PostMine
Legal
Plain-language summaries of how PostMine works. Questions go to support@postmine.tech.
Privacy
What we store
- Your account email. For most users this is your Google or GitHub account email (the entire account). If PostMine provisioned an email and password login for you (for example, an app reviewer), we also keep a salted password hash via Supabase Auth and never see the plaintext password.
- Your connected-platform credentials, encrypted at rest with AES-256-GCM.
- Your connected account's profile basics: the handle and display name of each account you connect, and its profile image URL for X, used to show your account across the dashboard and to render your avatar in the reply composer.
- The content of your posting rounds: source text, adapted variants, one image per round, and their statuses.
- Your tone profile: style traits derived from recent posts of your connected accounts. Delete it any time in Settings.
- Your analytics-consent choice, stored server-side as a single row: your user id, whether you accepted, and when. We keep it only so your choice is honoured even for events that have no browser session, such as a subscription renewal, and never to track you.
- The opportunities we surface for you: the public thread we found, its fit score, and the reply draft we generate for you to copy. For an X thread we store the author display name, handle and avatar, the post text, the link, and public counts such as likes, reposts, replies and views. For a Reddit thread we store the subreddit, the author's username, the thread text, the link, and public counts such as upvotes and comments. For a Hacker News thread we store the title, the thread text, the author's username, the link, and public counts such as points and comments.
Processors we use
- Supabase for the database and authentication.
- Vercel for hosting and the scheduler cron.
- Polar for billing and subscription management.
- Resend for transactional email (failure and token-expiry alerts) and the daily digest and re-engagement reminder emails.
- PostHog (EU region) for product analytics and session replay, so we can see how the product is used and where it breaks. Enabled only after you accept analytics cookies. Session replays record your session, including the content you type and view, such as draft posts and captions; passwords are excluded.
- AI model providers (Google Gemini API and OpenRouter) to adapt your text per platform and to write your project documents. Your source text is sent to them only to generate the variants and documents; they do not use it to train their models.
- Web research providers (Tavily, Jina, Firecrawl, Exa and Serper) to read the public web page you ask us to analyze and to find and read competitors’ public pages for the Competitor Analysis document. We send them the public URLs being analyzed, not your account data.
- X (api.x.com) recent search to gather public posts for the Customer Research document and to find live threads where your product fits (the opportunity finder). We send a search query built from your project’s product name, category and pain terms; we never send your account data or private content, and only public posts are returned, quoted with their author handle and link. For the opportunity finder we store the surfaced thread (author display name, handle and avatar, text, link, and public counts such as likes, reposts, replies and views) so it can be shown in your dashboard.
- Apify (a Reddit scraping provider) and Serper (a Google Search API) to find public Reddit threads where your product fits (the Reddit opportunity finder). We send a search query built from your project’s product name, category and pain terms; we never send your account data or private content, and only public threads are returned. We store the surfaced thread (the subreddit, the author’s username, the thread text, the link, and public counts such as upvotes and comments) so it can be shown in your dashboard. We do not use the official Reddit API, and we never post to Reddit for you.
- Algolia (the Hacker News Search API at hn.algolia.com) to find public Hacker News threads where your product fits (the Hacker News opportunity finder). We send a search query built from your project’s product name, category and pain terms; we never send your account data or private content, and only public threads are returned. We store the surfaced thread (the title, the thread text, the author’s username, the link, and public counts such as points and comments) so it can be shown in your dashboard. There is no Hacker News account connection, and we never post to Hacker News for you.
- Google PageSpeed Insights (Google APIs) to audit the public site you ask us to analyze, for the Analytics column (PageSpeed, SEO and GEO signals). We send only that public URL, never your account data.
- Each connected platform’s own API at publish time (Telegram, Dev.to, Threads, X, LinkedIn).
Reminder emails
- We send a daily digest email, at most once a day, letting both free and paid users know when fresh posts or reply opportunities are waiting in PostMine. We email only when something new is ready; for accounts that stay away we ease off the come-back reminders and eventually stop them.
