Privacy Policy

Last updated: June 27, 2026

PostAi ("we", "us", or "our") operates the PostAi mobile and web application (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Information you provide

• Account information: name, email address, phone number, and business name when you create an account or complete onboarding.
• Property details: photos, addresses, service selections, and budget information you enter during the capture and quoting flow.
• Listing information: item descriptions, asking prices, and photos you upload in the sell flow.
• Messages: notes you add to booking requests, bid descriptions, and buyer inquiry messages.
• Payment information: payment processing is handled by Stripe, Inc. — we do not store your card details. We receive a payment token and transaction record.

Information collected automatically

• Location data: GPS coordinates to resolve a property address during a capture session. We do not store your continuous location history — only the coordinates linked to a specific flyer or job at the time of capture. Precise geolocation is treated as sensitive personal information under California and other state laws (see Section 6).
• Device and usage data: browser type, operating system, pages visited, and crash reports via server logs.
• Consent records: when you opt in to marketing texts, we record the phone number, the exact disclosure shown, the date and time, and your IP address and device/browser to evidence your consent.
• Cookies: session authentication cookies (Supabase), a referral attribution cookie (propscout_ref, 7 days), and a theme preference.

Information from third parties

• Property records: public-record property data (owner name, square footage, lot size, bedroom/bathroom count) from RentCast, sourced from county assessor records.
• Reverse geocoding: GPS coordinates resolved to postal addresses via Google Maps.

2. How We Use Your Information

• To operate the Service and deliver features: quoting, flyer generation, booking notifications, physical mailers, sell-flow listings, and the micro-jobs board.
• To send you transactional SMS messages (quote summaries, booking confirmations) via Twilio. We send marketing texts only after you provide separate, express written consent through a dedicated opt-in checkbox, and we honor STOP requests promptly. See our SMS Terms.
• To send physical USPS letters containing your quote to the relevant property owner via PostGrid Print-Mail. These letters are sent at the direction of a scout or contractor using the Service.
• To process payments through Stripe and disburse earnings to contractors and scouts via Stripe Connect.
• To attribute referrals and apply promotional credits when you sign up via a referral link.
• To improve the Service through aggregated, de-identified analytics.

3. How We Share Your Information

We do not sell your personal information. We share it only as follows:

• Service providers: Supabase (database/auth), Twilio (SMS), PostGrid (print-mail), Stripe (payments), FAL AI (image enhancement), Anthropic (voice-summary AI), RentCast (property data), Google Maps (geocoding), and Vercel (hosting). Each is bound by a data-processing agreement.
• Other users — limited: a homeowner who books a contractor receives the contractor's business name and (if provided) phone number. Scouts and contractors see property addresses and owner names from public records only after creating a flyer.
• Legal requirements: we may disclose information if required by law, regulation, or valid legal process.

4. Property Owner Data and Opt-Out

Property owner names and addresses used in this Service are sourced from publicly available county-assessor records via RentCast. If you are a property owner and wish to opt out of receiving PostAi mailers or having your property data used in the Service, please contact us at hello@postai.llc. We will blacklist the address and suppress future outreach within 10 business days.

5. Data Retention

• Flyer records expire 90 days after creation and are subsequently archived.
• Sell listings expire 90 days after creation.
• Account data is retained until you request deletion.
• Images in Supabase Storage are retained until the associated record is deleted.

6. Your Privacy Rights

Everyone

Depending on your location, you may have the right to access, correct, or delete the personal data we hold about you, to object to certain processing, or to request a portable copy of your data. To exercise these rights, contact us at hello@postai.llc. We will verify your request and respond within the time required by applicable law. You may use an authorized agent, and we will not discriminate against you for exercising your rights.

California residents (CCPA / CPRA)

If you are a California resident, you have the following rights regarding your personal information:

• Right to know / access the categories and specific pieces of personal information we have collected (Cal. Civ. Code § 1798.110).
• Right to delete personal information we collected from you (§ 1798.105).
• Right to correct inaccurate personal information (§ 1798.106).
• Right to know what information is disclosed or shared (§ 1798.115).
• Right to limit the use and disclosure of sensitive personal information, including precise geolocation (§ 1798.121).
• Right to opt out of any "sale" or "sharing" of personal information (§ 1798.135).

Do Not Sell or Share My Personal Information. PostAi does not sell your personal information for money and does not share it for cross-context behavioral advertising. Because we do not sell or share, there is no opt-out to process; if this ever changes we will provide a clear opt-out mechanism here first.

Sensitive personal information. The precise geolocation we collect to resolve a property address is treated as sensitive personal information. We use it only to provide the Service (generating estimates and locating properties) and not to infer characteristics about you. You may request that we limit its use as described above (Cal. Civ. Code § 1798.140(ae)).

EU / UK residents (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the rights of access, rectification, erasure, restriction, portability, and objection. Our legal bases for processing are: performance of a contract (providing the Service), your consent (marketing texts, which you may withdraw at any time), and our legitimate interests in operating and securing the Service. You may lodge a complaint with your local supervisory authority.

7. Children

The Service is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. Security

We use industry-standard security measures including HTTPS, encrypted databases, row-level security policies on all tables, and service-role-key isolation for server-side operations. No method of transmission over the internet is 100% secure.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be announced in the app. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

PostAi
hello@postai.llc