Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

We collect information you provide directly when you create an account and use our Service, including:

  • Google account information (name, email address, profile picture) obtained through Google OAuth 2.0 authentication.
  • Google Business Profile data including business name, description, address, phone number, categories, and location identifiers.
  • Preferences you set during onboarding such as timezone, content tone, keywords, and topic selections.
  • Payment and billing information processed through Stripe (we do not store credit card numbers).
  • Usage data such as feature interactions, session duration, and service activity logs.

2. Google API Services & User Data

SlashPost uses Google OAuth 2.0 and the Google Business Profile API to access and manage your Google Business Profile on your behalf. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the minimum OAuth scopes necessary to provide the Service (business profile management and basic profile information).
  • We use your Google data solely to provide, maintain, and improve the Service as described in these terms.
  • We do not sell, rent, or share your Google data with third parties for advertising purposes.
  • Access tokens are stored securely and are used only to interact with Google APIs on your behalf.
  • Refresh tokens are stored encrypted and used only to maintain your authorized session.
  • We do not use your Google data for purposes unrelated to the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our content automation Service.
  • Generate AI-powered posts and publish them to your Google Business Profile.
  • Process payments and manage your subscription through Stripe.
  • Send service-related communications (account updates, billing notices).
  • Improve and optimize our Service and user experience.
  • Detect, prevent, and address technical issues and security threats.

4. Data Security

We implement industry-standard security measures to protect your data, including:

  • All data in transit is encrypted using TLS/SSL.
  • Authentication tokens are stored in httpOnly, secure cookies inaccessible to client-side scripts.
  • Session tokens are cryptographically random identifiers with automatic expiration.
  • Payment processing is handled by Stripe. We never store or have access to your full credit card details.
  • Database access is restricted and protected by authentication credentials.
  • OAuth state parameters are validated to prevent cross-site request forgery (CSRF) attacks.

5. Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

  • Google (OAuth authentication and Business Profile API) — google.com/policies/privacy
  • Stripe (payment processing)
  • AI content generation providers for creating business posts.
  • Cloud hosting providers for infrastructure and data storage.

We only share the minimum data necessary with each third-party service to provide the functionality described.

6. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion or subscription cancellation:

  • Your personal data and business settings will be deleted within 30 days of your request.
  • Payment records may be retained as required by law or for legitimate business purposes (e.g., tax compliance).
  • Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics.
  • Google OAuth tokens are revoked and deleted when you disconnect your account.

To request deletion of your data, contact us at jawed@witriskflow.com. We will process your request within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Request deletion of your personal data.
  • Object to or restrict the processing of your data.
  • Request a portable copy of your data.
  • Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at jawed@witriskflow.com.

8. Google Account Disclaimer

SlashPost is an independent service and is not affiliated with, endorsed by, or sponsored by Google LLC. We access Google services solely through Google's official APIs. We are not responsible for any actions taken by Google regarding your Google account, including but not limited to account suspension, content removal, profile restrictions, or policy enforcement. Your use of Google's services is governed by Google's own Terms of Service and Privacy Policy.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this page and, where appropriate, through email notification. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at jawed@witriskflow.com.