← Back to FluxPost

Privacy Policy

Last updated: 2026-03-12  ·  Effective date: 2026-03-12

Summary: Your data is never sold. Your platform access tokens and API keys are stored encrypted. You can delete your account and all your data at any time.

1. What Does This Policy Cover?

FluxPost ("we", "service") is a SaaS application that provides social media management, content publishing, and AI-powered engagement automation. This policy explains what data we collect when you use app.fluxpost.app, how we process this data, and what your rights are.

By using FluxPost, you agree to this policy. If you do not agree, please do not use the service.

2. Data We Collect

2.1 Account Information

  • Name, email address, and password (your password is irreversibly hashed with bcrypt; it is not stored in plain text and we cannot access it)
  • Name and email obtained from your Google profile if you sign in with Google OAuth
  • Account creation date, last login, and preferences (language, theme, timezone)

2.2 Connected Platform Credentials

When you connect social media platforms, the OAuth access tokens and account identifiers (such as page ID, channel ID) provided by the respective platform are stored encrypted in our database. This data is used to perform actions on the platforms on your behalf.

  • Facebook / Instagram: Page access token, Page ID, Instagram account ID and username
  • YouTube: OAuth access and refresh token, channel ID and name
  • TikTok: Access token, account ID
  • Pinterest: Access and refresh token
  • Google Calendar: OAuth token
  • WhatsApp Business: Webhook connection details

All tokens are encrypted with AES-256; they are never logged or transmitted in plain text.

2.3 User-Provided AI API Keys

FluxPost allows you to use your own AI API key to run AI features (Google Gemini, OpenAI, Anthropic/Claude). These keys are stored encrypted on your settings page and are used solely for the purpose of operating the service.

2.4 Content and Interaction Data

  • Comments, direct messages (DMs), and content titles fetched from connected platforms
  • Video files you upload for publishing and their associated AI analysis results
  • Automation rules, triggers, and flow templates you create
  • Competitor account information you choose to track
  • Appointment and task records

2.5 Usage and Log Data

  • Token count, approximate cost, and duration for each AI operation (for billing transparency)
  • Content publishing history and platform-specific status records
  • Standard server access logs (IP address, browser information, request time)
  • Terms of service and privacy policy acceptance records (IP address, browser information, acceptance date, and accepted version — required by legal obligations)

3. How We Use Your Data

  • Service delivery: Connecting to your social media platforms, publishing content, and automatically responding to comments and DMs.
  • AI features: Generating comment analysis, content suggestions, DM replies, and engagement strategies.
  • Analytics: Calculating and presenting performance statistics for your account.
  • Personalization: Remembering your language, theme, and timezone preferences.
  • Security: Detecting unauthorized access and protecting your account.
  • Service improvement: Analyzing aggregate usage data to develop new features and improve the existing service.
  • Communication: Sending new feature announcements only when you have given permission.

4. Who We Share Your Data With

We never sell your data or share it with third parties for advertising purposes.

Your data is only shared with third parties in the following cases:

4.1 Infrastructure and Services We Use

  • Meta (Facebook/Instagram): Content sharing and comment management via Graph API. Meta Privacy Policy
  • Google: YouTube management, Calendar integration, and (at user's discretion) Gemini AI. Google Privacy Policy
  • TikTok: Official TikTok API for video publishing and account management. TikTok Privacy Policy
  • Pinterest: Official Pinterest API for pin publishing and analytics. Pinterest Privacy Policy
  • OpenAI / Anthropic: If the user adds their own API key in settings, requests are sent directly to these providers.
  • OpenRouter: A multi-provider routing service used to operate AI features. It may also be used when the user has not provided an API key.
  • Server Infrastructure: The application is hosted on a secure VPS server.

FluxPost communicates with all platforms exclusively through official and approved APIs (Graph API, YouTube Data API, TikTok API, etc.). No scraping, reverse engineering, or unofficial access methods are used. Data obtained from platforms is processed only within the scope that the user explicitly authorized during the OAuth process.

4.2 Legal Obligations

We may share only the minimum required data when required by applicable law, court order, or legal process.

5. Data Security

  • Platform tokens and API keys are stored encrypted with AES-256.
  • Passwords are hashed with bcrypt; plain-text access is not possible.
  • All traffic is encrypted with HTTPS.
  • The database is not directly accessible from the outside.
  • For security vulnerabilities, please report to support@fluxpost.app.

6. Data Retention

Your data is retained as long as your account is active. When you delete your account, your personal data, platform tokens, and content history are deleted from the database. Data that we are required to retain due to legal obligations (e.g., billing records) may be kept for the period prescribed by applicable legislation. Data remaining in automatic backup systems is overwritten within a reasonable period (no later than 90 days) as part of the backup rotation cycle.

Daily AI analysis results and analytics data continue to accumulate as long as your account remains active; however, data related to a platform may be cleaned up when you disconnect from that platform.

7. Your Rights

Under KVKK (Turkish Personal Data Protection Law) and GDPR, you have the following rights:

  • Right of access: You can learn what data is held about you.
  • Right to rectification: You can request the correction of inaccurate or incomplete information.
  • Right to erasure: You can permanently delete your account and all your data.
  • Right to data portability: You can request a copy of your data in a machine-readable format.
  • Right to object: You can stop marketing communications at any time.

To exercise these rights, send an email to support@fluxpost.app. We will respond to your requests within 30 days.

8. Facebook / Meta Data Deletion Instructions

As required by Meta platform policy, you have the right to request deletion of your Facebook data. There are two ways:

Option 1 — Remove the app via Facebook:

  1. Go to your Facebook profile → Settings & Privacy → Settings
  2. Open the Apps and Websites tab
  3. Find FluxPost in the list and click Remove

Option 2 — Send us an email:

Send an email to support@fluxpost.app with the subject "Data Deletion Request". We will permanently delete all data associated with your account within 30 days and send you a confirmation email.

9. Cookies

FluxPost uses the following cookies:

  • Session cookie (required) — to maintain your login state.
  • Language preference cookie (NEXT_LOCALE) — to remember your selected interface language.

We do not use third-party cookies for advertising or tracking purposes.

10. Children's Privacy

FluxPost is not intended for individuals under the age of 18 and we do not knowingly collect data from them. If we become aware that we have collected data belonging to a user under 18, we will delete this data immediately.

11. Changes to This Policy

We may update this policy from time to time. When significant changes are made, we will send a notification to your registered email address. You can always see the date of the most recent change at the top of this page.

12. Contact

For questions or requests about this policy:

FluxPost

Email: support@fluxpost.app

Web: app.fluxpost.app