Privacy Policy

This Privacy Policy describes how Foragentis ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use ForaPost, our AI social media management platform (the "Service").

ForaPost is a product of Foragentis, a California limited liability company.

By using ForaPost, you consent to the data practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Name
• Email address
• Password (encrypted)
• Company/business name
• Profile photo (optional)
• Timezone preferences

Brand and Content Information:

• Brand voice settings and preferences
• Uploaded documents and collateral (PDFs, text files, images, audio, video)
• Files imported from Google Drive or Dropbox that you explicitly select
• Website URLs you provide for content extraction
• URLs you submit for batch content import
• Topics, tone, and style preferences
• Content you create, edit, or approve within the Service
• Product data from connected e-commerce platforms

Payment Information:

• Billing name and address
• Payment method details (processed and stored securely by Stripe; we do not store full card numbers)

Communications:

• Support requests and correspondence
• Feedback and survey responses

1.2 Information from Connected Social Media Accounts

When you connect social media accounts to ForaPost, we access and store only the minimum data necessary to provide the Service:

From All Platforms:

• Account identifiers and usernames
• Profile information (name, profile picture)
• Authentication tokens (encrypted, for API access)
• Basic account status

What We Do NOT Access:

• Your private messages or DMs
• Your friend lists or follower details
• Your personal browsing activity
• Content from other users
• Data beyond what is necessary for publishing

1.3 Information Collected Automatically

Usage Information:

• Features used and actions taken within ForaPost
• Posts created, scheduled, and published
• Login times and session duration

Device and Technical Information:

• IP address
• Browser type and version
• Device type and operating system
• Referring URLs

Cookies and Similar Technologies:

• Session cookies (for authentication)
• Preference cookies (for settings)
• Analytics cookies (for service improvement)

1.4 Information from Connected Cloud Storage

When you connect cloud storage services to ForaPost, we access and store:

Google Drive:

Dropbox:

What We Do NOT Access:

• Files you do not explicitly select
• Shared files or folders you don't own (unless selected)
• Your storage quota or account settings
• Other apps connected to your cloud storage

How Files Are Processed:

1. You browse and select specific files through our interface
2. We download only the files you select
3. Files are processed to extract text and analyze your writing style
4. Extracted content is stored as part of your brand intelligence
5. Original files are not permanently stored — only the analysis

1.5 Information from E-commerce Platforms

When you connect e-commerce platforms to ForaPost, we access:

What We Do NOT Access:

• Customer names, emails, phone numbers, or any other personally identifiable information
• Shipping or billing addresses
• Payment method or financial transaction details
• Order line item prices, discount codes, or refund details
• Customer reviews or feedback (unless public)
• Tax or accounting data

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Providing the Service

• Creating and managing your account
• Connecting and maintaining social media integrations
• For LinkedIn: Publishing organic content to personal profiles and company pages you authorize; retrieving engagement metrics exclusively for content published through ForaPost; no advertising, recruiting, or social feed functionality
• Creating AI content based on your preferences
• Scheduling and publishing content to your accounts
• Processing payments and managing subscriptions

2.2 Improving the Service

• Analyzing usage patterns to improve features
• Developing new functionality
• Fixing bugs and technical issues
• Training AI models using aggregated, anonymized data only

Note: Data obtained from Google APIs (including YouTube and Google Drive) is never used for AI/ML training, advertising, or any purpose other than providing and improving the core functionality you have authorized.

2.3 Communications

• Sending transactional emails (account verification, password reset, billing)
• Providing customer support
• Sending product updates (with opt-out option)
• Notifying you of important changes

2.4 Safety and Compliance

• Detecting and preventing fraud or abuse
• Enforcing our Terms of Service
• Complying with legal obligations
• Responding to legal requests

3. Platform-Specific Data Handling

We comply with each platform's developer terms and data policies:

3.1 TikTok

• We access only the minimum data necessary for publishing
• We protect your identity and do not share TikTok user data with third parties
• We do not remove TikTok watermarks without your authorization
• We comply with TikTok's Community Guidelines and Developer Terms

3.2 X (Twitter)

• Data obtained from X is used solely for publishing on your behalf
• We comply with X's Developer Agreement and Developer Policy
• We do not use your data for purposes outside the stated functionality
• We respect X's automation rules and rate limits

3.3 LinkedIn

ForaPost's use of LinkedIn data complies with LinkedIn's API Terms of Use, Marketing API Program Terms, and Community Management API requirements.

