, “we”, “us”) is operated by Cobra Trading Ltd, a company registered in the United Kingdom, the data controller for the information described here. You can reach us about privacy at support@postdodo.com.

What we collect

• Account details you give us: your email address and, if you sign in with Google, your basic Google profile (name, email, profile picture).
• Connected social accounts: when you connect a platform (for example a Facebook Page, Instagram, or Bluesky), we store the access tokens that platform issues, the account name and id, and token expiry. Tokens are encrypted at rest.
• Content you create: the posts, captions, media, and schedules you enter, plus the results we get back (whether a post published, the platform’s post link, and any errors).
• Billing data: subscription status and plan. Card payments are handled by our payment processor (Dodo Payments); we do not see or store full card numbers.
• Usage and technical data: basic logs, device and browser information, and analytics needed to run, secure, and improve the service.

How we use it

• To publish the posts you schedule to the accounts you connect, and to read back each platform’s own confirmation that the post went out.
• To warn you before a connected account’s access is about to expire, so a post does not fail silently.
• To run your account, process your subscription, and provide support.
• To keep the service secure, prevent abuse, and meet our legal obligations.

We do not sell your personal data. We do not use the content of your posts or your platform data for advertising.

Data we access from Meta (Facebook, Instagram, Threads)

When you connect a Meta account, we request only the permissions needed to schedule and publish on your behalf and to confirm it worked, for example listing the Pages you manage, publishing content to a Page you choose, and reading the resulting post so we can show you it succeeded. We use this access solely to provide the scheduling features you asked for. We never post without an action you set up, we do not share Meta data with third parties for their own purposes, and we delete the associated tokens when you disconnect the account or close your account. Our use of information received from Meta APIs follows Meta’s Platform Terms and Developer Policies.

Who we share it with

We use a small set of trusted providers that process data on our behalf so the service can run:

• Supabase - database and authentication.
• Vercel - application hosting.
• Dodo Payments - subscription billing and card processing.
• Resend - transactional and account email.
• The platforms you connect (such as Meta and Bluesky) - we send your content to them to publish it, at your instruction.

We may also disclose information if required by law, or to protect the rights, safety, and security of our users and the service.

How we protect it

Connected-account tokens are encrypted with AES-256-GCM and are accessible only to the server that publishes your posts. Access to our systems is restricted. No system is perfectly secure, but we take reasonable technical and organizational measures to protect your data.

How long we keep it

We keep your account data while your account is active. Post history and results are retained so you can see what was published. When you disconnect a platform, we delete its stored tokens. When you close your account, we delete or anonymize your personal data within a reasonable period, except where we must keep limited records to meet legal or accounting obligations.

Your rights and choices

• Disconnect any account at any time from the Accounts page; this removes its stored tokens.
• Access, correct, or delete your personal data, and request a copy of it.
• Object to or restrict certain processing, where the law gives you that right.

To exercise any of these, email support@postdodo.com and we will respond. Depending on where you live, you may also have the right to complain to a data protection authority.

Deleting your data

You can delete your data two ways: disconnect individual accounts on the Accounts page to remove their tokens, or close your PostDodo account to remove your personal data. You may also request full deletion at any time by emailing support@postdodo.com with the subject “Delete my data”, and we will erase your account and associated platform data, confirming once it is done.

Cookies

We use cookies that are necessary to keep you signed in and to run the service, plus limited analytics to understand usage. We do not use advertising cookies.

Children

PostDodo is for businesses and creators and is not directed to anyone under 18. We do not knowingly collect data from children.

International transfers

We and our providers may process data in countries other than yours. Where we transfer personal data across borders, we rely on appropriate safeguards as required by applicable law.

Changes to this policy

We may update this policy as the product evolves. We will change the date above and, for material changes, let you know in the app or by email.

Contact

Questions or requests: support@postdodo.com (Cobra Trading Ltd, United Kingdom).