PostPolish

Privacy Policy

Privacy Policy

PostPolish processes personal data only to the extent needed to provide social reply assistance, account access, and subscription features. This policy applies to the Chrome extension, website, and related authentication and billing flows.

Last updated: March 25, 2026

1. Personal Data We Collect

PostPolish may collect or process the following categories of personal data when you use the service:

  • When you sign up or log in: email address and identity provider data, such as Google
  • When operating your account: user identifier, plan information, and subscription status
  • When using paid billing features: Stripe customer ID, subscription ID, and billing status information
  • When using the extension: text you select, page context used to generate or refine replies, platform information such as LinkedIn, X, or Reddit, and feature usage history
  • When maintaining access and authentication: session cookies and related technical authentication data

2. Why We Use Personal Data

  • To identify users, process sign-in, and confirm account status
  • To provide paid plans, process billing, and manage subscriptions
  • To provide core features such as reply polishing, expansion, and auto-generation
  • To tailor results to the user context and help prevent abuse
  • To respond to customer inquiries and send service-related notices

3. How Data Flows Through the Service

  • The Chrome extension reads text you intentionally select and limited context from the current page in order to generate or refine replies.
  • Reply-generation request data may be sent through a Supabase Edge Function and then forwarded to the OpenAI API.
  • The extension may store recent reply history, web app URL settings, and cached account status in Chrome storage.
  • The web app uses Supabase authentication to maintain login sessions and retrieves related profile and billing data to check subscription status.

4. Retention Period

  • Account information may be retained until account deletion or service termination.
  • Billing and subscription data may be retained for as long as needed to comply with law, resolve disputes, or enforce agreements.
  • Reply history stored in the extension remains in the user's browser storage and may be deleted by the user or removed when the extension is uninstalled.
  • Session and cache data are processed temporarily only as needed to maintain authentication and provide the service.

5. Third Parties and Service Providers

PostPolish may rely on the following third-party providers to operate the service:

  • Supabase: user authentication, database, and backend service infrastructure
  • OpenAI: reply generation and language refinement features
  • Stripe: paid subscription billing and customer billing management
  • Google: social login when the user chooses Google sign-in

These providers may process data under their own policies, and we use them only to the extent necessary to provide the service.

6. International Processing

Some infrastructure or API providers used by PostPolish may process data outside your country of residence. When this happens, the transfer is limited to what is necessary for service delivery, and appropriate protections are considered under applicable law.

7. Cookies and Similar Technologies

The web app may use cookies to maintain login sessions and handle authentication. You can control cookies through your browser settings, but doing so may limit access to features such as sign-in.

8. Your Rights

  • You may request access to, correction of, or deletion of your personal data.
  • You may request account deletion or stop using the service at any time.
  • Reply history stored in the browser can be removed through the Chrome extension controls or by clearing browser data.

9. Security Measures

  • Access control and authentication-based limits on data access
  • Use of security features provided by infrastructure vendors
  • Storage of sensitive secrets through server environment variables and secret management mechanisms

10. Children's Privacy

PostPolish is intended for general work and content-writing assistance and is not primarily directed to children who require parental consent under applicable law.

11. Contact

Privacy-related questions and requests for access, correction, or deletion may be sent to the operator contact below:

  • Operator: Chowon Lee
  • Email: chowon.m.lee@gmail.com
  • Address: 9, Geumsang-gil, Gurim-myeon, Sunchang-gun, Jeonbuk-do, 56011, Rep. of KOREA

12. Changes to This Policy

This Privacy Policy may be updated to reflect changes in law, service features, or operational practices. If material changes are made, notice will be provided through the website.