What Data We Access:

When you connect your LinkedIn account to ForaPost, we access only the minimum data necessary:

What We Explicitly Do NOT Access:

We cannot and will not access:

• ✗Your LinkedIn connections, network, or follower lists
• ✗Your LinkedIn messages, InMail, or private conversations
• ✗Your LinkedIn feed or content from other members
• ✗Other members' profile data beyond what's publicly visible
• ✗Your job search activity or applications
• ✗Your LinkedIn Learning courses or certificates
• ✗Your endorsements or recommendations
• ✗Your saved jobs or saved posts
• ✗Data about other members who interact with your posts (beyond public engagement metrics)

Restricted Uses - What We Never Do:

In strict compliance with LinkedIn's Marketing API Terms, ForaPost will NEVER:

Advertising & Targeting:

• ✗Use your LinkedIn data for advertising purposes
• ✗Target advertisements to you based on LinkedIn data
• ✗Sell advertising based on LinkedIn member data
• ✗Create advertising audiences from LinkedIn data

Recruiting & Talent:

• ✗Use LinkedIn data for recruiting purposes
• ✗Build candidate databases from LinkedIn
• ✗Screen job applicants using LinkedIn data
• ✗Contact LinkedIn members for recruitment

Social Feed & Content:

• ✗Display LinkedIn feeds in our application
• ✗Create a "LinkedIn-like" social network
• ✗Show content from other LinkedIn members
• ✗Aggregate LinkedIn posts from multiple users

Data Aggregation & Sale:

• ✗Export LinkedIn member data for external use
• ✗Create aggregated databases of LinkedIn information
• ✗Combine LinkedIn data with data from other sources
• ✗Sell or license LinkedIn data to third parties
• ✗Share your LinkedIn data with other ForaPost users

Scraping & Unauthorized Access:

• ✗Access LinkedIn content through scraping or crawling
• ✗Use any method other than official LinkedIn APIs
• ✗Circumvent LinkedIn's rate limits or access controls
• ✗Store or cache LinkedIn data beyond permitted durations

How We Use LinkedIn Data:

Publishing Only:

• We use your LinkedIn authorization solely to publish content you explicitly create, edit, or approve within ForaPost
• Content is transmitted directly to LinkedIn's servers using their official APIs
• We do not modify, analyze, or store your published content after transmission

Engagement Analytics:

• We retrieve metrics (likes, comments, shares, impressions) only for posts you published through ForaPost
• Metrics are displayed in your ForaPost dashboard
• Raw metric data is retained for 48 hours, then replaced with aggregated analytics
• We never access engagement data for posts you created directly on LinkedIn

Profile Display:

• We display your name and profile picture solely to identify your connected account in ForaPost
• This information is stored securely and deleted within 24 hours of disconnection

Organization Page Management:

If you connect a LinkedIn Organization Page (company page):

Access Requirements:

• You must be a verified administrator of the LinkedIn Page
• ForaPost verifies your admin status through LinkedIn's API
• We do not request or store your admin credentials

What We Access:

• Organization name and basic page information
• Verification that you have posting permissions
• Engagement metrics for posts published through ForaPost to that page

What We Do NOT Access:

• Page follower lists or demographics
• Other page admins or their information
• Page analytics beyond posts published via ForaPost
• Private page activity or drafts

Data Retention:

