Privacy Policy

Effective date: March 23, 2026

Publio ("we", "our", "us") provides a service that allows users to publish content to LinkedIn through AI assistants such as Claude and ChatGPT. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

When you use Publio, we collect:

• Account information - Your email address when you sign up.
• LinkedIn connection data - When you connect your LinkedIn account via OAuth, we receive your LinkedIn name, email, and a unique identifier (person URN). We also receive an access token that allows us to post on your behalf.
• Post metadata - We log the length of posts and timestamps for service metrics. We do not store the full text of your posts.
• Payment information - If you subscribe to a paid plan, payment is processed by Stripe. We store your Stripe customer ID and subscription status. We never see or store your credit card number.
• API usage - We log API key usage timestamps for rate limiting and security.

2. How We Use Your Information

• To publish LinkedIn posts on your behalf when you explicitly request it.
• To display your LinkedIn connection status on your dashboard.
• To manage your subscription and billing.
• To monitor service health and prevent abuse.

3. LinkedIn Access

We request the following LinkedIn permissions:

• openid, profile, email - To identify your LinkedIn account.
• w_member_social - To create posts on your LinkedIn feed when you request it.

We will never post to your LinkedIn account without your explicit instruction. Every publish action requires you to confirm (or disable dry-run mode) in your AI assistant.

4. Data Security

Your LinkedIn access token is encrypted at rest using AES-256-GCM encryption. API keys are stored as one-way hashes (SHA-256) and cannot be recovered. All data is transmitted over HTTPS.

5. Data Retention

• LinkedIn tokens expire after 60 days. Expired tokens are deleted.
• If you delete your account, all associated data (LinkedIn connection, API keys, subscription, post logs) is permanently removed.
• You can disconnect your LinkedIn account at any time from the dashboard, which immediately deletes your stored token.

6. Third-Party Services

We use the following third-party services:

• Supabase (database and authentication) - Privacy Policy
• Stripe (payment processing) - Privacy Policy
• LinkedIn (social publishing) - Privacy Policy

7. Your Rights

You can:

• View your connected LinkedIn account and subscription status on the dashboard.
• Disconnect your LinkedIn account at any time.
• Revoke your API keys at any time.
• Delete your account and all associated data.
• Contact us to request a copy of your data.

8. Cookies

We use essential cookies only for authentication (session management). We do not use tracking cookies or third-party analytics.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or dashboard notification.

10. Contact

For privacy-related questions, contact us at: tim@timconsulting.co