← Back to HumanPost
Privacy Policy
Last Updated: March 2026
Introduction
HumanPost is a Chrome extension that helps you create authentic, engaging content for Twitter/X. This privacy policy explains what data we collect, how we use it, and how we protect your privacy.
What Data We Collect
HumanPost collects the following data to provide its services:
- Email Address: Required for account creation and authentication. Used to send verification codes and manage your subscription status.
- User Preferences: Your extension settings, preferences, and configuration stored locally in your browser.
- Twitter Handle: Your X/Twitter username (if provided) to show personalized statistics and growth metrics.
- Tweet Content: Text you choose to analyze or generate responses for. This is temporarily processed to generate AI responses and is not permanently stored on our servers.
- Usage Data: Daily generation counts to manage free tier limits. This is associated with your email address.
- Subscription Data: Your subscription status (free or Pro) and payment information processed through our payment provider.
- TrustMRR Cache: Publicly available, verified revenue data from TrustMRR (startup name, MRR, founder Twitter handle). This data is already public on trustmrr.com and is cached in our database solely to display revenue badges in your feed. No additional personal data is collected for this feature.
How We Use Your Data
We use the collected data to:
- Send verification codes to your email for secure authentication
- Generate AI-powered tweet replies and content suggestions
- Display your Twitter/X account statistics and engagement metrics
- Track daily usage to manage free tier generation limits
- Process and manage Pro subscriptions
- Display verified startup revenue data next to founder profiles in your feed (optional)
- Remember your preferences for a better user experience
- Improve the quality and relevance of generated content
Data Storage
Your settings and preferences are stored locally in your browser using Chrome's chrome.storage API.
Your email address, authentication tokens, subscription status, and daily usage counts are stored in our database hosted on Supabase (supabase.com), which uses secure, encrypted cloud infrastructure hosted in the European Union.
Session tokens are stored locally in your browser to maintain your authenticated session.
Third-Party Services
HumanPost uses the following third-party services to operate:
- Anthropic (Claude AI): To generate human-like tweet content and responses. We send tweet text and your writing context to generate replies. Processed according to Anthropic's privacy policy at anthropic.com/privacy.
- Twitter/X API: To fetch your account statistics and engagement metrics. We send your Twitter handle to retrieve public account data.
- Supabase: To store user accounts, authentication data, and usage tracking. Data is stored in EU-region servers with encryption at rest and in transit. See supabase.com/privacy.
- Resend: To send verification code emails during authentication. We share your email address with Resend solely for the purpose of delivering verification emails. See resend.com/legal/privacy-policy.
- Polar: To process Pro subscription payments. When you upgrade to Pro, your payment is handled by Polar (polar.sh). We receive your email and subscription status via webhook to activate your Pro features. We do not store credit card or payment details. See polar.sh/legal/privacy.
- Netlify: Our backend functions are hosted on Netlify. API requests pass through Netlify's infrastructure. See netlify.com/privacy.
- TrustMRR: To display verified startup revenue badges next to founder profiles in your X/Twitter feed. We fetch publicly available, Stripe-verified revenue data from TrustMRR's API (trustmrr.com) and cache it in our database. We only display data that founders have already made public on TrustMRR. No personal data is sent to TrustMRR — we only query their public API. This feature is optional and can be toggled off in the extension settings. See trustmrr.com/privacy.
Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Your data is only shared with the services listed above to deliver the extension's core functionality.
We do not display advertising in our extension or share data with advertisers.
Data Retention
- Email and account data: Retained as long as your account is active.
- Usage data (daily generation counts): Retained for 90 days, then automatically deleted.
- Session tokens: Valid until you sign out or they expire.
- Locally stored preferences: Retained until you uninstall the extension or clear extension storage.
Data Security
We implement appropriate security measures to protect your data:
- All API communications are encrypted using HTTPS/TLS
- Authentication uses time-limited verification codes (5-minute expiry)
- Session tokens are cryptographically generated UUIDs
- Database access is restricted via row-level security policies
- No passwords are stored — we use passwordless email verification
Your Rights
You have the right to:
- Access the data stored by the extension in your browser
- Request deletion of your account and associated data by contacting us
- Delete local data by uninstalling the extension or clearing extension storage
- Opt out of using the extension at any time
- Request a copy of your stored data
All Parties With Access to User Data
The following parties may have access to your data as described above:
- HumanPost (the developer) — for providing and improving the service
- Anthropic — for AI content generation
- Supabase — for data storage and authentication
- Resend — for sending verification emails
- Polar — for payment processing
- Netlify — for backend hosting
- Twitter/X — for fetching public account metrics
- TrustMRR — for displaying verified founder revenue data (optional feature)
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last Updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions or concerns about this privacy policy or how we handle your data, please contact us at hello@humanpost.app.