Back to PubCue AI
Privacy Policy

Last updated: March 20, 2026

1. Introduction

PubCue AI ("Company," "we," "us," or "our") operates the PubCue AI platform ("the Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website at pubcue.com and related services. By using the Service, you consent to the practices described in this policy. This policy applies to all users of the Service, including visitors, free trial users, and paid subscribers.

2. Information We Collect

We collect the following categories of information:

Account Information: Name, email address, password (hashed), profile photo, timezone, and organization details provided during registration.

Payment Information: Billing name, address, and payment method details. Payment processing is handled by Stripe, Inc. We do not store your full credit card number on our servers.

Usage Data: Pages visited, features used, scheduling patterns, content creation activity, IP address, browser type and version, device information, operating system, and referral URLs.

User Content: Posts, media files (images, videos), drafts, templates, hashtag sets, link-in-bio pages, persona configurations, and any other content you create or upload to the Service.

Device Information: For fraud prevention, we may collect a hashed device fingerprint based on browser characteristics (user agent, screen resolution, timezone, language, and platform). This fingerprint is stored as a one-way hash and cannot be used to identify your specific device.

Legal Compliance Data: We record when you accept our Terms of Service, including the timestamp of acceptance and the version of Terms accepted. This data is stored on your user account to verify your agreement to the current Terms and to prompt re-acceptance when the Terms are materially updated.

3. Social Media Account Data

When you connect social media accounts to PubCue AI, we collect and store platform-specific data necessary to provide the Service. This may include:

X (Twitter): Profile image, display name, username, profile ID, OAuth access tokens, posted content, and engagement data (likes, retweets, replies, impressions).

Facebook & Instagram (Meta): Profile image, display name, page/profile ID, access tokens, posted content, and engagement data (likes, comments, shares, reach).

LinkedIn: Profile image, display name, profile ID, access tokens, posted content, and engagement data.

TikTok: Profile image, display name, username, profile ID, access tokens, posted content, and engagement data (views, likes, comments, shares).

YouTube: Channel name, profile image, channel ID, access tokens, uploaded videos, and engagement data. Use of YouTube data is subject to the Google Privacy Policy and YouTube Terms of Service. You may revoke access via Google Security Settings.

Pinterest: Profile image, display name, username, profile ID, access tokens, boards, posted pins, and engagement data.

Bluesky: Profile image, display name, handle, DID, app password (encrypted), posted content, and engagement data.

Fanvue: Profile image, display name, handle, creator UUID, OAuth access tokens, posted content, engagement data (likes, comments, tips), subscriber lists, chat conversations, and earnings data. Agency accounts may include data for multiple managed creators.

Other Platforms: Similar data categories as described above for any additional platforms we support.

All social media access tokens and credentials are encrypted using AES-256-GCM encryption before storage.

4. How We Use Your Information

We use your information to: (a) provide, operate, maintain, and improve the Service; (b) process your transactions and manage your subscription; (c) schedule and publish your content to connected social media platforms; (d) generate AI-powered content suggestions and rewrites; (e) provide analytics and performance insights for your social media content; (f) aggregate and display engagement data (comments, mentions, and messages) in the Unified Inbox; (g) send transactional emails (account verification, password resets, billing receipts); (h) provide customer support; (i) detect, prevent, and address fraud, abuse, and security issues; (j) comply with legal obligations; and (k) communicate service updates and changes that affect your account.

5. AI Data Processing

When you use our AI-powered features (content generation, rewriting, persona style engine, AI inbox reply drafts), your prompts and relevant persona context are sent to our AI provider (xAI) for processing. For AI inbox reply features, recent conversation context (including messages from your audience) is sent to the AI provider to generate contextually appropriate draft responses. We do not use your content to train AI models. AI-generated outputs are treated as your User Content. Your social media posting history and persona configurations may be used to customize AI suggestions within your account only. Conversations processed by AI features may also be scanned locally (on our servers, not sent to third parties) for sensitive content detection to flag conversations that may require human review.

6. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information to third parties. We share data only with the following categories of service providers, and only as necessary to provide the Service:

Social Media Platforms: Content and account data shared with platforms you connect, for the purpose of publishing your scheduled content.

Payment Processing: Stripe, Inc. processes all payments. See Stripe's Privacy Policy.

Email Services: Resend handles transactional emails (account verification, password resets, billing notifications).

Cloud Infrastructure: Our service runs on Vercel (hosting), Supabase (database), and Cloudflare (media storage and CDN).

AI Processing: xAI processes AI content generation requests. Prompts are sent per-request and are not stored by the AI provider for training purposes.

Legal Requirements: We may disclose information when required by law, court order, subpoena, or to protect our rights, safety, or property.

7. Data Security

We implement industry-standard security measures to protect your data, including: (a) encryption of data in transit using TLS/SSL; (b) encryption of social media tokens and credentials using AES-256-GCM; (c) secure password hashing using bcrypt; (d) role-based access controls and multi-tenant data isolation; (e) regular security reviews. While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, we will remove your personal data within 30 days, except: (a) anonymized, aggregated analytics data that cannot identify you may be retained for service improvement; (b) data we are required to retain by law; (c) backup copies which are automatically purged on a rolling cycle. Published content on third-party platforms is governed by those platforms' retention policies and is not affected by your PubCue AI account deletion.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your personal data (subject to legal retention requirements).

Export: Download a portable copy of your data in JSON format at any time from Settings. You may also contact us to request a copy.

Restrict Processing: Request that we limit how we use your data.

Opt Out: Opt out of marketing communications at any time.

Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@pubcue.com. Data exports are available instantly via your account Settings. For all other requests, we will respond within 30 days.

10. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases: (a) performance of our contract with you (providing the Service); (b) your consent (where explicitly given); (c) our legitimate interests (improving the Service, preventing fraud); and (d) compliance with legal obligations. Your data may be transferred to the United States. We use appropriate safeguards, including standard contractual clauses, for international data transfers. You have the right to lodge a complaint with your local data protection authority.

11. CCPA Compliance (California Residents)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of your personal information; (c) opt out of the sale of personal information (we do not sell personal information); and (d) not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at privacy@pubcue.com.

12. Cookies and Tracking

We use the following types of cookies: (a) Essential Cookies for authentication, session management, and security (these are required for the Service to function); (b) Preference Cookies to remember your settings and preferences (timezone, theme, sidebar state). We do not use third-party advertising cookies or tracking pixels. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using the Service.

13. Link-in-Bio Pages

If you create a link-in-bio page, certain information you provide will be publicly accessible to anyone who visits your page URL. This may include your display name, bio text, profile image, social media links, and any custom links you add. Analytics data about page visits (view counts, click counts) is collected and visible only to you. We do not share link-in-bio analytics with third parties.

14. Third-Party Links

The Service, including link-in-bio pages, may contain links to third-party websites or services that we do not control. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party services you access through links on our platform.

15. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within 72 hours of discovering the breach, in accordance with applicable laws. Our notification will include a description of the breach, the types of data affected, steps we are taking to address the breach, and recommendations for actions you can take to protect yourself.

16. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting. Since we do not use third-party advertising trackers or cross-site tracking, our Service operates the same way regardless of your DNT setting.

17. Children's Privacy

PubCue AI is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16, we will delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@pubcue.com.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

19. Contact

For privacy inquiries, data requests, or complaints, contact our privacy team at privacy@pubcue.com.