Privacy Policy

We collect the following categories of information when you sign up and use Squadpitch:

• Account information. Your email, name, and profile details. Authentication is handled by Auth0; we receive a unique Auth0 identifier and your email.
• Workspace and team information. Workspace name, time zone, the people you invite, and the role you assign them.
• Business, listing, brand, and marketing content. Listing URLs, website content, brand voice configuration, persona settings, uploaded images and videos, and any text you paste or type into the product.
• Generated content and campaign / post drafts. Captions, hooks, hashtags, scheduled posts, campaign sequences, and the metadata Squadpitch produces while operating on your content.
• Scheduled and published post metadata. Which channel a post went to, when it was published, the resulting external post ID and permalink, and the post status (failed, queued, published, etc.).
• Social-media integration tokens and connected-account identifiers. When you authorize Squadpitch to connect a third-party social platform, we store an OAuth access token (and a refresh token where issued) and the platform's public identifier for the connected account or page. Tokens are encrypted at rest.
• Analytics and engagement metrics returned by connected platforms. Impressions, reach, likes / reactions, comments, shares, saves, clicks, and similar counts, along with their timestamps. These are returned by the connected platform's API.
• Billing and subscription metadata. Stripe customer ID, plan tier, subscription status, and high-level usage counts. Stripe handles your payment method directly; we never see your full card number.
• Support communications. The contents of any email or in-product message you send to support, privacy, or legal addresses, plus the metadata of those messages.
• Technical logs, device, browser, IP, session, and security information. Standard server and audit logs (including request IDs, IP addresses, user agents, and rate-limit telemetry) used to operate, debug, and secure the service.
• Cookies and similar technologies. Used to keep you logged in, remember preferences, and run optional product analytics. See "Cookies" below.

We use the data above to:

• Operate the service and your account.
• Run workspace and team management features.
• Generate AI content using third-party model providers, applying the brand context you have set.
• Schedule and publish posts to the channels you have connected, on the timing you set.
• Pull analytics from connected platforms and present them in your workspace.
• Bill you correctly under your plan and let you manage your subscription.
• Provide support, investigate incidents, prevent fraud, enforce usage limits, and protect the security of the service.
• Improve the product. We do not sell your personal data. We do not train shared, customer-mixed AI models on your account content.
• Comply with legal obligations.

We rely on the following providers to operate the service. Each is governed by its own privacy policy and processes only the data required for the function described.

• Auth0 — authentication and session management.
• Stripe — payment processing and subscription billing.
• OpenAI — text generation.
• Fal.ai — image and video generation.
• Replicate (optional) — image segmentation for listing-photo enhancements.
• Cloudinary — media storage and delivery.
• Postmark — transactional email delivery.
• Twilio — SMS notifications, sent only after opt-in.
• Web Push (VAPID) — browser push notifications, sent only after opt-in.
• Sentry (optional) — error monitoring.
• PostHog (optional) — product analytics for a small allow-list of funnel events. No content is sent.
• Fly.io / Vercel — application hosting.
• Postgres (Fly Postgres) — primary database for account, workspace, and content data.
• Upstash Redis — queue infrastructure and request-level state.
• RentCast (optional, real estate) — public property data.
• Meta (Facebook + Instagram), TikTok, X, LinkedIn, YouTube, Google Business Profile, Google Drive, Dropbox — third-party platforms you choose to connect for publishing, analytics, or media import.

When you connect a third-party platform, you authorize Squadpitch to access that platform on your behalf within the scopes you grant at the consent screen. Squadpitch stores the resulting access token (and refresh token, where issued) encrypted at rest. We use these tokens only to provide the publishing, scheduling, and analytics features you request, plus support, security, and compliance with platform policies.

We do not sell or share these tokens with third parties for marketing or any other purpose unrelated to operating the service for you.

You can disconnect any connected account at any time from Settings → Channels. Disconnecting deletes the stored token. You can also revoke access from inside the connected platform's own settings, which has the same effect of stopping new requests from Squadpitch even if the local token has not yet been removed.

Captions, hooks, hashtags, and images you generate through Squadpitch are produced by third-party AI models. AI output can be inaccurate, biased, infringing, non-compliant with platform rules, or simply unsuitable for your audience. You are responsible for reviewing and approving every post before it is published. For real estate users this includes confirming that posts comply with the federal Fair Housing Act, your MLS rules, and any state, local, or platform-specific advertising rules that apply. Squadpitch does not guarantee accuracy, originality, or compliance of generated output.

We retain account, workspace, and content data while your account is active. If you delete your account, we remove personal data and workspace content within 30 days, except where we are legally required to retain billing or tax records, where we need to keep a minimal record to support fraud, abuse, or platform-policy investigations, or where the data has already been aggregated and de-identified.

Connected-platform engagement metrics (likes, reach, etc.) are retained as long as the corresponding draft / post record exists in your workspace.

You can access, export, correct, or delete the personal data associated with your account. To make a request:

• Log in and use Settings → Workspace to delete a workspace, or Settings → Channels to disconnect any connected platform.
• Email privacy@squadpitch.com to request access, export, correction, or full account deletion. We aim to respond within 14 business days. We may need to verify your identity by replying from the email address on the account.
• Cancel paid plans at any time through Settings → Billing (Stripe customer portal).
• Reply STOP to any SMS to opt out of further SMS.

Squadpitch does not currently provide a self-service in-app account-deletion button. The email path above is the primary deletion route. If we add a self-service flow later, this section will be updated. For step-by-step guidance — including what to put in the email and what may be retained for legal or billing reasons — see the Data Deletion page.

Squadpitch transmits data over HTTPS and stores OAuth tokens for connected platforms encrypted at rest using AES-256-GCM. Internal access to production data is restricted to authorized engineers and is audit-logged. We use standard provider security controls (Auth0 for authentication, Fly.io for infrastructure, Stripe for payments). No system is perfectly secure; if we discover a breach materially affecting your account, we will notify you and any regulators required by law.

Squadpitch uses cookies and equivalent technologies to keep you signed in and to remember workspace preferences. We may also use PostHog to record a small allow-list of funnel events (sign-up started, workspace created, publish attempted, etc.) to measure product usage. PostHog never receives the body of your posts, captions, or media. You can block analytics with a standard browser tracker blocker without breaking the rest of the product.

Squadpitch is intended for business use by adults. The service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has submitted information to us, contact privacy@squadpitch.com and we will delete it.

Squadpitch is operated from the United States. By using the service from outside the US you consent to the transfer of your information to the United States and to processing in the United States, where data-protection laws may differ from those in your country.

We will update this policy as the product evolves. Material changes will be communicated by email to the address on your account or through an in-product notice. Continued use after the effective date of the updated policy constitutes acceptance.

Privacy questions, deletion / export requests, or concerns about how Squadpitch handles your data: privacy@squadpitch.com.

Squadpitch LLC · Ohio, USA