• Organization access tokens: Deleted immediately upon disconnection
• Page profile information: Deleted within 24 hours of disconnection
• Post activity data: Retained for 48 hours, then aggregated
• Historical analytics: Aggregated data retained for up to 1 year; can be deleted on request

Member Profile Data Handling:

If you connect a personal LinkedIn profile:

Minimal Data Access:

• We access only your basic profile information (name, headline, profile picture)
• We do NOT access your full work history, education, skills, or endorsements
• We do NOT access your connections or network information

Purpose Limitation:

• Profile data is used exclusively to identify your connected account in ForaPost
• We never use profile data for targeting, advertising, or marketing purposes

Data Retention:

• Profile data is deleted within 24 hours of disconnection
• We do not maintain historical records of profile changes

Your LinkedIn Data Controls:

Before Connecting:

• You will see a LinkedIn authorization screen showing exactly what permissions ForaPost requests
• You explicitly authorize ForaPost to access your LinkedIn account
• You can decline authorization at any time

While Connected:

• View your connected LinkedIn accounts in Settings → Connected Accounts
• See when ForaPost last accessed your LinkedIn data
• Review all posts scheduled or published to LinkedIn

Disconnecting:

• Disconnect your LinkedIn account at any time with one click
• Access tokens are deleted immediately upon disconnection
• Profile and page data are deleted within 24 hours
• Activity data is deleted within 48 hours
• Published post records (for analytics) are retained for up to 1 year unless you request immediate deletion

Revoking Access Through LinkedIn:

You can revoke ForaPost's access directly through LinkedIn:

1. Go to linkedin.com/psettings/permitted-services
2. Find "ForaPost" in your list of connected applications
3. Click "Remove" to revoke all access

What happens after revocation:

• We receive notification that access was revoked
• All access tokens are deleted immediately (within 1 hour)
• Profile and page data are deleted within 24 hours
• Activity data is deleted within 48 hours
• We cannot post on your behalf until you reconnect

Data Deletion Requests:

Request immediate deletion of all LinkedIn-related data:

1. Email: privacy@foragentis.com
2. Subject: "LinkedIn Data Deletion Request"
3. Include: Your ForaPost account email

We will delete within 30 days:

• All LinkedIn access tokens (immediate)
• All profile and page information
• All activity and engagement data
• All historical analytics related to LinkedIn

Cannot be deleted:

• Content already published to LinkedIn (manage through LinkedIn directly)
• Anonymized, aggregated analytics that cannot be attributed to you

Security Measures:

Data Protection:

• All LinkedIn access tokens are encrypted at rest (AES-256)
• All data transmission uses TLS 1.3 encryption
• Access tokens are never logged or transmitted to third parties
• Tokens are stored separately from other user data

Access Controls:

• Only authorized ForaPost systems can access LinkedIn data
• Employee access is logged and audited
• Multi-factor authentication required for all system access
• Regular security assessments and penetration testing

Breach Notification:

In the event of a security incident affecting your LinkedIn data:

Our Commitment:

• We will notify you via email within 24 hours of discovery
• We will notify LinkedIn as required by their Terms within 24 hours
• We will provide details of what data was affected
• We will take immediate action to secure your data and prevent further access

Your Actions:

• We recommend immediately revoking ForaPost's access through LinkedIn
• We recommend changing your LinkedIn password if credentials may have been compromised
• We will provide instructions on protecting your LinkedIn account

Compliance & Legal Requirements:

We comply with:

• LinkedIn API Terms of Use
• LinkedIn Marketing API Program Terms
• LinkedIn Community Management API Terms
• LinkedIn's Data Processing Addendum
• All applicable data protection laws (GDPR, CCPA, etc.)