- You can turn the daily digest off any time from Settings in the app, and every email also carries a one-click unsubscribe link (no login needed). Once you opt out we honour it and stop sending reminders; you can turn it back on from the same place. Important account emails, such as a failed post or an expiring connection, are transactional and always come through.
What we never do
- We never post on your behalf without an explicit action: Post now, a schedule you set, or an MCP call signed with your key.
- We never post replies to other people's posts for you: opportunity reply drafts are yours to copy and post manually.
- We never use your content to train any model.
- We never sell your data.
Deletion
- Deleting your account removes everything: connections, rounds, drafts and API keys, immediately. Posts already published stay on their platforms, because they are no longer ours to remove.
- Removing PostMine from your Threads (Meta) account, or sending a Meta data-deletion request, automatically deletes your Threads connection and its publishing records from PostMine.
Cookies
- Essential cookies for sign-in and your session, plus a cookie that records your analytics-consent choice.
- Analytics cookies (PostHog) are set only after you click Accept in the consent banner, and never for advertising. If you Reject, no analytics cookies are set. You can change your choice any time by clearing cookies in your browser.
Terms
Billing
- PostMine has one paid plan: Pro at $49/mo. Billing runs through Polar.
- Monthly is billed every month. Yearly is billed once, upfront, for 12 months at $470: an effective $39/mo, about 20% off.
- Prices may change with at least 30 days notice, but never in the middle of a period you have already paid for: any change takes effect only at your next renewal.
- If your subscription lapses, scheduled rounds hold with a blocked status and publish automatically once payment resumes.
Founding offer
- The first 30 Pro subscriptions keep the $49/mo founding rate for as long as the subscription stays active, even if the regular price rises later.
- The founding rate lapses if the subscription is cancelled, and it is not transferable to another account or workspace.
Free plan
- PostMine has a free plan, not a trial. Start free with no card and stay on the free plan as long as you like.
- A card is asked for only when you upgrade to Pro, and the first charge happens at the moment of the upgrade. Cancel anytime in one click in Billing.
Refunds
- Full refund within 14 days of any first charge, no questions asked. After that, refunds are pro-rated at our discretion.
- Refund requests go to support@postmine.tech.
Cancellation
- Cancel in one click in Billing. You keep full access until the end of the period you have paid for.
- After the period ends your workspace drops back to the free plan and Pro features turn off. We never delete your content: resubscribe to restore full access.
Your responsibilities
- You are responsible for the content you publish and for following each platform’s own rules and terms.
- Project documents may surface third-party public content gathered for your analysis, including public X posts (with their author and link) and competitors’ public pages. That content belongs to those third parties and is subject to their own terms. Documents are research aids, not legal or financial advice, so verify any fact, price or quote before you rely on it.
- Reply opportunities on X, Reddit and Hacker News are drafts for you to review and post yourself, from your own account: we never post them for you. You are responsible for what you post and for following each community’s rules, including the individual subreddit rules on Reddit and the Hacker News guidelines.
Service
- PostMine is provided as-is. We aim for best-effort delivery with one automatic retry on transient failures, then a clear error and a manual Retry.
Accounts and sign-in
- You sign in to PostMine with Google or GitHub, or with an email and password for accounts that PostMine provisions (for example, app reviewers). There is no public email and password registration; everyday accounts are created through Google or GitHub.
Publishing and accounts
- PostMine publishes only on your explicit action: Post now, a schedule you set, or an MCP call signed with your key. There is no unattended auto-posting.
- You are responsible for the content you approve and publish, including its compliance with each platform’s rules on AI-assisted and automated content.
- PostMine is not liable for reach changes, restrictions or enforcement actions taken by platforms against your accounts.
License · MIT
- PostMine’s open-source components are released under the MIT License. Copyright © 2026 Yerkebulan Rakhimov.
- Permission is hereby granted, free of charge, to any person obtaining a copy of the covered software, to deal in it without restriction, subject to including this copyright notice in all copies.