FUTUREPST

Privacy Policy

Last updated: March 19, 2025

1. Introduction

Futurepost ("we", "us", "our") operates the Futurepost web application, API, and browser extension (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

By using Futurepost, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information from 𝕏 (Twitter) OAuth

When you sign in with your 𝕏 account, we receive and store the following through OAuth 2.0 with PKCE:

  • 𝕏 User ID and username
  • Display name and profile image URL
  • Email address (if available from 𝕏)
  • Account metrics (follower count, following count, tweet count)
  • Verification status
  • Bio/description

We also store OAuth access and refresh tokens to perform actions on your behalf (posting tweets, reading analytics, managing follows).

2.2 Content You Create

  • Tweet content (text, media, polls, thread structure, reply settings)
  • Scheduled times and posting preferences
  • Draft tweets and automation rules
  • Media files uploaded to your gallery (stored on AWS S3)
  • Image editor states and edits
  • Tags and categories you create

2.3 Analytics Data

  • Tweet performance metrics (likes, retweets, replies, views)
  • Historical account metric snapshots
  • Synced tweet data from 𝕏 for analytics tracking

2.4 Team & Collaboration Data

  • Team names and membership
  • Role assignments (Owner, Admin, Editor, Viewer)
  • Shared account access records
  • Team settings and preferences

2.5 Billing Information

Payment processing is handled entirely by Stripe. We store:

  • Stripe Customer ID and Subscription ID
  • Subscription status and billing period dates
  • Plan selection

We do not store credit card numbers, bank account details, or other sensitive payment information. This data is held exclusively by Stripe under their Privacy Policy.

2.6 Referral & Affiliate Data

  • Your unique referral code
  • Referral relationships (who referred whom)
  • Commission records (amounts, status, payment dates)

2.7 Browser Extension Data

The Futurepost Unfollow Tool browser extension accesses:

  • X.com session cookies (for authentication with the extension)
  • Your following list on 𝕏 (usernames, follower counts, activity data)
  • Unfollow action logs

The extension only activates on X.com and does not collect browsing data from other websites.

2.8 Account Preferences

  • Timezone settings
  • Notification preferences (post published, scheduled post reminders, auto-plug, auto-retweet)
  • Appearance settings (theme, text direction)

2.9 Cookies

We use the following cookies:

  • access_token - Authentication JWT (HTTP-only, secure in production)
  • x_verifier / x_state - Temporary OAuth flow tokens
  • referral_code - Tracks referral attribution
  • endorsely_referral - Affiliate tracking
  • pending_checkout - Temporary checkout session data

3. How We Use Your Information

We use your information to:

  • Authenticate you and maintain your session.
  • Schedule, publish, and manage tweets on your behalf.
  • Display analytics and performance metrics.
  • Process auto-retweets, auto-plugs, and automation rules.
  • Store and serve your uploaded media.
  • Enable team collaboration and shared account access.
  • Process subscription payments and manage billing.
  • Track and pay affiliate commissions.
  • Sync and display your following list for the Unfollow Tool.
  • Improve and maintain the Service.

4. Data Sharing & Third Parties

We share your data with the following third-party services, strictly as necessary to operate the Service:

  • 𝕏 (Twitter) - OAuth tokens and content for posting, reading analytics, and managing follows.
  • Stripe - Billing and subscription management.
  • AWS (Amazon Web Services) - Media file storage (S3) and content delivery (CloudFront).
  • RapidAPI - Enriched Twitter profile and tweet data for analytics.
  • Endorsely - Affiliate and referral tracking.

We do not sell your personal information to third parties. We do not share your data with advertisers.

5. Data Storage & Security

Your data is stored in:

  • PostgreSQL database - Account data, tweets, analytics, and settings.
  • Redis - Temporary job queue data and caching.
  • AWS S3 - Uploaded media files.

We protect your data through:

  • PKCE (Proof Key for Code Exchange) for secure OAuth flows.
  • CSRF state tokens to prevent cross-site attacks.
  • HTTP-only, secure cookies in production to prevent XSS token theft.
  • JWT-based authentication with expiration.
  • Role-based access control for team features.

6. 𝕏 (Twitter) OAuth Permissions

When you connect your 𝕏 account, we request the following OAuth scopes:

  • tweet.read - Read your tweets for analytics.
  • tweet.write - Post and schedule tweets.
  • users.read - Access your profile information.
  • users.email - Access your email address.
  • offline.access - Maintain access via refresh tokens.
  • follows.read - Read your following list.
  • follows.write - Unfollow accounts on your behalf.
  • media.write - Upload media attachments.

You can revoke Futurepost's access at any time through your 𝕏 Connected Apps settings.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • All 𝕏 OAuth tokens are immediately revoked.
  • All associated data is permanently deleted, including: tweets, drafts, media, analytics, team data, automation rules, unfollow logs, and subscription records.
  • Deletion is cascading - all related records are removed.

We may retain anonymized, aggregated data for service improvement purposes.

8. Your Rights

You have the right to:

  • Access - Request a copy of the personal data we hold about you.
  • Rectification - Update your information through your account settings or by contacting us.
  • Deletion - Delete your account and all associated data at any time through account settings.
  • Revoke access - Disconnect your 𝕏 account or revoke OAuth permissions at any time.
  • Data portability - Request your data in a portable format.

To exercise these rights, contact us at support@futurepost.ai.

9. Children's Privacy

Futurepost is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child under 16 has provided us with personal information, please contact us and we will promptly delete it.

10. International Data Transfers

Your data may be processed and stored in countries outside your own. By using the Service, you consent to the transfer of your data to these locations. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the Service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact

For questions or concerns about this Privacy Policy or your data, please contact us at support@futurepost.ai.