PushToPostPushToPost
Back to Home

Privacy Policy

Last updated: April 5, 2026

1. Introduction

PushToPost ("we", "us", or "our"), a service operated by SourCode Solutions, respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use our service at pushtopost.com.

2. Data We Collect

2.1 Account Data

When you sign in with GitHub OAuth, we receive and store the following from your GitHub profile:

  • Email address
  • Full name
  • GitHub username
  • Avatar URL

2.2 Repository Data

When you connect a GitHub repository, we store the repository name, description, and URL. We receive webhook events (pushes, pull requests, releases) containing commit messages, file diffs, and branch information. This data is used solely to generate social media posts.

2.3 Platform Connections

When you connect social media platforms (Twitter/X, LinkedIn, Bluesky, Discord), we store encrypted OAuth access tokens and refresh tokens to publish posts on your behalf. We do not store your social media passwords.

2.4 Usage Data

We collect usage analytics through Vercel Analytics and Speed Insights, which track page views and performance metrics. This data is aggregated and does not include personally identifiable information.

2.5 Payment Data

Payment processing is handled entirely by Paddle, our Merchant of Record. We do not store credit card numbers, bank account details, or other payment credentials on our servers. Paddle processes and stores this information in accordance with their own Privacy Policy.

3. How We Use Your Data

We use the collected data to:

  • Provide and operate the PushToPost service.
  • Process GitHub webhook events and generate AI-powered social media posts.
  • Publish posts to your connected social media platforms.
  • Generate and display public changelog pages.
  • Enforce usage quotas and prevent abuse.
  • Send you service-related notifications (Slack, Discord, or email).
  • Improve our AI models and overall service quality.

4. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) with Row Level Security (RLS) enabled, ensuring users can only access their own data. OAuth tokens for third-party platforms are stored in encrypted form.

Our application is hosted on Vercel and communicates over HTTPS. We implement industry-standard security measures to protect your data; however, no method of electronic storage is 100% secure.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with the following service providers, strictly to operate the Service:

  • GitHub: To receive webhook events and access repository data.
  • AI Providers (Anthropic, Google): Commit diffs and messages are sent to AI models to generate posts. This data is not used to train their models.
  • Social Media Platforms: Generated posts are published to your connected accounts (Twitter/X, LinkedIn, Bluesky, Discord).
  • Paddle: For payment processing and subscription management.
  • Vercel: For hosting and analytics.

6. Public Changelogs

If you enable a public changelog for your repository, the following data becomes publicly accessible: your chosen public username, repository slug, changelog entries (title, summary, and content), and associated metadata. This is by design to provide SEO-optimized public changelogs for your projects.

7. Cookies

PushToPost uses essential cookies for authentication and session management. We use Vercel Analytics, which may use cookies for performance tracking. We do not use third-party advertising cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Withdraw consent for data processing where applicable.

To exercise any of these rights, contact us at support@pushtopost.com.

9. Data Retention

We retain your account data for as long as your account is active. Generated posts and webhook event logs are retained for the duration of your subscription. If you delete your account, your personal data and associated records will be permanently removed within 30 days. Aggregated, anonymized analytics data may be retained indefinitely.

10. Children's Privacy

PushToPost is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify users via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or your data, contact us at support@pushtopost.com.