Prohibited Activities:

We commit to NEVER:

• Exceed our authorized API access limits
• Attempt to reverse-engineer LinkedIn's APIs
• Circumvent LinkedIn's security measures
• Access LinkedIn data for purposes outside those explicitly authorized
• Share your access tokens with any third party
• Use LinkedIn data in ways that violate LinkedIn's Terms or your consent

Third-Party Access:

No Third-Party Sharing:

• We do not share your LinkedIn data with advertisers
• We do not share your LinkedIn data with data brokers
• We do not share your LinkedIn data with analytics providers
• We do not share your LinkedIn data with other ForaPost users

Exception - Service Providers:

• Cloud hosting provider (AWS) may process encrypted LinkedIn data
• Infrastructure providers cannot decrypt or access LinkedIn data
• All service providers are contractually bound to LinkedIn API Terms

Questions or Concerns:

For LinkedIn-specific privacy questions:

• Email: privacy@foragentis.com
• Subject: "LinkedIn Privacy Question"
• We will respond within 48 hours

3.4 Google API Services (YouTube)

ForaPost's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What This Means:

• We only use YouTube data to provide the video publishing features you have authorized
• We do not use YouTube data for advertising, market research, or AI/ML training
• We do not transfer YouTube data to third parties except as necessary to provide the Service
• We do not allow humans to read your YouTube data except with your consent, for security purposes, or to comply with law

YouTube Comments: When you connect your YouTube account, ForaPost may access comments on your YouTube videos to display audience engagement within your dashboard and enable you to respond to comments on your behalf. Comment data is used solely to provide this feature and is not used for advertising, market research, or AI/ML training.

Your Controls:

• You may revoke ForaPost's access at any time through Google security settings: security.google.com/settings/security/permissions
• Upon access revocation, we will delete your YouTube data within 30 days
• You can disconnect your YouTube account from ForaPost at any time in Settings

Compliance:

• We comply with YouTube API Services Terms of Service
• We comply with YouTube's Developer Policies
• We do not download or redistribute YouTube content

3.5 Meta Platforms (Facebook, Instagram, Threads)

• We comply with Meta Platform Terms and Developer Policies
• We only request permissions necessary for publishing
• We do not use Meta data for purposes other than providing the Service
• We do not sell data obtained from Meta platforms
• We allow you to disconnect and delete your data at any time

3.6 Google Drive

ForaPost's use of Google Drive data adheres to the Google API Services User Data Policy, including Limited Use requirements.

What This Means:

• We only access files you explicitly select through the Google Picker
• We use file contents solely to learn your brand voice and create content
• We do not use Google Drive data for advertising, market research, or AI/ML training beyond your personalization
• We do not share your Google Drive files with third parties
• We do not allow humans to read your files except with your consent, for security purposes, or to comply with law

Your Controls:

• You choose exactly which files to import — we cannot access others
• You may revoke access at any time: myaccount.google.com/permissions
• Upon revocation, we delete access tokens immediately; imported analysis is retained unless you request deletion

3.7 Dropbox

• We only access files you explicitly select through our file browser
• We use file contents solely to learn your brand voice and create content
• We do not share your Dropbox files with third parties
• We comply with Dropbox's API Terms of Use and Platform Policy

Your Controls:

• You choose exactly which files to import — we cannot access others
• You may revoke access at any time: dropbox.com/account/connected_apps
• Upon revocation, we delete access tokens immediately; imported analysis is retained unless you request deletion

3.8 E-commerce Platforms (Shopify, WooCommerce, Etsy, Amazon)

• We access product catalog data (titles, descriptions, images, prices, inventory) necessary for content creation
• For Shopify, we additionally access aggregated order data from the past 30 days (order timestamps, product variant identifiers, and quantities sold) to predict per-product sales velocity. We use this to avoid scheduling posts that promote products predicted to sell out within seven days — protecting your inventory and the buyer experience
• We do not access customer personal information, shipping or billing addresses, payment methods, or financial transaction details
• Product and aggregated order data is used solely for content scheduling and recommendations
• We do not sell or share your product or order data with third parties
• We comply with each platform's API terms and developer policies

Your Controls:

• You may disconnect any e-commerce platform at any time in Settings
• Upon disconnection, product data is deleted within 30 days
• You may request immediate deletion by contacting privacy@foragentis.com

3.9 Bluesky

ForaPost's use of Bluesky complies with Bluesky's Terms of Service, Developer Guidelines, Community Guidelines, and AT Protocol standards.

