Privacy Policy
OmniPost is a social media scheduling and cross-publishing tool. This policy explains what information we collect, why we collect it, how we use, store, and protect it — including data we receive from connected social platforms — and the choices and rights you have over your data.
Effective date: June 20, 2026
1. Who we are
OmniPost ("OmniPost", "we", "us", "our") provides a service that lets you compose a single post and publish or schedule it — including video — across multiple connected social media accounts: Instagram, Facebook Pages, Threads, TikTok, YouTube, LinkedIn, X (Twitter), Pinterest, Bluesky, and Mastodon. This policy applies to the OmniPost web application at omnipost.bookwithgenie.comand related services (collectively, the "Service").
2. Information we collect
Account & profile information
When you create an account we collect your email address and, if you sign in with a third-party identity provider (such as Google), the basic profile information that provider returns (your name, email, and profile picture). We use this to create, identify, and secure your account.
Connected social accounts & access tokens
When you connect a social media account, the relevant platform issues OmniPost an access token (and, where applicable, a refresh token) that authorizes us to act on your behalf — for example, to publish a post you have scheduled. We also store non-sensitive identifiers returned by the platform, such as your account ID, username, display name, profile picture URL, page or channel name, and the permission scopes you granted. We never receive, request, or store your social platform passwords.
Media you upload
We store the media you upload — images and video — in our object storage so that we can deliver it to the destination platforms you choose and display it back to you in your queue.
Post content
We store the post content you create: captions, hashtags, mentions, links, scheduling times, target channels, and the publishing results (success, failure, and platform post IDs) so that we can schedule, publish, and report on your posts.
Basic analytics
Where a platform makes it available and you have granted the relevant permission, we may retrieve basic analytics about content published through OmniPost — such as view, like, comment, and reach counts — solely to show you how your own posts performed inside the Service.
Usage & technical data
Like most online services, we automatically collect limited technical data — such as IP address, browser and device type, and log events — to operate the Service, secure it, prevent abuse, and diagnose problems.
3. How we use your information
- To authenticate you and keep your account and workspace secure.
- To publish and schedule the content you create, on the accounts you connect, at the times you choose.
- To display your posts, queue, channels, media, and basic analytics back to you.
- To operate, maintain, debug, secure, and improve the Service.
- To communicate with you about your account, security, and service-related notices.
- To comply with legal obligations and enforce our Terms of Service.
We do not sell your personal data, we do not share platform data with data brokers, and we do not use the content or data of your connected accounts for advertising or to train machine-learning models.
4. How platform data is used and stored
Data we receive from social platform APIs — including Meta (Facebook, Instagram, and Threads), TikTok, Google (YouTube), LinkedIn, X, and Pinterest — is used only to provide the features you asked for: connecting your channels, publishing and scheduling the content you submit, and showing you the results and basic analytics for your own posts. Access tokens are used solely to publish and manage content on your behalf at your direction. We do not access, read, or store platform data beyond what is necessary for these features.
In particular, we use Meta (Instagram, Facebook, and Threads) and TikTok data only to publish the content you submit and to show you your own analytics inside OmniPost. The related access tokens are encrypted at rest (see below), are never used for advertising or model training, and you can delete them at any time by disconnecting the channel or deleting your account — see our Data Deletion Instructions.
Encryption at rest. Social platform access and refresh tokens are encrypted at rest using AES-256-GCM before they are written to our database. They are decrypted only momentarily, on our servers, when needed to carry out an action you requested (such as publishing a scheduled post). Tokens are scoped to only the permissions you grant, never exposed to your browser or to third parties, and you can revoke them at any time (see section 9).
