ChiselPostLast updated: 11 April 2026

Privacy Policy

This Privacy Policy describes how ChiselPost ("we", "us", or "our") collects, uses, and shares information about you when you use our services.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, password, and profile photo when you register.
  • Billing information: payment card details (processed and stored securely by our payment processor, Stripe — we never store raw card data).
  • Social media credentials: OAuth tokens for platforms you connect (Twitter/X, TikTok, YouTube, Pinterest, Instagram, LinkedIn, Facebook, Threads, Bluesky). We store only encrypted access tokens — never your passwords.
  • Content: posts, captions, images, and media you create or schedule through ChiselPost.
  • Communications: messages you send to our support team.

1.2 Information We Collect Automatically

  • Usage data: pages visited, features used, actions taken, and time spent within the platform.
  • Device & log data: IP address, browser type, operating system, referring URLs, and crash reports.
  • Cookies & similar technologies: session cookies, preference cookies, and analytics identifiers. See our Cookie Policy for full details.

1.3 Information From Third Parties

  • Analytics data from connected social platforms (e.g., impressions, reach, follower counts) fetched via their APIs on your behalf.
  • Payment status and fraud signals from Stripe.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services.
  • Publish and schedule content to your connected social media accounts.
  • Process payments and manage subscriptions.
  • Send transactional emails (account confirmations, password resets, billing receipts).
  • Send product updates and marketing communications (you can opt out at any time).
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Respond to your support requests.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

  • Contract performance: processing necessary to provide the services you have signed up for.
  • Legitimate interests: security, fraud prevention, and improving our services.
  • Consent: marketing communications and non-essential cookies (which you can withdraw at any time).
  • Legal obligation: compliance with applicable laws.

4. How We Share Your Information

We do not sell your personal data. We share it only in the following circumstances:

  • Service providers: trusted third parties who help us operate our platform (Stripe for payments, Resend for email, Cloudflare R2 for media storage, Render for hosting). These providers are contractually bound to protect your data.
  • Social media platforms: content you schedule is published via official platform APIs on your behalf.
  • Legal requirements: when required by law, court order, or governmental authority.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, in which case users will be notified.
  • With your consent: for any other purpose disclosed to you at the time of collection.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes (typically up to 7 years for financial records).

6. International Data Transfers

ChiselPost is operated from the United Kingdom. Your data may be processed in countries outside your own, including the United States. Where we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Restriction: request restriction of processing in certain circumstances.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at privacy@chiselpost.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive tokens, bcrypt password hashing, and regular security audits. See our Security page for full details. No method of transmission over the Internet is 100% secure, however, and we cannot guarantee absolute security.

9. Children's Privacy

ChiselPost is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@chiselpost.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice within the platform. The "Last updated" date at the top of this page indicates when this policy was last revised.

11. Contact Us

ChiselPost

Data Controller

Email: privacy@chiselpost.com

Website: https://chiselpost.com

Terms of ServiceCookie PolicySecurity