What Data We Access:

When you connect your Bluesky account to ForaPost, we access:

What We Do NOT Access:

We cannot and will not access:

• ✗Your private direct messages
• ✗Your follower lists or following lists
• ✗Your home timeline or feed content
• ✗Posts from other users (except public engagement on your posts)
• ✗Your muted or blocked accounts
• ✗Your notification preferences
• ✗Your lists or starter packs
• ✗Content from other AT Protocol applications you use

How We Use Bluesky Data:

Publishing Only:

• We use your Bluesky authorization solely to publish posts you explicitly create, edit, or approve within ForaPost
• Content is transmitted to Bluesky via the AT Protocol
• We do not modify, analyze, or store your published content after transmission

Engagement Analytics:

• We retrieve basic engagement metrics (likes, reposts, replies, quote posts) only for posts you published through ForaPost
• Metrics are displayed in your ForaPost dashboard
• We do not access engagement data for posts you created directly on Bluesky

Profile Display:

• We display your handle and avatar to identify your connected account
• This information is stored securely and deleted within 24 hours of disconnection

Understanding the AT Protocol (Decentralized Network):

Bluesky runs on the Authenticated Transfer Protocol (AT Protocol), a decentralized social networking protocol. This has important implications for your data:

What Decentralization Means:

• Your content is distributed across multiple servers (not just Bluesky's)
• Other applications built on AT Protocol may access your public posts
• Content you publish becomes part of a decentralized network
• No single company controls the entire network

Content Deletion on Decentralized Networks:

• When you delete content, we immediately remove it from our systems
• We notify the AT Protocol network that you have deleted your content
• However, due to the decentralized nature of AT Protocol, we cannot force other services to delete cached or distributed copies
• Complete deletion across the entire network may not always be possible
• Some posts may continue to exist on other AT Protocol applications outside our control

What This Means for You:

• Think carefully before posting, as complete deletion may not be guaranteed
• Content published through ForaPost may appear on other AT Protocol apps
• We are not responsible for content retention by other AT Protocol services
• To request removal from other services, contact them directly

Developer Guidelines Compliance:

As a Bluesky developer, ForaPost commits to the following:

No Spam:

• We do not produce bulk or scripted interactions
• We do not create fake followers or engagement
• We do not use account-creation tools
• All posts are explicitly created or approved by you

Content Deletion:

• We maintain a system for deleting content when you request it
• We process deletion requests promptly
• We notify the AT Protocol network of deletions
• We comply with Bluesky's content deletion requirements

User Reports:

• We maintain a system for responding to user reports of violations
• We investigate reported issues promptly
• We take appropriate action on confirmed violations
• We keep records of reports and our responses

Security Measures:

• We maintain reasonable security measures to protect your data
• App Password tokens are encrypted at rest (AES-256)
• All data transmission uses TLS 1.3 encryption
• Access to Bluesky data is logged and audited
• Regular security assessments and penetration testing

Your Bluesky Data Controls:

Before Connecting:

• Bluesky will show you what permissions ForaPost requests
• You can review and decline authorization at any time
• Bluesky uses "App Passwords" for third-party applications

While Connected:

• View your connected Bluesky account in Settings → Connected Accounts
• See when ForaPost last accessed your Bluesky account
• Review all posts scheduled or published to Bluesky
• Monitor engagement metrics for your Bluesky posts

Disconnecting from ForaPost:

• Disconnect your Bluesky account with one click in Settings
• App Password tokens are deleted immediately
• Profile data is deleted within 24 hours
• Engagement data is deleted within 48 hours
• Published post records retained for up to 1 year for analytics (deletable on request)

Revoking Access Through Bluesky:

You can revoke ForaPost's access directly through Bluesky:

