Repostify

Privacy Policy

Last updated: June 4, 2026

Repostify ("we", "us") respects your privacy. This policy explains what data we collect, why, and what we do with it. Plain language, no dark patterns.

What we collect

From you

  • Google account info (email, name, profile picture) — to sign you in and authenticate API calls.
  • Tasks & reminders you create in the app — stored in Vercel Redis.
  • Social platform credentials (Discord webhook URL, Twitter API keys, etc.) — stored as Vercel environment variables, never in the database.
  • YouTube channel ID + video metadata — used to fetch your videos for cross-posting.
  • Contact form submissions — saved in Redis with a timestamp.

Automatically

  • Session cookies — set by NextAuth.js for authentication. Required for the app to work.
  • Vercel access logs — IP, user-agent, request timestamps. Used for debugging and abuse prevention. Retained for 30 days.

What we DON'T collect

  • We don't use Google Analytics, Facebook Pixel, or any third-party tracker.
  • We don't sell your data. Ever.
  • We don't train AI models on your data. Captions are generated per request by Google Gemini; we don't store them after the post is created.

Third-party services we use

To provide the Service, we send data to:

  • Vercel — hosting, Redis storage
  • Google (Identity, YouTube Data API, Gemini) — sign-in, video metadata, AI captioning
  • The social platforms you enable (Discord, Twitter/X, Facebook, Threads, forums) — only the post content you trigger
  • Gmail SMTP (if you configure email reminders) — for sending reminder emails to your inbox

Each has its own privacy policy. We only send the minimum data needed.

Your rights

  • Access — request a copy of all data we hold about you
  • Deletion — request complete deletion of your account and data
  • Correction — request fixes to inaccurate data
  • Export — get your tasks and settings as JSON

Email alphagen.codes@gmail.com for any of these. We'll respond within 30 days.

Cookies

We use the minimum cookies necessary for sign-in and session management (set by NextAuth.js). No advertising or tracking cookies.

Children

Repostify is not directed at children under 13. We don't knowingly collect data from them.

Data retention

We keep your account data as long as your account is active. After deletion, backups expire within 90 days. Vercel access logs roll off after 30 days.

Security

All traffic is HTTPS. Redis credentials are stored in encrypted Vercel environment variables. Authentication tokens are JWT-signed.

That said: no system is 100% secure. Don't put credentials in Repostify that you couldn't survive being leaked.

Changes

We may update this policy. Material changes will be flagged here with a new "Last updated" date.

Contact

Questions or requests: /contact or alphagen.codes@gmail.com.