Last updated: June 23, 2026
Privacy Policy
A clear overview of how we collect, use, and protect your personal information at SlothPost.
1. Who we are
SlothPost is operated by Abhishek Khanra, an individual developer based in Howrah, West Bengal, India. You can reach out directly at abhishek@slothpost.app. SlothPost acts as the Data Fiduciary under India's Digital Personal Data Protection Act 2023 and the Data Controller under the GDPR.
2. What data we collect & why
Account identity data
(Email, name, Clerk user ID) — to create and manage your account, authenticate you, and communicate with you. Lawful basis: contract performance.
Voice profile
(Writing style description, NOT the recording) — to generate posts that sound like you. Lawful basis: consent, given during onboarding. Retention: indefinite until account deletion.
Voice interview transcript
Temporary, to extract your voice profile only. Retention: deleted immediately after analysis, never stored.
Product information
(Names, descriptions) — to generate contextually relevant posts about your products. Lawful basis: contract performance. Retention: until product or account is deleted.
Rant transcripts
To give AI additional context about recent work. Lawful basis: voluntary creation. Retention: until you delete the rant or your account.
GitHub commit metadata
(NOT code) — to understand what development work you've done for post generation. Lawful basis: consent via explicit OAuth connection. Retention: 30 days via automated TTL deletion.
Vercel deployment metadata
Same as above. Lawful basis: consent via integration. Retention: 30 days.
OAuth access tokens
(X, GitHub, Threads) — to post on your behalf and receive webhooks. Lawful basis: contract performance. Retention: until integration is disconnected or account deleted. Tokens are encrypted at the application layer.
Generated draft posts
Your review before publishing. Retention: 3 days via automated TTL deletion if not published, or immediately upon publishing.
AI-generated summaries
(Daily, weekly, monthly) — to maintain context for generation over time so posts improve. Retention: daily summaries 30 days, weekly/monthly indefinitely until account deletion.
3. What we do NOT collect
We explicitly do NOT access your GitHub code. We do not read your existing social media posts. We do not store voice recordings (only a derived style profile). We do not use cookies for tracking or advertising. We do not sell your data. We do not process payment data (SlothPost is currently free).
4. How AI processing works
GitHub commit messages and deployment events are sent to Groq's Llama 3.3 70B model to generate post drafts. Voice interview transcripts are sent to Anthropic's Claude Haiku model to extract writing style characteristics. Voice transcription uses Groq Whisper.
All AI processing happens server-side. You should not include sensitive personal information in commit messages, product descriptions, or rants because this content is sent to third-party AI providers.
5. Third-party sub-processors
| Processor | Role | Location |
|---|---|---|
| AWS DynamoDB | Database storage (all user data) | us-east-1 (USA) |
| Groq | AI inference (Llama 3.3 + Whisper) | USA |
| Anthropic | AI inference (Claude Haiku 4.5) | USA |
| Cloudflare | Cron job execution, DNS, email | USA / Global |
| Clerk | Authentication and session management | USA |
| Vercel | Application hosting | USA / Global |
| Resend | Transactional email delivery | USA |
SlothPost maintains Data Processing Agreements or uses standard terms for these providers. For US-based processors, data transfers rely on standard contractual clauses or adequacy mechanisms where applicable.
6. Your rights
Right to access & port
Email us to request a copy of your data or request it in a machine-readable format. We respond within 30 days (GDPR) / 7 days (DPDP Act).
Right to correction
Email us at any time if you believe any data we hold is inaccurate and we will correct it.
Right to erasure
Delete your account instantly at slothpost.app/delete-data. Disconnecting an integration automatically deletes its associated OAuth token.
Grievance redressal: Under the DPDP Act 2023, contact us at support@slothpost.app. If unresolved, you may approach the Data Protection Board of India. EU residents may lodge complaints with their local supervisory authority.
7. Security
We utilize DynamoDB encryption at rest via AWS KMS keys. All transit data is encrypted via TLS 1.2+. OAuth tokens are encrypted at the application layer before storage. Access to the database is strictly controlled via AWS IAM with no public access. In the event of a breach, we will notify affected users within 72 hours.
SlothPost is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us for immediate deletion.
8. Changes to this policy
We will notify users of material changes via email to the address on your account. The effective date at the top of this page will be updated. Continued use after the effective date constitutes acceptance.