1. Open Bluesky app or website
2. Go to Settings → Privacy and Security
3. Select "App Passwords"
4. Find "ForaPost" in your list of app passwords
5. Click "Revoke" or "Delete" to remove access

What happens after revocation:

• We receive notification that access was revoked (or detect it on next API call)
• All App Password tokens are deleted immediately (within 1 hour)
• Profile data is deleted within 24 hours
• Engagement data is deleted within 48 hours
• We cannot post on your behalf until you reconnect and create a new App Password

Data Deletion Requests:

Request immediate deletion of all Bluesky-related data:

1. Email: privacy@foragentis.com
2. Subject: "Bluesky Data Deletion Request"
3. Include: Your ForaPost account email and Bluesky handle

We will delete within 30 days:

• All Bluesky App Password tokens (immediate)
• All profile information (handle, display name, avatar)
• All engagement data and analytics
• All historical post records related to Bluesky

Cannot be deleted:

• Content already published to Bluesky and distributed across AT Protocol network (manage through Bluesky directly and contact other AT Protocol services)
• Anonymized, aggregated analytics that cannot be attributed to you

Data Retention:

Compliance & Legal Requirements:

We comply with:

• Bluesky Terms of Service
• Bluesky Developer Guidelines
• Bluesky Community Guidelines
• Bluesky Privacy Policy
• AT Protocol specifications and standards
• All applicable data protection laws (GDPR, CCPA, etc.)

Prohibited Activities:

We commit to NEVER:

• Produce spam or scripted bulk interactions
• Create fake followers or engagement
• Abuse Bluesky features (lists, labels, moderation tools)
• Engage in mass reporting or harassment
• Compromise or exploit Bluesky's systems or APIs
• Bypass rate limits or security features
• Use Bluesky data for purposes outside those explicitly authorized
• Share your App Password tokens with any third party

Third-Party Access:

No Third-Party Sharing:

• We do not share your Bluesky data with advertisers
• We do not share your Bluesky data with data brokers
• We do not share your Bluesky data with analytics providers
• We do not share your Bluesky data with other ForaPost users

Exception - Service Providers:

• Cloud hosting provider (AWS) may process encrypted Bluesky data
• Infrastructure providers cannot decrypt or access Bluesky data
• All service providers are bound by confidentiality obligations

AT Protocol Developer Applications:

Important Notice:

• If you use other applications built on AT Protocol, those applications have their own terms and privacy policies
• We are not responsible for the content or practices of other AT Protocol applications
• Your public posts on Bluesky may be visible to users of other AT Protocol applications
• To understand how other apps handle your data, review their privacy policies

Questions or Concerns:

For Bluesky-specific privacy questions:

• Email: privacy@foragentis.com
• Subject: "Bluesky Privacy Question"
• We will respond within 48 hours

For issues with your Bluesky account or AT Protocol:

• Contact Bluesky Support: support@bsky.app
• Visit: bsky.social/about/support

3.10 Pinterest

ForaPost integrates with Pinterest through the Pinterest API (v5) to provide content publishing, Pin scheduling, and engagement features within the Service. You connect a Pinterest business account via Pinterest's OAuth flow. ForaPost is an independent product that uses the Pinterest API; it is not endorsed by, affiliated with, sponsored by, or otherwise officially connected to Pinterest, Inc.

Compliance & Scope:

• We comply with the Pinterest Developer Guidelines, the Pinterest Developer and API Terms of Service, and the Pinterest Acceptable Use Policy.
• Access is OAuth-only — we never see, request, or store your Pinterest password.
• We only request the OAuth scopes necessary for the features you choose to enable. In plain language: ForaPost can view your boards, create boards on your behalf, create and publish Pins on your behalf (at your direction), and read basic account information and engagement metrics for content you publish through ForaPost. We do not request scopes we do not use.
• You consent to each action ForaPost takes on your Pinterest account at the time you authorize that action (e.g., scheduling a Pin, publishing a Pin, viewing engagement).
• This Privacy Policy is intended to be consistent with applicable data-protection laws and with Pinterest's requirement that integrating apps maintain a lawful, accurate privacy policy.

