Privacy Policy

1. Information We Collect

We collect the following information:

• Account information: email address when you sign up
• Profile information: name, username, and timezone (optional)
• Social media tokens: OAuth tokens and credentials for connected platforms, stored securely with AES-256-GCM encryption at rest
• Post content: the messages you compose and post through the Service
• API keys: hashed (SHA-256) API keys for external access; we never store the plaintext key
• Usage data: basic analytics such as post counts and subscription status

2. How We Use Your Information

We use your information to:

• Provide the Service (posting to your connected social accounts)
• Authenticate your identity and manage your account
• Process payments and manage subscriptions
• Improve and maintain the Service

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies. Social media credentials are encrypted at rest using AES-256-GCM encryption. API keys are stored as SHA-256 hashes only. We use HTTPS for all data transmission.

4. Third-Party Services

We share data with the following third-party services only as needed to operate:

• Supabase: database and authentication
• Vercel: hosting and deployment
• Social media platforms: your posts are sent to the platforms you select (X, Bluesky, Threads, LinkedIn, Mastodon, Nostr, TikTok, Instagram, Discord)
• Nostr relays: posts are published to public relays (relay.damus.io, nos.lol, relay.nostr.band, relay.snort.social)

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Posts already published to third-party platforms are not affected by account deletion. Nostr posts are immutable once published to relays.

6. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate personal data
• Request deletion of your personal data
• Disconnect your social media accounts at any time
• Revoke API keys at any time

To exercise these rights, contact us at support@bannme.com.

7. Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the email associated with your account.