Effective 2026-04-19 · Last updated 2026-05-08 · Version 2.0
LetsPost Technologies LLC (“letspost.it,” “we,” “us,” “our”) operates the letspost.it social-media scheduling, publishing, and analytics service (the “Service”). This Privacy Policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have to access, correct, export, or delete it. We wrote it in plain language wherever the law lets us; where it has to be precise, we tried to make the precision findable.
By using letspost.it, you agree to the practices described here. If you do not agree, do not use the Service. If you have questions, write to adriano.neps@gmail.com.
LetsPost Technologies LLC, a Delaware limited liability company, is the data controller for personal information processed through the Service. You can reach us at adriano.neps@gmail.com for any privacy question, request, or complaint. We do not currently have an EU representative or UK representative; cross-border requests are handled by the same email address.
We collect the categories below. Some you give us directly (e.g., your name, the post you want scheduled). Some we receive from connected platforms when you authorize them (e.g., your Instagram username). Some we collect automatically as you use the Service (e.g., the IP address your browser sends with each request).
Email address, display name, hashed password (or a sign-in token if you use a federated provider such as Google), email verification state, MFA enrollment state, time zone, and locale. We use this to authenticate you and to address you correctly in the dashboard.
Workspace name, members, roles, invite emails, and any other fields you provide when you create or join a workspace. If you invite a teammate, we send them an email containing your name and the workspace name so they know who invited them.
When you connect a third-party platform (Instagram, TikTok, YouTube, Facebook, Threads, X / Twitter, LinkedIn, Pinterest, Bluesky, Google Business Profile, Snapchat, Telegram, WhatsApp), we receive an OAuth access token (and where applicable a refresh token) plus the minimum profile fields the platform requires to identify the connected account (account ID, handle, display name, avatar, account type). We store these so we can publish on your behalf and so the dashboard can show which account is connected. The full list of scopes we request per platform is described in our connection docs.
Whatever you draft in the composer: text, captions, hashtags, location tags, alt text, scheduling time, target platforms, and any image or video you upload. Media files are stored in Google Cloud Storage in our primary region. Drafts and scheduled posts are stored until you delete them; published posts persist until the underlying platform deletes them or you do.
When you authorize the corresponding scope on a connected platform, we read back basic engagement metrics on the posts you published through us — reach, impressions, likes, comments, shares, saves, click-through, view-through, etc., as exposed by each platform's API. We use these only to power the analytics view in your workspace; we never aggregate across users or sell the data.
If you subscribe to a paid plan, Stripe handles your card and payment data on our behalf. We never see your card number. From Stripe we receive a customer ID, last-four of card, country, and subscription state, which we store to manage your account and surface billing history.
If you opt in to managing letspost.it through WhatsApp, Slack, Telegram, or another chat surface, we receive the messages you send to our agent (text + media) and the messages our agent sends back. We use these to fulfill the publishing or scheduling action you asked for. WhatsApp messages are routed through our WhatsApp Business Solution Provider (WhAPI) and delivered to Meta's WhatsApp Cloud API.
IP address, browser user-agent, request path, response code, timing, and (on errors) a stack trace. We log this for debugging, abuse prevention, security monitoring, and rate limiting. We do not sell logs and we do not use them for advertising.
We use first-party cookies and localStorage to keep you signed in, remember your locale and theme, and cache dashboard state. We use a small set of cookies for analytics (counts of unique visitors per page, no cross-site tracking). You can clear letspost.it cookies at any time using below or your browser's privacy controls. We do not use third-party advertising cookies.
We use the categories above to:
We do not sell, rent, or share your personal information for third-party advertising, profiling, or model-training. We do not use the content of your posts to train generalized AI models.
If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (or UK GDPR) requires us to identify a legal basis for each processing activity. The bases we rely on are:
letspost.it publishes to the social networks you authorize. Each platform is a separate data controller for the data it stores about your account, separate from us. The list below is a summary of what we touch per platform. The full list of OAuth scopes we request, and exactly which API endpoints we call, is in our developer documentation.
We request OAuth scopes for the Instagram Graph API (instagram_business_basic, instagram_business_content_publish, instagram_business_manage_comments, instagram_business_manage_insights); the Facebook Pages API (pages_show_list, pages_manage_posts, pages_read_engagement, pages_manage_metadata); and the Threads API (threads_basic, threads_content_publish, threads_manage_insights). We use them to publish, read engagement, and (for IG) moderate comments on posts you authored. We do not request advertising scopes, messaging scopes, or audience-data scopes.
We use TikTok Login Kit and the Content Posting API. Scopes: user.info.basic, video.upload, video.publish. We use them to confirm the connected account and to upload + publish the video you drafted, with the caption and privacy settings you set.
We use the YouTube Data API v3. Scopes: youtube.upload and youtube.readonly. We use them to upload videos to your channel and to read back basic statistics (view count, like count, comment count) on the videos you published through us. Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements: we do not transfer Google API data to third parties, do not use it for advertising, do not use it to train generalized AI models, and do not allow humans to read it except where (a) explicitly authorized by you, (b) required for security or to comply with law, or (c) the data is aggregated and used for internal operations.
We use the X API v2 with OAuth 2.0 + PKCE. Scopes: tweet.read, tweet.write, users.read, offline.access. We use them to publish tweets and threads, capture the canonical tweet ID for thread replies, refresh tokens, and read public engagement metrics on tweets you published through us.
