Privacy Policy

Last updated: October 16, 2025

1. Introduction

Welcome to OnePost. We provide a social media management and publishing solution (the "Service") that allows users to create, schedule and publish content on multiple social media platforms in one place. We value your privacy and are committed to protecting your personal information. This privacy policy explains how we collect, use, disclose and secure your information when you use our Service.

If you do not accept the terms of this privacy policy, please do not use the Service.

For more information about the site publisher and legal information, please see our Legal Notice.

2. Data we collect

In the context of using OnePost, we collect and process the following categories of data:

2.1 Identification data

  • First and last name
  • Email address
  • Phone number (optional)
  • Billing information

2.2 Social media connection data

  • OAuth authentication tokens
  • Connected account identifiers
  • Social media profile information (with your authorization)

2.3 Content data

  • Content of created posts
  • Scheduling and planning
  • Post metadata
  • Performance statistics (if available)

2.4 Media file data

  • Uploaded images and videos
  • Files imported via third-party services (if applicable)
  • File metadata (size, format, date)

2.5 Technical and usage data

  • IP address, browser type, operating system
  • Navigation data (pages visited, time spent, clicks)
  • Device identifiers and cookies
  • Session information and access logs

How to revoke access to social networks

OnePost relies on connections to social media platforms via their APIs (Facebook, Instagram, LinkedIn, X, YouTube, TikTok). If you wish to revoke access to your accounts, you must:

Step 1: Disconnect via OnePost

Use the disconnect feature directly in your OnePost dashboard.

Step 2: Revocation via platforms

You must also revoke access directly on each platform:

Important: Once access is revoked, OnePost will no longer be able to publish content on this account. Already scheduled content will be automatically deleted from our system. Deleting your account results in the deletion of associated tokens and metadata on OnePost's side.

3. Processing Purposes

In accordance with GDPR, we process your personal data on the following legal bases:

3.1 Contract performance (Art. 6.1.b GDPR)

  • Provision of social media management service
  • Publication and scheduling of your content
  • Management of your user account
  • Technical and customer support

3.2 Legitimate interest (Art. 6.1.f GDPR)

  • Improvement of our services and features
  • Fraud prevention and platform security
  • Anonymized statistical analysis

3.3 Consent (Art. 6.1.a GDPR)

  • Newsletter and marketing communications
  • Non-essential cookies
  • Geolocation data (if enabled)
  • Future audience measurement (PostHog) if enabled

4. Security and Data Protection

We implement technical and organizational security measures in line with industry standards to protect your data:

4.1 Technical measures

  • SSL/TLS encryption for all communications
  • Encryption of sensitive data in database
  • Strong authentication and secure password management
  • Continuous monitoring and intrusion detection

4.2 Organizational measures

  • Data access protected by strong authentication
  • Regular review of security practices
  • Regular backups and recovery procedures
  • Compliance with data security standards

5. Data Sharing and Transfer

We commit to never selling your personal data. We share your data only in the following cases:

5.1 Service partners

  • Social networks: To publish your content according to your instructions
  • Payment processors: To process your transactions (Stripe)
  • Hosting providers: To store and secure your data
  • Analytics services: Google Analytics to improve our services (anonymized data, with your consent)

5.2 International transfers

Some of our partners may be located outside the EU (e.g., Vercel/Stripe). In this case, we ensure that appropriate safeguards are in place:

  • European Commission adequacy decisions
  • Standard contractual clauses approved by the Commission
  • Appropriate certifications and codes of conduct
  • Data Privacy Framework (DPF) for Google Analytics

5.3 Legal obligations

We may disclose your data if required by law, particularly in case of requests from competent authorities or to protect our legal rights.

6. Your GDPR Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

6.1 Right of access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

6.2 Right to rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete data.

6.3 Right to erasure (Art. 17 GDPR)

You can request deletion of your data under certain circumstances.

6.4 Right to data portability (Art. 20 GDPR)

You can request a copy of your data in a structured and machine-readable format.

6.5 Right to object (Art. 21 GDPR)

You can object to the processing of your personal data, particularly for direct marketing purposes.

6.6 Right to restriction of processing (Art. 18 GDPR)

You can request restriction of processing of your data under certain circumstances.

6.7 Exercise of your rights

To exercise these rights, contact us at contact@onepost.fr. We will respond within 1 month; this period may be extended by 2 months in case of complexity. Proof of identity may be required.

In case of dispute, you can contact the CNIL (www.cnil.fr).

6. Retention Periods

We retain your personal data only for the duration necessary for the purposes for which they were collected:

  • Active account data: During the duration of service use plus 3 years after account closure
  • Billing data: 10 years in accordance with legal obligations (Art. L123-22 of the Commercial Code)
  • Technical data and logs: Maximum 12 months
  • Social media connection data: Deleted immediately after disconnection or request
  • User content: Retained until deletion by user or account closure
  • Support communications: 3 years after last interaction

Upon expiry of these periods, your data is securely deleted or anonymized for statistical purposes.

7. Cookies

We use cookies to improve your experience. Non-essential cookies are only placed with your consent via our cookie management system. You can change your choice at any time via the "Manage my cookies" link.

See our Cookie Policy et Manage my cookies.

8. Minors

The service is intended for users aged 16 and over. We do not intentionally target minors.

9. Modifications

We reserve the right to modify this privacy policy at any time. Modifications will be published on this page with an updated date.

10. Contact

For any questions regarding this policy or your personal data, contact us at:

Contact: contact@onepost.fr
Website: https://onepost.fr
Application: https://app.onepost.fr

Appendix: Definitions

"OnePost"

Refers to the SaaS service for social media management and publishing developed by Paul Kourouma.

"Service"

Refers to all features offered by OnePost, including creation, scheduling, and publication of content on social media platforms.

"Associated Platforms" or "Social Networks"

Refers to social networking platforms currently supported by OnePost: Facebook, Instagram, LinkedIn, X (Twitter), YouTube, TikTok.

"Personal Data"

Has the meaning assigned to it by the General Data Protection Regulation (GDPR): any information relating to an identified or identifiable natural person.

"GDPR"

Refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.

"Client Content"

Refers to any content created, uploaded, or generated by the user via OnePost, including but not limited to texts, images, videos, and associated metadata.

"API"

Application programming interface allowing OnePost to communicate with social media platforms to publish content and retrieve data.