1. Information We Collect
When you use AutoPublish, we collect:
- Account information: Your email address and encrypted password, collected when you create an account.
- WordPress credentials: Your WordPress site URL, username, and Application Password. These are stored encrypted and used solely to publish content to your sites.
- Content data: Topics, keywords, and settings you enter into the platform. Published articles and their performance metadata.
- Usage data: Pages visited, features used, and general activity logs for the purpose of improving the product.
- Payment data: Billing is handled by Lemon Squeezy. We do not store your payment card information.
2. How We Use Your Information
We use your information to:
- Provide and operate the AutoPublish service
- Publish content to your WordPress sites on your behalf
- Send transactional emails (publish confirmations, error notifications) when enabled
- Improve and debug the platform
- Respond to support requests
- Comply with legal obligations
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Third-Party Services
AutoPublish uses the following third-party services to operate:
- Supabase: Database and authentication infrastructure. Data is stored in Supabase's hosted PostgreSQL service.
- OpenAI: Content generation (GPT-4o) and image generation (GPT-image-1). Article topics and keywords are sent to OpenAI's API. We do not send personally identifiable information to OpenAI.
- Pexels: Stock image sourcing. Keyword queries are sent to the Pexels API to fetch relevant images.
- Tavily: Search engine research. Keywords may be sent to Tavily for competitor analysis.
- Lemon Squeezy: Payment processing. All billing data is handled by Lemon Squeezy and subject to their privacy policy.
- Railway: Backend processing infrastructure.
4. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
Published articles remain on your WordPress sites — we do not delete content from your WordPress installation when you cancel your account.
5. Security
We implement industry-standard security practices including:
- Encryption of data in transit (HTTPS/TLS)
- Encrypted storage of WordPress Application Passwords
- Row-level security on all database tables
- Authentication via Supabase with bcrypt password hashing
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
6. Cookies
We use session cookies to maintain your login state. These are essential for the service to function and cannot be disabled. We do not use advertising or tracking cookies.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a machine-readable format
- Object to processing of your data
To exercise any of these rights, email us at hello@autopublish.org.
8. Children
AutoPublish is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice in the dashboard. Your continued use of AutoPublish after changes are posted constitutes your acceptance of the updated policy.