5. Meta Platform Data
When you connect a Facebook Page, Instagram account, or Threads account, OmniPost receives and processes Meta Platform Data (as defined in the Meta Platform Terms). We use Meta Platform Data only to provide the connection, scheduling, publishing, and basic-analytics features described in this policy, and we handle, store, and protect it in accordance with the Meta Platform Terms and the Meta Developer Policies, including any applicable data-use and data-deletion requirements. OmniPost does not transfer Meta Platform Data to any ad network, data broker, or other party that we do not use as a service provider to operate the Service, and we retain Meta Platform Data only for as long as it is needed to provide the Service to you or as required to comply with our legal obligations. If you remove OmniPost from your Meta settings, the corresponding tokens and connection data are deleted (see section 8 and our Data Deletion Instructions).
6. Platform API terms & limited use
Our use of information received from each social platform's API adheres to that platform's developer and platform policies, including any applicable Limited Use requirements. In particular, OmniPost's use and transfer of information received from Google APIs (for YouTube) adheres to the Google API Services User Data Policy, including its Limited Use requirements, and our use of TikTok, LinkedIn, X, and Pinterest data adheres to each of their respective platform and developer terms. We only request the permissions necessary to provide the features you use, and we use platform data solely to provide and improve those features for you.
YouTube & Google
When you connect a YouTube channel, OmniPost uses the YouTube API Services to upload the videos you publish and to retrieve basic channel and video metrics (such as view, like, and comment counts) so we can show you how your own content performed. By using OmniPost to connect a YouTube channel, you agree to be bound by the YouTube Terms of Service. OmniPost's use of information received from the YouTube API Services is governed by the Google Privacy Policy and adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not use YouTube data for advertising or to train machine-learning models. You can revoke OmniPost's access to your Google data at any time from the Google security settings page, or by disconnecting the channel in OmniPost (which immediately deletes the stored token).
7. Third parties & sub-processors
OmniPost relies on a small number of trusted infrastructure providers to run the Service:
- Supabase — managed Postgres database, authentication, and file storage. Your account data, encrypted tokens, post content, and uploaded media are stored here.
- Vercel — application hosting and serverless execution of the Service.
- Resend — transactional email delivery (for example, sign-in, verification, and account notices). Resend receives your email address only to deliver these messages.
- The social platforms you connect— Meta (Facebook & Instagram), Threads, TikTok, Google (YouTube), LinkedIn, X, Pinterest, Bluesky, and Mastodon. When you publish to a platform, the content and associated metadata are sent to that platform and become subject to its own privacy policy and terms.
These providers process data only on our behalf and under agreements that require appropriate confidentiality and security. We may also disclose information when required by law or to protect the rights, safety, and security of OmniPost and its users.
8. Data retention
We retain your account information, post content, media, and connected-account records for as long as your account is active and the data is needed to provide the Service. If you disconnect a social account, we delete its stored access and refresh tokens immediately. If you delete your account, we delete your personal data as described in our Data Deletion Instructions, within 30 days of a verified request, subject only to limited retention required to comply with legal obligations, prevent fraud, or resolve disputes.
9. Your choices & rights
- Disconnect a channel at any time from the Channels page — this immediately deletes the stored token for that account, and OmniPost can no longer publish to or read from it.
- Revoke access from the platform sidevia that platform's connected-apps settings (for example, Meta "Business Integrations", your Google account's third-party access page, or the equivalent for each network).
- Request data deletion at any time — follow our Data Deletion Instructions or email us using the details below.
- Access, correct, or export your personal data — contact us using the details below. Depending on your jurisdiction you may have additional rights under laws such as the GDPR or CCPA.
10. Cookies
OmniPost uses a small number of essential cookies (and equivalent local storage) to keep you signed in, maintain your session securely, and remember basic preferences. We do not use advertising or third-party tracking cookies. Because these cookies are required for the Service to function, disabling them in your browser may prevent you from signing in or using OmniPost.
11. Children
OmniPost is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, please contact us so we can remove it.
12. International transfers
OmniPost and its sub-processors may process and store data in countries other than the one in which you live. Where required, we rely on appropriate safeguards for such transfers and take steps to ensure your data continues to be protected in line with this policy.
13. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you through the Service.
14. Contact us
Questions about this policy or your data? Email us at yoavx2@gmail.com. To request deletion of your data, see our Data Deletion Instructions.