Privacy Policy — PostSlate
Last Updated: May 25, 2026 Effective Date: May 25, 2026 Controller: Dapper Chimp, LLC d/b/a PostSlate Jurisdiction: Michigan, United States
The short version: You own your content. We use your data only to run PostSlate. We do not sell your personal information or your video content to any third party, ever. Our AI sub-processors are disclosed in full in Section 5, including which ones may train on submitted data and which are opted out.
Table of Contents
- Who We Are
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Third-Party Sub-Processors
- Your Content & Video Files
- Data Retention
- Cookies & Tracking
- Your Privacy Rights
- California Residents (CCPA)
- International Users
- Data Security
- Children's Privacy
- Changes to This Policy
- Contact Us
1. Who We Are
This Privacy Policy is published by Dapper Chimp, LLC, a Michigan limited liability company doing business as PostSlate ("PostSlate," "we," "us," or "our"). PostSlate operates the website at postslate.com and the PostSlate application (collectively, the "Services").
PostSlate acts as the data controller for personal information collected directly through the Services. Where we use third-party Sub-Processors to handle your video content on our behalf, we act as your data processor and those Sub-Processors act as sub-processors under our instruction (to the extent contractually established).
For privacy inquiries, contact us at hello@postslate.com.
2. Information We Collect
We collect information in three ways: information you provide directly, information generated automatically by your use of the Services, and information received from third-party authentication providers.
Information You Provide
Account Information When you register, we collect your email address, name, and password (or, if you sign in with Google, your Google account name, email address, and profile picture). If you represent an organization, we may also collect your organization name and role.
Payment Information When you purchase Credits or a Subscription, payment is processed by Stripe. PostSlate does not receive or store your full credit card number, CVV, or banking information. We receive and store a tokenized payment reference, the last four digits of your card, card type, and billing country from Stripe for account management purposes.
Video Content & Uploads When you submit a Processing Job, you upload a video file to the Services. This file is stored in Supabase cloud storage and transmitted to our AI Sub-Processors for analysis and generation. We treat uploaded video content as sensitive — see Section 6 for detailed handling rules.
Communications If you contact us for support, billing questions, or by email, we collect and retain the content of that communication and your contact details in order to respond.
Information Collected Automatically
Usage & Telemetry Data We collect information about how you interact with the Services, including: pages visited, features used, Processing Job status and timestamps, credit balance changes, error events, and session duration. This data is used to improve reliability, diagnose issues, and understand usage patterns.
Log & Technical Data Our servers and infrastructure automatically log IP addresses, browser type, operating system, referring URLs, and timestamps for security, fraud prevention, and operational monitoring. These logs are retained for up to 90 days.
Error Monitoring (Sentry) We use Sentry for application error monitoring. When an error occurs, Sentry captures diagnostic data including the error message, stack trace, browser environment, and the user's account ID. Sentry is configured to exclude video content and Output file contents from error reports.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Services. Processing your video uploads, generating Output files, managing your account and Credits, and delivering your downloads.
- Billing and payment administration. Processing payments, managing Subscription renewals, issuing invoices, and resolving billing disputes.
- Account management and security. Authenticating logins, detecting fraudulent or abusive account activity, enforcing rate limits, and protecting the integrity of the Services.
- Customer support. Responding to support requests, diagnosing processing failures, and communicating about your account.
- Service improvement. Analyzing aggregate, de-identified usage patterns to improve pipeline performance, UI/UX design, and new feature prioritization. We do not analyze the content of your uploaded videos for this purpose.
- Legal compliance. Meeting our obligations under applicable law, including responding to lawful requests from government authorities, and enforcing our Terms of Service.
- Transactional communications. Sending job completion notifications, billing receipts, password reset emails, and other account-related messages. These are not marketing emails and cannot be fully unsubscribed from while your account is active.
- Product announcements. Sending updates about new features or changes to the Services. You may unsubscribe from these at any time.
What we do not do: We do not sell your personal information. We do not use your video Content to train our own models. We do not serve third-party advertising on PostSlate. We do not build or share behavioral profiles of you with advertisers or data brokers.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
Sub-Processors
To operate the Services, we transmit your Content and associated data to the AI and infrastructure Sub-Processors listed in Section 5. These are the only parties that receive your video files.
Business Transfers
If PostSlate or Dapper Chimp, LLC is acquired, merges with, or transfers all or substantially all of its assets to another company, your information may be transferred as part of that transaction. We will provide notice of any such change via email or a prominent notice on the Services before your information becomes subject to a materially different privacy policy.
Legal Requirements
We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation, court order, or government request; (b) enforce our Terms of Service; (c) protect the rights, property, or safety of PostSlate, our users, or the public; or (d) detect, prevent, or address fraud or security issues. Where permitted by law, we will attempt to notify you before complying with such a request.
With Your Consent
We may share your information with third parties for any other purpose with your explicit prior consent.