Real-Time Access, Not Retention:

Our core compliance posture for Pinterest is live access, not data warehousing. Specifically:

• Engagement metrics (impressions, saves, clicks, outbound clicks on Pins published through ForaPost) are fetched live from Pinterest each time you view them and are not persisted in our databases as a historical analytics warehouse.
• Comments and replies on Pins are fetched live from Pinterest when you open the relevant view; ForaPost does not maintain a long-lived mirror of Pinterest comment threads.
• Any in-session analysis ForaPost performs on Pinterest data to power Service features is transient — used to render the response and then discarded.
• Pinterest data accessed through your authorization is used solely to provide the Service to the individual user who connected the account. We do not combine your Pinterest data with data from other users' accounts, do not use it to train cross-account AI models, do not use it for competitive benchmarking, do not use it to generate aggregate analytics for purposes unrelated to your use of the Service, and do not use it for advertising.

What ForaPost Retains and Why:

Consistent with the Pinterest Developer Guidelines, ForaPost does not warehouse Pinterest data. The only items associated with your Pinterest connection that ForaPost stores in its own systems are:

• Your Pinterest OAuth token — encrypted at rest (Fernet symmetric encryption) and used solely to make the authorized API calls you direct ForaPost to make on your behalf.
• The opaque identifier(s) you have selected as publishing destinations and as the account this connection belongs to — for example, the Pinterest user ID associated with your authorization and the board ID(s) you have chosen as destinations for Pins you create in ForaPost. These are configuration values you provided when you connected the account and chose where Pins should publish; we do not enrich them or store the surrounding profile or board data.
• Pin IDs that ForaPost itself created on your behalf, retained so that you can review and manage the content you published through ForaPost. This is consistent with Pinterest's exception for campaign-style information about content posted from your own account through ForaPost.
• Your ForaPost-authored content — drafts, scheduled Pins, captions, and media you created or uploaded inside ForaPost. This is your content, not data fetched from Pinterest.

Everything else — your profile details, the names and contents of your boards, your followers, your Pin engagement metrics, comments on your Pins, audience demographics, and any other information returned by the Pinterest API — is fetched live from Pinterest each time it is needed to render a view in ForaPost and then discarded. We do not maintain a historical database of this information.

No Resale, No Redistribution:

We do not sell, license, redistribute, or otherwise share Pinterest content or Pinterest-derived data with any third party, other than the limited service providers necessary to operate the Service (e.g., cloud hosting), which are bound by confidentiality and use restrictions.

What Happens When You Disconnect:

• Your Pinterest OAuth access token is revoked and permanently deleted from our systems within 24 hours.
• The configuration identifiers and Pin IDs described above (board destination IDs you selected, the Pinterest user ID for the connection, and the Pin IDs for content ForaPost created) are permanently deleted within 30 days.
• Because engagement metrics and comments are fetched live and not warehoused, there is no separate historical analytics store to purge — once the token is revoked, ForaPost has no further means of reading Pinterest data on your behalf.
• Pins you published while connected remain on Pinterest under your control — disconnecting from ForaPost does not retroactively remove Pins from Pinterest.

How to Revoke ForaPost's Pinterest Access:

• From ForaPost: Settings → Connected Accounts → Disconnect.
• From Pinterest directly: pinterest.com/settings/apps-and-accounts.

4. How We Share Your Information

We do not sell your personal information.

We share information only in the following circumstances:

4.1 Social Media Platforms

When you use ForaPost to publish content, that content is transmitted to your connected platforms. Each platform's privacy policy governs how they handle your content after publication.

4.2 Service Providers

We share information with third-party vendors who assist in providing the Service:

All service providers are contractually obligated to protect your information and use it only for specified purposes. For data obtained from Google APIs, our service providers are also required to adhere to the Google API Services User Data Policy, including Limited Use requirements.

