← Back to BuzzPoster

Privacy Policy

Last updated: February 19, 2026

1. Introduction

BuzzPoster ("we", "us", "our") is a social media and newsletter management platform that connects to AI assistants via the Model Context Protocol (MCP). This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

2. Information We Collect

Account Information

  • Email address and name (provided during registration)
  • Hashed password (we never store plaintext passwords)
  • API key hash (we never store plaintext API keys)

Social Media Data

  • OAuth tokens for connected social accounts (Twitter, Instagram, LinkedIn, Facebook) -- managed and stored securely by our social publishing infrastructure
  • Post content and scheduling data you create through BuzzPoster
  • Analytics data from your connected social accounts

Content Data

  • Brand voice profiles and writing rules you configure
  • Target audience profiles
  • Archived newsletters
  • Media files you upload (images, videos)

Email Service Provider Data

  • Encrypted API keys for your configured ESP (Kit, Beehiiv, or Mailchimp)
  • We do not store your subscriber lists -- these remain with your ESP

Usage Data

  • API request logs (IP addresses, timestamps, endpoints accessed)
  • Audit logs for write actions (content created, published, or deleted)

3. How We Use Your Information

  • To provide and operate the BuzzPoster service
  • To publish posts to your connected social media accounts
  • To send newsletters through your configured ESP
  • To generate AI-powered content suggestions (via Anthropic's Claude API)
  • To enforce usage limits and prevent abuse
  • To improve and maintain service reliability

4. Third-Party Services

We use the following third-party services to operate BuzzPoster:

  • Social Publishing Infrastructure -- Social media account connections and post publishing
  • Anthropic (Claude API) -- AI-powered content generation (brand voice analysis, audience profiling)
  • Railway -- Application and database hosting
  • Cloudflare R2 -- Media file storage
  • Stripe -- Payment processing (Stripe's own privacy policy applies)
  • Your chosen ESP (Kit, Beehiiv, or Mailchimp) -- Newsletter delivery

Each of these services has its own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Storage and Security

  • Data is stored in a PostgreSQL database hosted on Railway
  • Media files are stored in Cloudflare R2 object storage
  • All connections use HTTPS/TLS encryption in transit
  • Passwords are hashed using Argon2
  • API keys are stored as SHA-256 hashes (never plaintext)
  • ESP API keys are encrypted at rest using AES-256
  • We implement rate limiting and audit logging to detect unauthorized access

6. Data Retention

  • Account data is retained as long as your account is active
  • Content data (posts, audiences, brand voice, etc.) is retained until you delete it
  • Audit logs are retained for 90 days
  • Media files are retained until you delete them or close your account

7. Your Rights

You have the right to:

  • Access -- Request a copy of all data we store about you
  • Delete -- Request deletion of your account and all associated data
  • Export -- Download your newsletter archives and content data
  • Correct -- Update or correct your account information
  • Disconnect -- Revoke access to any connected social media account at any time

To exercise any of these rights, contact us at privacy@buzzposter.com.

8. Cookies

The BuzzPoster dashboard uses only essential cookies for authentication (session tokens). We do not use tracking cookies, advertising cookies, or third-party analytics.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related questions or requests, contact us at:

privacy@buzzposter.com