Privacy Policy

Last updated: February 12, 2026

1. Introduction

StayPosted ("we", "our", or "us") is a team collaboration platform that includes a web application and a Chrome browser extension. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored securely using bcrypt hashing). This information is required to authenticate you and provide our services.

Content You Create

We store the content you create within StayPosted, including tasks, notes, messages, and canvas boards. This data is necessary to provide the core functionality of our platform.

Chrome Extension Data

When you use the StayPosted Chrome extension, the following data is processed:

  • Text you explicitly select and choose to send to StayPosted via the right-click menu or keyboard shortcut
  • An authentication token stored locally in your browser to keep you signed in
  • Your project list, cached locally for faster loading

The extension only reads text you actively select and submit. It does not monitor your browsing activity, read page content automatically, or collect data in the background beyond polling for notification counts.

Third-Party Integrations (Google Calendar)

When you choose to connect your Google Calendar account to StayPosted, we collect and store the following information:

  • Your Google email address associated with the connected account
  • OAuth2 access and refresh tokens required to communicate with Google Calendar on your behalf
  • Calendar event data (event titles, descriptions, dates, and times) from your Google Calendar

This data is used solely to display your Google Calendar events within StayPosted and, if you enable two-way sync, to create StayPosted events on your Google Calendar. We do not share your Google Calendar data with any third parties. We do not use your Google Calendar data for advertising, analytics, or any purpose other than providing the calendar sync feature you requested.

You can disconnect your Google Calendar at any time from Settings > Integrations. When you disconnect, your stored OAuth tokens are deleted and your Google-sourced events are removed from StayPosted. You may also revoke access from your Google Account permissions page.

AI Processing

When you use AI-powered features (task extraction, text summarization), the text you submit is sent to our server and processed using third-party AI providers (OpenRouter). We do not use your content to train AI models. The text is processed solely to return results to you.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Authenticate your identity and manage your account
  • Send you notifications about activity relevant to you (task assignments, messages, calendar events)
  • Process AI requests you initiate (task extraction, summarization)
  • Send email notifications when enabled by you
  • Sync your calendar events with Google Calendar when you connect your account

4. Data Storage and Security

Your data is stored in a PostgreSQL database. Passwords are hashed using bcrypt and are never stored in plain text. Authentication tokens are generated securely and have expiration dates. We use HTTPS for all data transmission between your browser and our servers.

5. Data Sharing

We do not sell your personal information. Your data may be shared in the following limited circumstances:

  • With your team: Content you create within a project is visible to other members of that project, as intended by the collaboration features.
  • Google Calendar: If you connect your Google Calendar, event data is exchanged between StayPosted and Google's servers to provide the sync feature. Google's use of your data is governed by Google's Privacy Policy. StayPosted's use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • AI providers: Text you submit for AI processing is sent to third-party AI providers to generate results. This data is not retained by these providers for training purposes.
  • Legal requirements: We may disclose information if required by law or in response to valid legal process.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Revoke extension access tokens at any time by logging out of the extension
  • Disconnect third-party integrations (such as Google Calendar) at any time from your Settings page, which deletes stored tokens and associated data

7. Cookies and Local Storage

The web application uses session cookies for authentication (managed by NextAuth). The Chrome extension uses chrome.storage.local to store your authentication token, user profile, and cached project list. No third-party tracking cookies are used.

8. Data Retention

Your account data is retained for as long as your account is active. Notifications are automatically cleaned up periodically. If you delete your account, your personal data will be removed from our systems.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@stayposted.app.