4.3 Legal Requirements

We may disclose information if required by law, legal process, or government request, or to:

• Protect rights, property, or safety
• Detect, prevent, or address fraud or security issues
• Respond to valid legal requests

4.4 Business Transfers

If Foragentis is involved in a merger, acquisition, or sale, your information may be transferred. We will notify you of any such change.

4.5 With Your Consent

We may share information for other purposes with your explicit consent.

6. Data Retention

We retain your information for as long as necessary to provide the Service:

After Account Deletion:

• Account information: Deleted within 30 days
• Platform tokens: Deleted immediately
• Uploaded content: Deleted within 30 days
• Published content: Remains on platforms (managed through those platforms)

7. Data Security

We implement industry-standard security measures:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest (AES-256)
• Secure authentication and password hashing
• Regular security assessments
• Access controls limiting employee access
• Secure cloud infrastructure
• Regular security training for employees

While we strive to protect your information, no method is 100% secure. You are responsible for maintaining the security of your account credentials.

8. Your Rights and Choices

8.1 Account Management

• Access: View your information in Settings
• Update: Modify your profile and preferences at any time
• Delete: Delete your account through Settings or by contacting us
• Export: Request a copy of your data

8.2 Connected Account Management

• View: See all connected social media, cloud storage, and e-commerce accounts in Settings
• Disconnect: Remove any connected account at any time with one click
• Revoke: Revoke access through each platform's security settings

8.3 Platform-Specific Revocation

You can revoke ForaPost's access directly through each platform:

• Google/YouTube/Drive: myaccount.google.com/permissions
• Dropbox: dropbox.com/account/connected_apps
• Facebook: facebook.com/settings?tab=applications
• Instagram: Managed through Facebook settings
• LinkedIn: linkedin.com/psettings/permitted-services
  • • Revokes access to both personal profiles and organization pages
  • • We delete access tokens within 1 hour of revocation notice
  • • Profile/page data deleted within 24 hours
  • • Activity data deleted within 48 hours
  • • Published content remains on LinkedIn (manage directly through LinkedIn)
• Twitter/X: twitter.com/settings/connected_apps
• TikTok: tiktok.com/setting (Manage Account → Security)
• Bluesky: bsky.app/settings/app-passwords
  • • Delete the App Password you created for ForaPost
  • • We delete your App Password token immediately upon disconnection
  • • Profile data deleted within 24 hours
  • • Engagement data deleted within 48 hours
  • • Published content remains on the AT Protocol network (see Section 3.9 for details)
• Shopify: Your Shopify Admin → Apps → ForaPost → Remove
• WooCommerce: Your WordPress Admin → WooCommerce → Settings → Advanced → REST API
• Etsy: Your Etsy Account → Settings → Apps → Revoke access
• Amazon: Seller Central → Settings → User Permissions → Manage

8.4 Communications

• Unsubscribe: Opt out of marketing emails via unsubscribe link
• Transactional: Essential service emails cannot be opted out

8.5 Cookies

Control cookies through your browser settings. Note: Disabling cookies may affect functionality.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

9.1 Right to Know

Request information about:

• Categories of personal information collected
• Purposes for collection
• Categories of third parties with whom we share
• Specific pieces of personal information collected

9.2 Right to Delete

Request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out

We do not sell personal information. If this changes, we will provide an opt-out mechanism.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.5 Exercising Your Rights

Contact us at:

• Email: privacy@foragentis.com
• Phone: +1 (415) 935-3322

We will verify your identity before processing your request.

10. International Users

ForaPost is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

By using ForaPost, you consent to this transfer and processing.

11. Children's Privacy

ForaPost is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected information from a child under 18, we will delete it promptly.

12. Third-Party Links

ForaPost may contain links to third-party websites. We are not responsible for their privacy practices. Review the privacy policies of any third-party services you use.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification for significant changes
• Displaying a notice within the Service

Your continued use after changes take effect constitutes acceptance.