letmepost / privacy

Privacy policy.

Last updated: 2026-04-27

letmepost.dev ("we", "us", "the service") is an open-source social media publishing API operated by M/S Rose Creator (trading as letmepost.dev), a sole proprietorship based in India. This policy explains what we collect, why, and how you can have your data deleted.

1. What we collect

  • Account details: email, display name, organisation name. Used to identify you.
  • Connected social accounts: we receive OAuth access and refresh tokens (or, for Bluesky, app passwords) for each social platform you explicitly connect. These are stored encrypted at rest.
  • Post content: the text, media references, scheduled times, and metadata you submit to the API.
  • Usage logs: request timestamps, endpoints called, response codes, error codes, and upstream platform responses. Used for observability and debugging.
  • Billing details: when paid plans ship, Stripe will process payment; we store only the last 4 digits and a Stripe customer ID.

2. How we store it

  • OAuth tokens and passwords are encrypted using AES-256-GCM envelope encryption before being written to the database. A per-token data encryption key is itself encrypted by a master key held outside the database.
  • All traffic is TLS 1.2+ in transit.
  • Databases are hosted by Neon (Postgres); application servers by Railway. Both run in regions we can disclose on request.

3. How long we keep it

  • OAuth tokens: kept until you revoke the connected account or delete your letmepost.dev account.
  • Post records: kept for 90 days after publish (or failure).
  • Raw request/response logs: 30 days, then rotated out of hot storage.
  • Aggregated metrics (no personal data): kept indefinitely.

4. Who we share it with

We do not sell your data, and we do not share it for advertising. We share it with:

  • The social platforms you've connected — Bluesky, LinkedIn, X/Twitter, Instagram, Facebook, Threads, YouTube, and Pinterest — when you use letmepost.dev to publish to them. Each platform's own privacy policy governs what they do with the content you submit through us.
  • Infrastructure providers (Neon, Railway, Upstash, Sentry, Axiom) under data-processing agreements, strictly to operate the service.
  • Law enforcement, only under a valid legal order.

5. Your rights

You can request export or deletion of your data at any time. See our data deletion page for how. If you're in a jurisdiction with specific data rights (GDPR, CCPA, India's DPDP Act), those rights apply.

6. Cookies

The marketing site uses no tracking cookies. The dashboard (when it ships) will use a single session cookie for authentication. No analytics that profile you across sites.

7. Contact

Privacy questions: support@letmepost.dev.

* * * THANK YOU FOR SHOPPING OPEN SOURCE * * *
000 LMP PRIVACY · 2026-05-23
docs ·github ·status ·privacy ·terms
→ START FREE