ai-poster

Privacy policy

Last updated: 2026-04-27

This policy explains what data ai-poster collects, why, who it's shared with, and how to remove it. ai-poster is a self-hosted tool — the person or organisation running this instance ("the operator") is the controller of your data.

1. What we collect

To provide the service, the system stores:

  • Account info. Email, hashed password, optional display name.
  • OAuth tokens. Access and refresh tokens for Google Drive, Facebook, Instagram, and Threads — only for the accounts you explicitly connect, scoped to the permissions you grant.
  • Connection metadata. Drive folder identifiers you choose to watch, the social account IDs you select for publishing, and your watch configuration (polling interval, prompt template, etc.).
  • Image references and content. The Drive file IDs of images we publish, the bytes of those images while a post is being processed, and the generated captions.
  • Post records. Status, timestamps, and provider-side IDs for each post we publish on your behalf, plus any error messages returned by the platforms.
  • Session data. A short-lived session token issued when you sign in.

2. How we use it

  • To authenticate you and keep your account separate from other users on the same install.
  • To watch the Drive folders you've designated and detect new images.
  • To send image bytes to the configured LLM provider so it can generate a caption.
  • To publish the resulting post to the social accounts you've enabled.
  • To show you a history of what was published and surface failures.

We do not use your data for advertising or sell it to anyone.

3. Third parties we share with

ai-poster is glue between you and several external services. Using the product means data is sent to them:

  • Google Drive — to list and download images from the folders you watch (drive.readonly).
  • The LLM provider you configure (e.g. OpenAI, Google Gemini) — image bytes and prompt text are sent so a caption can be generated. Their data policy applies to that traffic.
  • Facebook / Instagram / Threads — captions and images are uploaded to publish posts on the Pages or accounts you've connected.
  • Hosting infrastructure — the operator's chosen cloud / database / queue providers, which handle the data at rest and in transit on our behalf.

4. Retention

Account data, OAuth tokens, and post records persist until you remove them or delete your account. Image bytes are not stored by ai-poster beyond the time needed to fetch them, send them to the LLM, and upload them to the social platform — references to the source Drive file are kept on the post record so you can audit what was published.

5. Your choices

  • Disconnect an account at any time from the Social accounts or Drive accounts page. The OAuth token is deleted from our side.
  • Revoke from the provider via Google's "Connected apps", Meta's "Business Integrations", etc. — that is the most thorough way to ensure no further access is possible.
  • Delete a watch to stop monitoring a folder. Existing post records remain unless you delete them too.
  • Delete your account by contacting the operator (see below). All your account data, tokens, watches, and post records are removed.

6. Security

Passwords are stored hashed with argon2id. Sessions are bearer tokens that expire after a configurable interval. OAuth tokens are stored in the operator's database. Operators are encouraged to enable token-at-rest encryption and serve the admin UI over HTTPS.

7. Children

ai-poster is not intended for anyone under 13 (or the local minimum age of digital consent, where higher).

8. Changes to this policy

Material changes will be reflected by updating the "Last updated" date above. Continuing to use the service after a change constitutes acceptance of the new policy.

9. Contact

For questions, data requests, or account deletion, contact the operator of this ai-poster instance.