We use Sign In with LinkedIn (OpenID Connect) plus Share on LinkedIn. Scopes: openid, profile, w_member_social. We use them to identify you, post member updates, and read public engagement on those posts. We do not request marketing or ads scopes in this submission.
We use Pinterest API v5 with the standard pin and board scopes. We use them to list your boards, publish pins, and read back impressions / outbound clicks / saves on the pins you published.
We use the Business Profile Performance API and the Account / Location Management API. Scope: https://www.googleapis.com/auth/business.manage. We use it to list your locations, publish "what's new" / offer / event posts to the locations you select, and read back post performance (views, action clicks). The same Limited Use conditions noted under YouTube apply.
For Bluesky we use app-password authentication and the AT Protocol's standard post endpoints. Snapchat and Telegram integrations follow each platform's standard OAuth or bot framework. Where these are still in development, we'll update this policy when they go live.
When you opt in to chat with our agent on WhatsApp, your messages route through WhAPI (a WhatsApp Business Solution Provider) and Meta's WhatsApp Cloud API. We store the message text and any media you send for as long as Meta's policy allows (typically 30 days), so the agent has the context to respond and so we can debug delivery issues.
letspost.it offers optional AI features:
We have data-processing agreements with our model providers and we transmit only the minimum content required for each call. We do not allow our model providers to use your content to train their generalized models. You can opt out of AI features at any time in workspace settings.
We use the following sub-processors to deliver the Service. Each one has signed a data-processing agreement with us and processes data only for letspost.it on our instructions.
| Provider | Purpose | Region |
|---|---|---|
| Google LLC (Firebase, Cloud Functions, Cloud Storage, Cloud Tasks, Secret Manager) | Primary application hosting, database, file storage, scheduled jobs, secrets | United States (us-central1) |
| Stripe, Inc. | Subscription billing, payments, customer portal | USA |
| Resend (Resend Co.) | Transactional email (verification, password reset, security alerts) | USA (us-east-1) |
| Sentry (Functional Software, Inc.) | Error monitoring, performance traces (no payloads) | USA |
| Anthropic, PBC | Language-model inference for AI composer assist + chat-agent | USA |
| Groq, Inc. | Alternate language-model inference (open-weights models) for some agent paths | USA |
| Meta Platforms, Inc. | WhatsApp Cloud API (only when you opt in to WhatsApp channel) | USA / global per Meta |
| WhAPI | WhatsApp Business Solution Provider in front of Meta's Cloud API | USA / EU per WhAPI |
We will update this list at least 30 days before adding a material new sub-processor, where doing so is reasonably practical. If you have an active subscription you can object to a new sub-processor by writing to adriano.neps@gmail.com within 30 days; if we cannot accommodate your objection, you may terminate the affected portion of the Service.
All primary application data lives in Google Cloud United States (us-central1). If you are outside the United States, your information will be transferred to and processed in the United States. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses as incorporated into our agreements with Google's Standard Contractual Clauses (SCCs). We also implement the supplementary measures recommended by the EDPB (encryption at rest, encryption in transit, access controls, audit logging).
Soft-deletion is used for some objects (accounts, posts) to allow recovery within 30 days; after the recovery window the hard-purge job runs daily at 03:00 UTC and the data is irretrievably erased.
If you are in the EEA, UK, or Switzerland, you have the right to:
To exercise any right, write to adriano.neps@gmail.com from the email on file. We respond within 30 days; we may ask you to verify your identity before acting on a request. You can also file a self-service deletion request at letspost.it/data-deletion.
If you are a California resident, the CCPA / CPRA gives you the right to:
To exercise any of these, email adriano.neps@gmail.com. You may designate an authorized agent to act on your behalf; we'll ask the agent for proof of authorization.
If you are in Brazil, the Lei Geral de Proteção de Dados (Lei nº 13.709/2018) gives you the right to confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, withdrawal of consent, and the right to object to processing carried out on a basis other than consent. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD). To exercise any right, write to adriano.neps@gmail.com.
Our legal bases under the LGPD mirror the GDPR list above: execução de contrato, legítimo interesse, consentimento, e cumprimento de obrigação legal.
We protect your data with industry-standard practices:
No system is perfect. If we discover a personal-data breach, we will notify affected users and regulators within the timeframes required by applicable law (typically 72 hours under GDPR / LGPD).
We use first-party cookies and localStorage for essential functionality (session, locale, theme) and a small first-party analytics cookie for unique-visitor counting. We do not use third-party advertising cookies and we honor Global Privacy Control (GPC) signals as an opt-out from any activity that would qualify as "sale" or "share" under California law (we already do not sell or share, so GPC changes nothing in practice but we honor it for clarity). Reset our cookies at any time with or your browser's settings.
letspost.it is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, contact adriano.neps@gmail.com and we will delete it promptly. Parents of children between 13 and 16 in jurisdictions where this is the relevant threshold can contact us to review or delete data.
We do not make decisions producing legal or similarly significant effects about you using solely automated means. The AI features described in §6 produce drafts you review and edit before publishing — they don't take action on your behalf without your explicit confirmation.
You can close your letspost.it account at any time from settings. On request:
For an immediate deletion request, use letspost.it/data-deletion.
We may update this Privacy Policy as the Service evolves or the law requires. The "Last updated" date at the top reflects the latest revision. For material changes — new purposes, new categories of data, new sub-processors with materially different practices — we will notify you by email (to the address on file) or via an in-app banner at least 30 days before the change takes effect, and where required by law we will obtain your consent. Continued use of the Service after the effective date of an update means you accept the updated policy.
For any privacy question, request, or complaint: