Privacy Policy
1. Who we are
PostChute is operated by [YOUR FULL NAME], a sole trader trading as "PostChute" in the United Kingdom. Our contact address is [CONTACT ADDRESS].
As a sole trader, [YOUR FULL NAME] is personally the data controller responsible for your personal data under UK GDPR.
We are registered with the Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].
For privacy-related questions: [DATA PROTECTION EMAIL ADDRESS]
2. What this policy covers
This policy explains what personal data we collect when you use PostChute, why we collect it, how long we keep it, who we share it with, and what rights you have over it.
PostChute connects your Notion workspace to your WordPress site using AI agents (via an AI API you choose and provide — currently Anthropic or OpenAI) to draft, optimise, and publish blog content. The decision to publish, the destination, and the schedule remain under your control.
3. The data we collect, why, and our legal basis
3a. Account credentials
| What | Why | Legal basis |
|---|---|---|
| Email address | To identify your account, send transactional emails, allow sign-in | Contract |
| Password (hashed — we never see it) | To authenticate you | Contract |
3b. Display name
| What | Why | Legal basis |
|---|---|---|
| Display name (optional) | To address you in the app and emails | Contract |
3c. Third-party service credentials
| What | Why | Legal basis |
|---|---|---|
| Notion access token | To read your Notion database on your behalf | Contract |
| WordPress API URL and application password | To publish content to your WordPress site | Contract |
| Anthropic API key (if you use Anthropic as your AI provider) | To generate content using Claude AI | Contract |
| OpenAI API key (if you use OpenAI as your AI provider) | To generate content using OpenAI models | Contract |
All credentials are encrypted at rest (AES-256-GCM) with the encryption key held separately. Credentials are decrypted only when a pipeline run needs them. Credential values are never included in data exports, logs, or API responses.
3d. Pipeline run history
| What | Why | Legal basis |
|---|---|---|
| Run status, timestamps, error messages | Dashboard history, service monitoring, anonymised aggregate statistics | Legitimate interests — statistics are aggregated and anonymised so no individual can be identified |
3e. Privacy consent record
| What | Why | Legal basis |
|---|---|---|
| Timestamp of policy acceptance at sign-up | Audit trail demonstrating informed consent | Legal obligation |
4. Data we do not collect
- The content of your Notion pages beyond what is needed to process and publish them
- Any data from your WordPress site beyond a successful publish confirmation (status code and post URL)
- Location data
- Any data from your device beyond standard web server access logs
5. Server logs
Our servers automatically generate access logs (IP address, browser type, pages visited, timestamps). We retain server logs for 30 days, after which they are automatically deleted.
6. Who we share your data with
We do not sell your personal data. We use the following data processors under Data Processing Agreements:
| Processor | What data | Why | Location |
|---|---|---|---|
| Supabase Inc. | All data in section 3 | Database and authentication | EU (DPA accepted) |
| Google Cloud Platform | Server logs; application runtime | Cloud hosting | EU — europe-west2 (DPA accepted) |
Notion, WordPress, Anthropic, and OpenAI receive your credentials only to authenticate requests made on your behalf. They are independent data controllers — see their own privacy policies: Notion, Anthropic, OpenAI, Automattic/WordPress.com.
7. Your rights
Under UK GDPR, you have the following rights. Contact us at [DATA PROTECTION EMAIL ADDRESS] to exercise any of them. We will respond within one calendar month.
- Access — self-service data export available in your account settings
- Erasure — delete your account permanently from account settings
- Rectification — update your display name and email in account settings
- Portability — data export is provided in JSON format
- Object — to our use of run history for aggregate marketing statistics (section 3d)
- Restrict processing — in certain circumstances while a dispute is resolved
- Complain — to the ICO at ico.org.uk or 0303 123 1113
8. How long we keep your data
| Data | Retention period |
|---|---|
| Account credentials, display name, third-party credentials | For the lifetime of your account; deleted immediately on account deletion |
| Pipeline run history (full detail) | 30 days, then automatically deleted |
| Pipeline run history (anonymised weekly aggregate counts — no user IDs) | Retained indefinitely for service analytics. No individual user can be identified from this data. |
| Privacy consent timestamp | 6 years after consent or account closure (Limitation Act 1980) |
| Account deletion record | 6 years after deletion (non-identifying: timestamp and internal reference only) |
| Server logs | 30 days, then automatically deleted |
9. Security
- All data transmitted over HTTPS (TLS)
- Third-party credentials encrypted at rest; encryption key held separately
- Row-level security enforced in the database — each user can only access their own data
- Account deletion requires password confirmation
If you discover a security vulnerability, contact us immediately at [SECURITY CONTACT EMAIL].
10. Children
PostChute is not intended for anyone under 18. This is because the third-party AI services used by PostChute (Anthropic and OpenAI) have their own age requirements, and our service depends on them. If you believe we have collected data from a minor, contact [DATA PROTECTION EMAIL ADDRESS] and we will delete it immediately.
11. How you accept this policy
You accept this Privacy Policy when you create an account. The consent checkbox on the sign-up page is empty by default — you must actively tick it. The exact timestamp is recorded in your account record.
12. Changes to this policy
When we make a material change affecting your rights, we will notify you by email and ask for your acceptance before you continue. For minor changes (typos, clarifications), we update the document and date without requiring re-acceptance.
13. Contact
[YOUR FULL NAME], trading as PostChute
[CONTACT ADDRESS]
Email: [DATA PROTECTION EMAIL ADDRESS]
ICO registration: [ICO REGISTRATION NUMBER]