Privacy Policy

Last updated: February 6, 2026

1. Introduction

StayPosted ("we", "our", or "us") is a team collaboration platform that includes a web application and a Chrome browser extension. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored securely using bcrypt hashing). This information is required to authenticate you and provide our services.

Content You Create

We store the content you create within StayPosted, including tasks, notes, messages, and canvas boards. This data is necessary to provide the core functionality of our platform.

Chrome Extension Data

When you use the StayPosted Chrome extension, the following data is processed:

  • Text you explicitly select and choose to send to StayPosted via the right-click menu or keyboard shortcut
  • An authentication token stored locally in your browser to keep you signed in
  • Your project list, cached locally for faster loading

The extension only reads text you actively select and submit. It does not monitor your browsing activity, read page content automatically, or collect data in the background beyond polling for notification counts.

AI Processing

When you use AI-powered features (task extraction, text summarization), the text you submit is sent to our server and processed using third-party AI providers (OpenRouter). We do not use your content to train AI models. The text is processed solely to return results to you.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Authenticate your identity and manage your account
  • Send you notifications about activity relevant to you (task assignments, messages, reminders)
  • Process AI requests you initiate (task extraction, summarization)
  • Send email notifications when enabled by you

4. Data Storage and Security

Your data is stored in a PostgreSQL database. Passwords are hashed using bcrypt and are never stored in plain text. Authentication tokens are generated securely and have expiration dates. We use HTTPS for all data transmission between your browser and our servers.

5. Data Sharing

We do not sell your personal information. Your data may be shared in the following limited circumstances:

  • With your team: Content you create within a project is visible to other members of that project, as intended by the collaboration features.
  • AI providers: Text you submit for AI processing is sent to third-party AI providers to generate results. This data is not retained by these providers for training purposes.
  • Legal requirements: We may disclose information if required by law or in response to valid legal process.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Revoke extension access tokens at any time by logging out of the extension

7. Cookies and Local Storage

The web application uses session cookies for authentication (managed by NextAuth). The Chrome extension uses chrome.storage.local to store your authentication token, user profile, and cached project list. No third-party tracking cookies are used.

8. Data Retention

Your account data is retained for as long as your account is active. Notifications are automatically cleaned up periodically. If you delete your account, your personal data will be removed from our systems.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@stayposted.app.