The short version

Effective 11 July 2026

We collect what we need to run Quillcaster: your account details, the content you create, the tokens and profile data from the social accounts you connect, and basic usage information. To adapt your content for each platform, some of it is sent to third-party AI providers (such as OpenAI). We publish your posts to the platforms you connect, on your instruction. We do not sell your personal data, and we use only an essential session cookie. To delete your account, email us.

This summary is for convenience. The detail below is what applies.

1. Who this covers and how to reach us

This policy explains how Quillcaster (“we”, “us”, “our”) handles your personal information across our website and product. For any privacy question or request, email [email protected].

Where we act as a processor for content you route through connected platforms, we handle that content to provide the service to you. For your account and usage data we act as a controller. If you’re in the EU or UK we honour the GDPR / UK GDPR; if you’re in California we honour the CCPA / CPRA.

2. What we collect

Account information.

  • Your email address and, if you provide it, your name and avatar.
  • Authentication is passwordless: you sign in with a magic link sent to your email, or with Google. We do not store passwords. If you sign in with Google we receive only basic profile scopes (your identifier, email, and profile info); we do not store your Google password.
  • Your workspace(s), your role in each, and workspace settings.

Content you create.

  • The ideas, drafts, and posts you write or upload, and the per-platform adaptations generated from them.
  • Media you upload (images and video) and the derived variants and clips we produce from them. Media bytes are stored in private cloud object storage (Cloudflare R2); the database stores only metadata.
  • Your per-brand voice profiles and any example posts you provide to shape them.

Connected accounts.

  • When you connect a social account, we store the OAuth access/refresh tokens or app credentials needed to publish on your behalf. These credentials are encrypted at rest (AES-256-GCM).
  • We store the connected account’s public profile details (such as handle and display name) and may retrieve analytics/engagement data for the posts you publish, to power scheduling recommendations and the performance-loop features.

Payments.

  • Billing (when introduced) is handled by Stripe. We do not store your card details. We would store your Stripe customer ID and subscription status only.

Usage & technical information.

  • A per-workspace usage count (connected accounts, AI generations, scheduled/published posts, storage used).
  • When you sign in we store session information, and we keep server logs and use your IP transiently for security, rate-limiting, and abuse prevention.

3. AI processing of your content

Quillcaster’s core feature is adapting one idea into platform-native posts. To do that, the content you ask us to adapt (and, for video, the media you upload) may be sent to third-party AI providers acting as our subprocessors — for example OpenAI for text adaptation.

We send only what’s needed to produce your drafts and clips. We do not sell your content, and we do not use it to train our own or third parties’ models beyond what is necessary to provide the feature to you. Our AI subprocessors process it under their own terms as service providers; where those providers offer no-training options for API traffic, we rely on them.

You should review AI-generated drafts before they’re published — see our Terms.

4. Cookies

We use an essential, HttpOnly session cookie to keep you signed in, plus a short-lived security cookie during sign-in / OAuth. We use no advertising or cross-site tracking cookies.

Your theme choice is stored in your browser’s local storage, not a cookie. Because we use only essential cookies, there’s no cookie-consent banner.

5. How we use your data

We use your data to provide and run the service: to adapt your ideas into posts, publish to the platforms you connect, schedule at good times, produce video clips, learn your brand voice, sign you in, take payment (later), provide support, keep the service secure, and improve it.

For EU / UK users, our legal bases are: performance of our contract with you; our legitimate interests (securing and improving the service); your consent where required (for example, connecting a specific platform); and compliance with legal obligations.

6. Who we share it with

We share data with the service providers (subprocessors) we use to run Quillcaster. We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

  • OpenAI — AI adaptation of your content into per-platform drafts.
  • The social platforms you connect — we transmit your posts and media to the platforms you choose (for example Bluesky, Mastodon, Farcaster, Telegram, Discord, LinkedIn, Meta’s Instagram / Threads / Facebook, Pinterest, and others as they’re added), using their official APIs.
  • Cloudflare (R2) — private object storage and content delivery for your media.
  • Stripe — payments (when billing is introduced).
  • Mailgun — sends your sign-in and account emails.
  • Our hosting and database providers — to operate the application and store your data.

7. Connected platforms & their terms

When you connect an account, you also authorise us under that platform’s terms, and your use of each platform remains subject to it — including Meta’s Platform Terms for Instagram, Threads, and Facebook, and the developer terms of every other platform you connect.

Google API Services. Quillcaster’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Quillcaster’s access to a connected account at any time — inside Quillcaster, or on the platform itself. For Google, you can review and revoke access at myaccount.google.com/permissions and security.google.com/settings/security/permissions.

8. International transfers

Several of our providers are based in the United States and elsewhere, so your data may be processed outside your country. We rely on those providers’ contractual safeguards and standard data-protection terms (such as Standard Contractual Clauses) to protect it.

9. How long we keep it, and deletion

We keep your content and account data while your account is active. Connected-account credentials are kept until you disconnect that account or delete your account, after which they are removed. Deleted data may persist briefly in encrypted backups before being overwritten.

To delete your account or request erasure of your data, email [email protected] and we’ll action it.

10. Your rights

Depending on where you live, you can ask us to access, correct, delete, export, or restrict the processing of your data, and to object to certain processing. To make a request, email [email protected]. We do not sell personal data, so there is nothing to opt out of on that front.

You can also complain to your local data-protection authority (EU/UK), or to the California Attorney General (California).

11. Security

We protect your data with measures including: encryption in transit; connected-account credentials encrypted at rest (AES-256-GCM); HttpOnly session cookies; private media served from access-controlled storage; and per-request checks that keep every workspace’s data scoped to that workspace. No system is 100% secure, but we work hard to keep your data safe.

12. Children

Quillcaster is not directed to children. It is intended for users 16 and over, and we don’t knowingly collect personal data from anyone under 16. If you believe a child has given us data, email us and we’ll delete it.

13. Changes to this policy

We may update this policy from time to time. When we do, we’ll update this page and the “Effective” date above, and we’ll notify you of material changes.

14. Contact

Privacy questions or requests? Email us at [email protected].