Privacy Policy
Last updated: May 3, 20261. Introduction
PostStack is a private internal tool operated by Stephen Roda for managing Pinterest content scheduling across owned business accounts. This policy describes how data is handled within this tool.
This tool is not a public product and is not accessible to the general public. Access is restricted solely to its operator.
2. Information We Collect
- Pinterest account OAuth tokens (access and refresh tokens)
- Pinterest user IDs and board information
- Pin content you create (titles, descriptions, URLs, scheduled times)
- Application usage logs for debugging purposes
3. How We Use Information
- OAuth tokens are used solely to publish pins to connected Pinterest Business accounts owned by the operator
- Pin content is stored temporarily in a local queue until published
- Logs are used for debugging and are not shared with any third party
4. Data Storage
- All data is stored in an encrypted SQLite database hosted on Render
- OAuth tokens are encrypted at rest using AES-256-CBC encryption
- No data is sold, shared, or transmitted to third parties beyond the services listed below
5. Third Party Services
PostStack integrates with the following services to operate:
- Pinterest API — for pin publishing to connected business accounts
- Google AI API — for AI-generated image background generation
- Unsplash API — for stock photo backgrounds on generated pin images
- Render — for application hosting and database storage
Each of these services has its own privacy policy governing data they receive.
6. Data Retention
- Sent pins are retained in logs for 90 days
- Failed pins are retained until manually cleared by the operator
- OAuth tokens are retained until manually disconnected via the Connect page
7. Contact
For questions about this privacy policy, contact: sjroda@gmail.com