5. Third-Party Sub-Processors
The following third-party services are used to operate PostSlate. Each receives a limited category of data necessary to perform its function.
| Provider | Purpose | Data Received | Training Notes | Privacy Policy |
|---|---|---|---|---|
| Supabase | Database, authentication, file storage | Account data, uploaded video files, job records, Output files | No training use | supabase.com/privacy |
| Stripe | Payment processing | Billing name, email, payment method (not stored by PostSlate) | No training use | stripe.com/privacy |
| Vercel | Application hosting and CDN | Web request logs, IP addresses | No training use | vercel.com/legal/privacy-policy |
| Trigger.dev | Background job queue | Job execution metadata, job IDs, status events | No training use | trigger.dev/legal/privacy |
| Deepgram | AI speech-to-text (captions) | Video audio track extracted for transcription | Opted out via mip_opt_out=true on all API requests | deepgram.com/privacy |
| Anthropic (Claude) | AI language model (AD script generation) | Structured visual analysis output used to generate AD scripts | No training per Anthropic API policy | anthropic.com/privacy |
| ElevenLabs | AI text-to-speech (MP3 voiceover) | AD script text synthesized to produce MP3 voiceover | Opted out via account settings | elevenlabs.io/privacy-policy |
| Twelve Labs | AI video analysis (visual descriptions) | Uploaded video file via public Supabase URL | May train on submitted content per their standard terms. No standard opt-out available. Enterprise agreements available — contact hello@postslate.com | twelvelabs.io/privacy-policy |
| Sentry | Error monitoring and diagnostics | Error logs, stack traces, account IDs, browser/device data. Video content excluded. | No training use | sentry.io/privacy |
| Google (SSO) | Optional authentication | Name, email, profile picture if you sign in with Google | No training use | policies.google.com/privacy |
We review Sub-Processor agreements on a regular basis. If we add, replace, or materially change a Sub-Processor that affects how your Content is handled, we will update this section and notify you by email at least 14 days in advance.
6. Your Content & Video Files
We recognize that the video files you upload to PostSlate may be proprietary, sensitive, pre-release, or otherwise confidential. We handle your Content under the following rules:
- Limited access. Your uploaded files are stored in a private Supabase storage bucket. PostSlate personnel do not routinely access your Content. Access is limited to resolving technical failures, responding to your explicit support request, or complying with legal obligations.
- Processing only. Your Content is transmitted to Sub-Processors solely for the purpose of generating the Output you requested. It is not used for any other purpose by PostSlate.
- No training by PostSlate. PostSlate does not use your Content or your Output to train, fine-tune, or improve any machine learning model operated by PostSlate.
- Twelve Labs disclosure. As noted in Section 5, Twelve Labs receives your video file to perform visual analysis. Under their current terms, they retain a license to use submitted content to train, improve, and enhance their proprietary models and platform, and Twelve Labs does not offer a standard-tier opt-out from this training and improvement use. By accepting the Terms of Service at signup, you acknowledge and consent to this data flow. If this is unacceptable for any specific upload — including pre-release content, confidential client material, NDA-restricted footage, or other sensitive material — do not upload that content. Contact hello@postslate.com FIRST to discuss enterprise alternatives with custom data-handling restrictions.
- Output files. Your generated Output files (VTT, AD script, MP3) are stored in Supabase and made available to you for download. We do not distribute your Output to any party other than you.
- No PHI. Do not upload Content that contains protected health information (PHI) as defined by HIPAA without a separately executed Business Associate Agreement (BAA) with PostSlate.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Video files (Content) | Automatically deleted 30 days after the associated Processing Job completes. |
| Output files (VTT, script, MP3) | Automatically deleted 30 days after job completion. Download before this window closes — deleted files cannot be recovered. |
| Account information | Retained for the life of your account and up to 3 years after account deletion for billing dispute resolution and legal compliance. |
| Job metadata | Retained for up to 12 months after job creation, then deleted. |
| Payment records | Retained for 7 years as required by applicable tax and financial recordkeeping law. |
| Server and access logs | Retained for up to 90 days for security and operational monitoring. |
| Support communications | Retained for 2 years after resolution of the support request. |
| Error logs (Sentry) | Retained per Sentry's standard retention policy, currently 90 days. |
You may request early deletion of your account and personal data at any time by emailing hello@postslate.com. Deletion requests will be processed within 30 days. Certain data may be retained beyond your request where required by law or to resolve open billing disputes.
8. Cookies & Tracking
PostSlate uses a minimal set of cookies and local storage mechanisms necessary to operate the Services. We do not use third-party advertising cookies or cross-site tracking.
Essential Cookies
These are required for the Services to function and cannot be disabled:
- Authentication session cookies — set by Supabase Auth to keep you logged in across page loads. These expire when you log out or after a period of inactivity.
- CSRF protection tokens — short-lived tokens used to protect against cross-site request forgery attacks.
Functional Cookies
- Preference storage — remembers UI preferences such as voice selection and display settings.
