Privacy Policy

Last updated: April 19, 2026  ยท  Medistrat Digital Marketing, Malaysia

1 Introduction

Post2Share ("we", "our", or "us") is a social media management platform operated by Medistrat Digital Marketing, based in Malaysia. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services at app.post2share.com.

By using Post2Share, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2 Information We Collect

We collect the following information when you use Post2Share:

  • Account information: Your name, email address, and password when you register.
  • Google / YouTube data: Name, email, profile picture, and OAuth tokens to publish videos on your behalf.
  • Facebook & Instagram data: Page access tokens, page IDs, and Instagram user IDs to publish content on your behalf.
  • LinkedIn data: OAuth access tokens and your LinkedIn person URN (urn:li:person:...) to publish posts.
  • X (Twitter) data: OAuth 2.0 access and refresh tokens to publish tweets and upload media.
  • Content you create: Captions, media files, scheduling data, and campaign information.
  • Usage data: Log data, IP addresses, browser type, workspace activity, and feature usage.

3 How We Use Your Information

  • To authenticate you and manage your account and team workspaces.
  • To publish posts, images, and videos to your connected accounts on your behalf.
  • To schedule, queue, and manage content across all connected platforms.
  • To automatically refresh OAuth tokens to maintain uninterrupted publishing access.
  • To power AI Caption generation and AI Media creation using your AI Credit wallet.
  • To send real-time notifications about post status (published, failed, recovered).
  • To enforce role-based permissions within team workspaces.
  • To track post analytics and publishing results per platform.
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

4 Connected Social Platforms

PlatformWhat We AccessStatus
๐Ÿ“ท InstagramUser ID, access token โ€” publish images, videos & ReelsLive
๐Ÿ“˜ FacebookPage ID, page access token โ€” publish text, photos & videosLive
๐Ÿ’ผ LinkedInPerson URN, access token โ€” publish text, image & video postsLive
โ–ถ๏ธ YouTubeOAuth tokens โ€” upload videos & Shorts via YouTube Data API v3Live
โœ• X (Twitter)OAuth 2.0 tokens โ€” publish tweets and upload media via X API v2Live
๐Ÿ’ฌ WhatsAppNot yet connectedComing Soon
๐ŸŽต TikTokNot yet connectedComing Soon

5 Google API Services โ€“ Limited Use Disclosure

Post2Share's use of data from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

  • We use youtube.upload exclusively to upload videos you create within Post2Share.
  • We use youtube scope to verify video processing status after upload.
  • Google data is never used for advertising, profiling, or any unrelated purpose.
  • We do not transfer Google user data to third parties except as necessary to provide the Service.
  • Revoke access anytime via Google Account Permissions.

6 OAuth Token Storage & Refresh

  • Facebook: Long-lived tokens (60-day expiry), auto-refreshed via token exchange.
  • Instagram: Long-lived tokens auto-refreshed before expiry.
  • LinkedIn: Tokens stored securely; expired tokens require manual reconnection.
  • X (Twitter): OAuth 2.0 tokens automatically rotated on each use.
  • YouTube / Google: Tokens refreshed via Google's OAuth 2.0 refresh flow.

All tokens are stored encrypted and only used to perform actions you initiate within Post2Share.

7 AI Credits & Data Processing

Post2Share includes an AI Credit system used for AI image generation (Seedream 4.5 by ByteDance), AI caption writing, analytics, and automation. Your prompts may be sent to third-party AI providers to generate results. We do not store prompts beyond what is necessary to deliver the generation. AI Credits never expire and are managed in your AI Credit Wallet in Settings.

8 Data Storage & Security

Your data is stored on secure cloud infrastructure with encrypted storage of OAuth tokens, HTTPS/TLS for all data in transit, role-based access controls, and regular security reviews. While we take reasonable precautions, no system is completely secure.

9 Data Retention

We retain your data for as long as your account is active. Upon account deletion, personal data is removed within 30 days except where required by law. Aggregated, anonymized analytics data may be retained.

10 Your Rights

Under Malaysian law (PDPA 2010) you have the right to access, correct, or delete your personal data, withdraw consent, and disconnect any connected social account from within platform Settings. Contact us at info@post2share.com to exercise these rights.

11 Cookies & Local Storage

Post2Share uses essential browser storage (cookies and localStorage) to maintain login sessions and workspace preferences. We do not use tracking cookies or third-party advertising cookies.

12 Children's Privacy

Post2Share is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will delete the account promptly.

13 Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use after changes constitutes acceptance.

14 Contact Us