Privacy Policy

Last updated: March 22, 2026

1. Introduction

Prepostr ("we," "us," or "our") operates the website at prepostr.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Data Controller

For the purposes of applicable data protection laws (including the GDPR and LGPD), the data controller is:

Leonardo Grigorio Araujo Desenvolvimento de Software Ltda - ME
Trade name: Lion Stance
CNPJ: 54.036.904/0001-04
Av. Paulista, 1106, Sala 01, Bela Vista
São Paulo - SP, 01310-914, Brazil
Email: [email protected]

If you have questions or concerns about how your data is handled, you may contact us at the email address above.

3. Information We Collect

3.1 Account Information

When you sign in with Google OAuth, we receive and store:

  • Your name and email address
  • Your Google profile picture URL
  • A unique Google account identifier

We do not receive or store your Google account password.

3.2 YouTube Channel Data

When you connect your YouTube channel, we access your channel through the YouTube API Services with your explicit consent. We collect:

  • Your channel name, ID, and thumbnail
  • Video metadata for videos you own (titles, descriptions, thumbnails, view counts, durations)
  • Captions/transcripts from your own videos only
  • OAuth access and refresh tokens (stored securely, used only to communicate with Google APIs on your behalf)

We only access videos that belong to your connected YouTube channel. We do not access, download, or store content from channels you do not own.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.3 Competitor Channel Analytics

When you add competitor channels for tracking, we fetch publicly available data through the official YouTube Data API v3:

  • Channel names, subscriber counts, and video counts
  • Public video titles, view counts, like counts, and publish dates

This is the same public information available to anyone on youtube.com. We do not access any private or restricted data from these channels.

3.4 Generated Content

Content you generate through our AI features (social media posts, blog drafts, chat messages) is stored in your account and is not shared with other users.

3.5 Usage and Analytics Data

We collect usage data to improve our Service using the following tools:

  • PostHog: Collects product analytics including feature usage, click patterns, and page navigation to help us understand how users interact with the product. PostHog records anonymized session replays (mouse movements, clicks, and page scrolling) to help us identify usability issues. Session replays do not capture passwords, payment details, or text you type into forms (all form inputs are masked). You may opt out of PostHog tracking by enabling "Do Not Track" in your browser settings. See PostHog's Privacy Policy.
  • Google Search Console: Provides aggregated search performance data (impressions, clicks, search queries) for our website. This data is about our site's visibility in search results and does not contain personally identifiable user information.

3.6 Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVC, or full billing details on our servers. We store only your Stripe customer ID, subscription ID, and plan information to manage your account. See Stripe's Privacy Policy.

4. Legal Basis for Processing

We process your personal data under the following legal bases (as defined by the GDPR and equivalent provisions of the LGPD):

  • Contract performance: Processing necessary to provide the Service you signed up for (account management, content generation, billing).
  • Consent: YouTube channel access is granted via explicit OAuth consent. You may withdraw this consent at any time by revoking access through your Google Account permissions.
  • Legitimate interest: Analytics and usage tracking to improve the Service, provided this does not override your fundamental rights. You may opt out of analytics tracking as described in Section 3.5.

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Generate AI-powered content from your video transcripts
  • Display analytics and trend data from publicly available YouTube data
  • Process your subscription payments
  • Track your token usage against your plan limits
  • Improve and optimize the Service based on aggregated usage patterns
  • Communicate with you about your account (e.g., billing notifications, service updates)
  • Detect and prevent abuse, fraud, or violations of our Terms of Service

6. Third-Party Services and Data Sharing

We share your data with the following third-party services only as necessary to provide the Service:

ServicePurposeData Shared
Google (YouTube API)Video metadata, transcripts, channel dataOAuth tokens, video IDs
OpenRouterAI content generationVideo titles and transcript text (no user identity attached)
StripePayment processingEmail, subscription details
PostHogProduct analytics and session replaysFeature usage data, anonymized session replays (inputs masked)
ResendTransactional emailEmail address

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

7. AI-Generated Content and Data Processing

When you use our AI features, your video transcripts and titles are sent to third-party AI model providers (accessed via OpenRouter) to generate content suggestions. No personally identifiable information (such as your name or email) is included in these requests.

Third-party AI providers are contractually bound by their respective data processing terms. We select providers whose policies prohibit using customer inputs for model training, but we cannot independently verify the internal practices of every sub-processor. The generated content is stored in your account and is accessible only to you.

8. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Strictly necessary: Authentication session cookies to keep you signed in. These are essential for the Service to function and cannot be disabled.
  • Functional: Theme and language preferences to personalize your experience.
  • Analytics (optional): PostHog uses cookies and local storage to collect usage data. These are non-essential and you may opt out (see Section 3.5).

You can configure your browser to refuse non-essential cookies. Enabling "Do Not Track" in your browser will disable PostHog tracking. Blocking essential cookies may prevent you from using the Service.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our third-party service providers (Google, OpenRouter, Stripe, PostHog) operate.

When data is transferred outside the European Economic Area (EEA) or Brazil, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • The service provider's own compliance frameworks (e.g., Google's and Stripe's GDPR compliance programs)
  • Your explicit consent provided when connecting third-party services

10. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • Projects and generated content: Retained until you delete them or your account.
  • Usage logs: Retained for up to 90 days for billing and operational purposes, then automatically purged.
  • YouTube OAuth tokens: Retained until you disconnect your channel or delete your account. Tokens are invalidated immediately upon disconnection.
  • Analytics data: Retained according to PostHog's retention settings.

11. Your Rights

Depending on your jurisdiction (including under the GDPR for EU/EEA residents, the LGPD for Brazilian residents, and the CCPA for California residents), you have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate or incomplete data
  • Erasure ("right to be forgotten") of your personal data and account
  • Data portability to receive your data in a structured, machine-readable format
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Withdraw consent for data processing at any time without affecting the lawfulness of processing performed before withdrawal
  • Opt out of analytics tracking as described in Section 8
  • Revoke YouTube access at any time through your Google Account permissions
  • Lodge a complaint with your local data protection authority if you believe your rights have been violated

To exercise any of these rights, contact us at [email protected]. We will acknowledge your request within 72 hours and respond substantively within 30 days. If we need additional time, we will inform you of the reason and the expected timeline.

12. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encrypted storage of OAuth tokens and sensitive credentials
  • Access controls limiting data access to authorized services only
  • Regular security reviews of our infrastructure and dependencies

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and are not responsible for the security practices of third-party services we integrate with.

13. Children's Privacy

The Service is not intended for children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete the information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that affect how we process your personal data, we will notify you via email (to the address associated with your account) and/or through a prominent notice on the Service at least 14 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account before the effective date.

15. Contact

For privacy-related inquiries, data requests, or complaints:

Email: [email protected]

General support: [email protected]

← Back to homeTerms of Service →