Analytics
At the time of this writing, PostSlate does not use a third-party analytics platform. Aggregate usage insights are derived solely from our own server-side logs. If we implement a third-party analytics tool in the future, we will update this section to describe what is collected and how you can opt out.
No Advertising Cookies
PostSlate does not use advertising cookies, retargeting pixels, or any tracking technology that follows you across third-party websites.
Managing Cookies
You can configure your browser to block or delete cookies. Blocking essential cookies will prevent you from logging in to PostSlate.
9. Your Privacy Rights
PostSlate honors the following rights for all users regardless of jurisdiction:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you. |
| Correction | Request correction of inaccurate or incomplete personal information. You can update most account data directly in Account settings. |
| Deletion | Request deletion of your account and personal information, subject to legal retention requirements in Section 7. |
| Portability | Request your personal data in a structured, machine-readable format for transfer to another service. |
| Opt-out of Marketing | Unsubscribe from non-transactional emails at any time via the unsubscribe link in any marketing email. |
| Withdraw Consent | Where processing is based on consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing. |
To exercise any of these rights, contact us at hello@postslate.com with the subject line "Privacy Rights Request." We will respond within 30 days of a verified request. We may ask you to verify your identity before processing a request.
We will not discriminate against you for exercising your privacy rights.
10. California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights.
Right to Know
You have the right to know the categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it. This Privacy Policy satisfies our disclosure obligations. For a copy of specific pieces of data, submit a request to hello@postslate.com.
Right to Delete
You have the right to request deletion of personal information we collected from you, subject to certain exceptions.
Right to Correct
You have the right to request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing
PostSlate does not sell your personal information and does not share it for cross-context behavioral advertising. There is no "Do Not Sell or Share" mechanism needed, as we do not engage in these activities.
Right to Limit Use of Sensitive Personal Information
PostSlate does not collect or process sensitive personal information beyond what is necessary to provide the Services.
No Discrimination
We will not discriminate against California residents for exercising their CCPA/CPRA rights.
Categories of Personal Information Collected (Prior 12 Months)
Identifiers (name, email address, IP address); commercial information (transaction history, Credit balances); internet/electronic activity (usage logs, browser data); and audio/visual data (uploaded video files, for processing purposes only).
How to Submit a California Privacy Request
Submit requests to hello@postslate.com with the subject line "California Privacy Request." We respond to verified requests within 45 days, with one 45-day extension if necessary.
11. International Users
PostSlate is operated from the United States. If you access the Services from outside the United States, your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country.
EEA, United Kingdom & Switzerland
PostSlate's Services are not currently directed at individuals in the EEA, UK, or Switzerland as a primary market. Enterprise customers who require a Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs) for GDPR compliance may request one by contacting hello@postslate.com.
Other Jurisdictions
Users located in other jurisdictions with applicable privacy laws (including Canada's PIPEDA, Brazil's LGPD, and Australia's Privacy Act) may exercise rights substantially similar to those described in Section 9 by contacting us directly.
12. Data Security
PostSlate implements industry-standard technical and organizational security measures to protect your personal information and Content, including:
- Encryption in transit. All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest. Files stored in Supabase are encrypted at rest using AES-256.
- Access controls. Personnel access to production systems and customer data is restricted to a need-to-know basis, with multi-factor authentication required for all administrative accounts.
- Credential security. User passwords are hashed using bcrypt via Supabase Auth and are never stored in plaintext.
- Automated file deletion. Video files and Output are automatically purged after 30 days, reducing the window of exposure for stored content.
- Dependency monitoring. We monitor application dependencies for known security vulnerabilities and apply patches on a regular schedule.
In the event of a data breach affecting your personal information, we will notify you as required by applicable law — and in any event within 72 hours of discovery if the breach is likely to result in a risk to your rights or interests.
Responsible Disclosure: If you discover a security vulnerability in the PostSlate platform, please report it to hello@postslate.com. We will acknowledge your report within 48 hours.
13. Children's Privacy
The Services are not directed to individuals under the age of 18. PostSlate does not knowingly collect personal information from minors. If we learn that we have collected personal information from a person under 18 without parental consent, we will delete that information promptly. Contact hello@postslate.com if you believe we may have collected information from a minor.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page;
- Send notice to the email address associated with your account at least 30 days before changes take effect for material changes that affect how we use your Content or personal information; and
- For non-material changes, update this page without individual notice.
Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy.
15. Contact Us
| Privacy Requests | hello@postslate.com |
| Security Reports | hello@postslate.com |
| General Legal | hello@postslate.com |
| Mailing Address | Dapper Chimp, LLC d/b/a PostSlate<br>2977 Manitou Dr NE<br>Grand Rapids, MI 49525 |
We aim to respond to all privacy inquiries within 10 business days.
PostSlate is a product of Dapper Chimp, LLC · 2977 Manitou Dr NE, Grand Rapids, MI 49525 · postslate.com