PRIVACY POLICY
This Privacy Policy explains what data LocalPost collects, why we collect it, who we share it with, and what rights you have. LocalPost is operated by CFATW LLC, a Wisconsin limited liability company based in Milwaukee, Wisconsin (USA).
If anything here is unclear, email hello@trylocalpost.com.
1. What we collect
Account information
- Email address you use to sign in.
- The name of the business you set up.
- Time and date of account creation and recent sign-ins.
Business and brand information
Whatever you enter during onboarding and edit later in settings, including:
- Business name, website, brand voice description, key offerings, marketing goals.
- Brand colors (hex values).
- Logo files you upload.
- Locations you operate.
- Team members you list (names and roles).
- Days of the week your business is closed.
Calendar content
- Posts you create or that AI generates for you, including titles, captions, scheduling dates, locations, platform tags, status, and assignments.
- Graphic files you upload and attach to posts.
- Notes and visual briefs.
Payment information
We do not store your credit card number. All payment information is collected and stored by our payment processor, Stripe. We store only a Stripe customer identifier and a Stripe subscription identifier, plus the current subscription status (e.g., trialing, active, past due, canceled).
Technical information
- Standard server logs from our hosting provider, including IP address, browser type, and request timestamps. Used for security and debugging.
- An authentication session token stored in your browser's local storage so you stay signed in.
We do not currently use third-party analytics, advertising trackers, or marketing pixels.
2. How we use it
We use your information to:
- Provide the Service — show your calendar, save your posts, generate AI suggestions, deliver Concierge designs.
- Authenticate you — send magic-link sign-in emails and keep your session active.
- Charge you — process subscription payments through Stripe.
- Communicate with you — send transactional emails (sign-in links, billing notifications, account changes). We do not send marketing emails without your consent.
- Improve and maintain the Service — debug issues, monitor performance, prevent abuse.
- Comply with legal obligations.
We do not sell your data. We do not share your data with advertisers. We do not use your data to train AI models that benefit anyone other than you.
3. Third-party processors
We use the following service providers to operate LocalPost. Each receives only the data necessary to perform its function and is contractually required to protect your data.
| Processor | What they do | What they receive |
|---|---|---|
| Supabase | Database hosting and authentication | All your account, business, and calendar data; uploaded logos and graphics |
| Stripe | Payment processing | Your name, email, payment method, billing address, and subscription details |
| Anthropic | AI generation (campaigns and briefs) | Your brand context and the campaign idea you submit. Anthropic does not use API inputs to train its models. |
| Resend | Transactional email delivery | Your email address and the email content (e.g., magic-link URL) |
| Netlify | Web hosting and serverless functions | Standard server logs (IP, request data) for the pages and functions you load |
Each provider is operated by a separate company with its own privacy policy. The links above go directly to those policies if you'd like to read them.
4. Cookies and local storage
LocalPost uses the bare minimum to keep you signed in:
- Authentication token in browser local storage — set when you sign in, used to keep you signed in across page loads. Cleared when you sign out.
- Plan-intent value in browser local storage — temporarily set when you click a pricing CTA on the landing, so we can pre-select that plan after you sign in. Removed once acted upon.
We do not set tracking cookies, advertising cookies, or analytics cookies.
5. Data retention
We retain your data for as long as your account is active and for a reasonable period afterward to handle support, comply with legal obligations, or resolve disputes.
If you cancel and want your data deleted, email hello@trylocalpost.com with the subject "Delete my data" from the email associated with your account. We will delete your account, business records, calendar content, and uploaded files within 30 days. Some records may be retained longer where required by law (for example, payment and tax records held by Stripe).
6. Your rights
Depending on where you live, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Correct — fix inaccurate data. Most fields can be edited yourself in the Settings screen of the Service.
- Delete — request deletion of your account and associated data (see Section 5).
- Object or restrict — limit how we process certain data.
- Data portability — receive a machine-readable export of your data.
To exercise any of these rights, email hello@trylocalpost.com from the email address associated with your account. We will respond within 30 days.
California residents: the rights above include those provided by the California Consumer Privacy Act (CCPA). We do not sell personal information.
EU/EEA/UK residents: the rights above include those provided by the General Data Protection Regulation (GDPR). LocalPost acts as the data controller for the data described in this policy. The legal basis for processing is your consent (when you create an account) and contract performance (delivering the Service you paid for).
7. Security
We protect your data using industry-standard practices:
- All connections to LocalPost use HTTPS with TLS encryption.
- Passwords are not used — we use magic-link authentication, eliminating an entire class of credential-theft risks.
- Database access is restricted by row-level security so customers cannot read each other's data.
- Server-side secrets (API keys, payment processor credentials) are stored in encrypted environment variables, never in client-side code.
- Payment information is handled exclusively by Stripe (PCI DSS Level 1 certified).
No system is perfectly secure. If we discover a security incident affecting your data, we will notify you without undue delay and as required by applicable law.
8. International data transfers
Our infrastructure is located in the United States. If you access LocalPost from outside the U.S., your data will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.
9. Children's privacy
LocalPost is intended for use by businesses and is not directed to anyone under 18 years old. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy as our practices change. When we make material changes, we will update the "Last updated" date and notify you by email.
11. Contact
Questions about your privacy? Email hello@trylocalpost.com.
You can also write to us at: CFATW LLC, 720 N Dr Martin Luther King Jr Dr, Milwaukee, WI 53203, USA.
CFATW LLC, dba LocalPost · Milwaukee, Wisconsin.