1. Introduction

WeLinkMe Inc. ("we," "us," "our," or "Company") operates the Sleepy Post Service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including all associated subdomains and related applications.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using Sleepy Post, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: Name, email address, password, phone number (optional)
• Billing Information: Billing address, credit card information (processed securely by third-party payment processors)
• Profile Information: Profile picture, bio, company name, website
• Business Information: Business description, target audience, brand voice, and marketing preferences
• Content: Social media posts, captions, images, scheduled content, and any other content you create
• Communication: Messages, feedback, support requests, and inquiries you send us

2.2 Social Media Account Data

When you connect social media accounts via OAuth, we collect:

• OAuth Tokens: Access and refresh tokens to post on your behalf
• Account Identifiers: Platform user IDs and usernames
• Profile Information: Display name, profile picture, follower counts (where available)
• Channel/Page Data: Connected channels, pages, or accounts for posting

We support connections to: YouTube, TikTok, X/Twitter, Facebook, Instagram, LinkedIn, Pinterest, Reddit, and Bluesky.

2.3 X/Twitter Developer Credentials (BYOK)

To connect your X/Twitter account, you may provide your own X Developer API credentials ("Bring Your Own Key" or BYOK). When you do so, we collect:

• Client ID: Your X Developer App Client ID
• Client Secret: Your X Developer App Client Secret
• OAuth Tokens: Access and refresh tokens obtained after you authorize the connection

Why we use BYOK for X/Twitter: X/Twitter charges developers based on app-wide API usage. To ensure all Sleepy Post users regardless of subscription tier can publish to X without restrictions, we allow you to use your own free X Developer credentials. This shifts the API quota to your personal developer account rather than our shared pool.

How we use your X credentials: Your Client ID and Client Secret are used exclusively to authenticate your X account and post content on your behalf. We do not use your credentials for any other purpose, share them with third parties, or access any data beyond what is necessary for the posting functionality you request.

Your X credentials are stored securely in our database and can be deleted at any time by disconnecting your X account in Settings.

2.4 Information Collected Automatically

• Device Information: Device type, operating system, browser type, IP address
• Usage Data: Pages visited, features used, time spent, interaction patterns
• Cookies & Tracking: Cookies, pixels, web beacons, and similar tracking technologies
• Location Data: Approximate location based on IP address (not precise GPS)

2.5 Information from Third Parties

• Data from social media platforms if you authenticate via OAuth
• Payment processor information
• Analytics providers and advertising networks

2.6 Stripe Payment Information

When you make a payment, we use Stripe as our payment processor. We collect and process:

• Card number (last 4 digits only - full number processed by Stripe)
• Billing address and ZIP code
• Subscription information and billing history
• Invoice records and payment status

Important: We never store full credit card numbers. Stripe handles all sensitive payment data according to PCI DSS compliance standards. For details, see Stripe's Privacy Policy.

2.7 Firebase Data Storage

We use Google Firebase to store and manage your data securely:

• User authentication tokens and session data
• Account information and subscription status
• Social media account connections and OAuth tokens
• Generated posts, captions, and content history
• Scheduled posts and content calendar data
• Rate limiting logs and usage tracking
• Uploaded media files (images, videos for posts)

Firebase is hosted on Google Cloud and subject to Google's privacy controls. Your data is encrypted in transit and at rest. See Google's Firebase Privacy for details.

2.8 Rate Limiting and Usage Tracking

To protect our service and ensure fair usage, we track:

• Number of content generation and scheduling requests per account
• IP addresses and device fingerprints for fraud prevention
• Request timestamps and API call frequency
• Post complexity and content metrics

We enforce rate limits (5 requests per minute) and quota restrictions based on your subscription tier to maintain service quality and prevent abuse.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing, maintaining, and improving the Service
• Processing transactions and sending billing information
• Authenticating your account and preventing fraud
• Sending service announcements, updates, and technical notices
• Responding to your inquiries and customer support requests
• Personalizing your experience and delivering customized content
• Conducting research, analytics, and service improvement
• Marketing and promotional communications (with your consent)
• Complying with legal obligations and enforcing our Terms of Service
• Detecting and preventing fraud, abuse, and security incidents
• Rate Limiting: Enforcing API usage limits to maintain service quality and prevent abuse
• Quota Management: Tracking your content generation and scheduling quota based on your subscription tier
• Device Fingerprinting: Creating anonymous device identifiers to detect fraudulent accounts on free plans

4. How We Share Your Information

We do not sell your personal information. However, we may share your information with:

• Stripe (Payment Processor): When you subscribe, we share your billing address, email, and subscription ID with Stripe for payment processing and subscription management
• Firebase (Data Storage & Authentication): Your account information, authentication data, and generated content are stored on Google Firebase infrastructure
• Service Providers: Cloud hosting, analytics providers, and email delivery services
• Legal Compliance: When required by law, court order, or government request
• Business Transfers: In case of merger, acquisition, or asset sale
• With Your Consent: For any other purposes with your explicit permission

We require all third parties to maintain the confidentiality and security of your information and use it only for the purposes we specify.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure authentication and access controls
• Regular security audits and penetration testing
• Employee training on data protection

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. Any transmission is at your own risk.

5.1 Security Monitoring & Fraud Prevention

To maintain the security and integrity of our Service, we employ advanced security monitoring systems that automatically detect and flag suspicious behavior. This monitoring is essential to prevent fraud, abuse, and misuse.

What We Monitor:

• Development Tool Usage: Detection of browser developer tools (DevTools) to prevent reverse engineering and code extraction attempts
• Network Signals: IP geolocation, VPN/proxy detection, and unusual network patterns
• Account Behavior: Content generation patterns, posting frequency, API usage, form field interactions, and feature usage patterns
• Content Patterns: Analysis of generated content for compliance with our policies
• File Upload Patterns: Types and quantities of files being uploaded to detect abuse
• Session Behavior: Time spent on platform, features accessed, and interaction sequences

When Data is Flagged:

When our systems detect suspicious activity (e.g., development tools open for extended periods, unusual API patterns, or policy violations), we compile a comprehensive behavioral profile including:

• Your account information (email, subscription tier, account age)
• Complete generation history and content samples
• Session behavior and feature usage patterns
• IP address and network information (country, city, ISP, VPN status)
• File upload statistics and types
• Form field usage patterns

Human Review:

All flagged accounts receive a rational human review by our security team. We distinguish between:

• Legitimate developers testing their builds (typically allowed to continue)
• Suspicious patterns requiring further investigation
• Clear violations warranting account suspension or termination

Account Termination:

If we determine your account is being used to violate our Terms of Service or engage in malicious activity, we may suspend or terminate your account. Upon termination, we will notify you of the reason and provide your personal data in machine-readable format as required by law.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to request a copy of your personal information and to receive it in a portable format.

6.2 Correction and Deletion

You can update, correct, or delete your account information at any time by logging into your account settings. You may also request complete data deletion, subject to legal retention requirements.

6.3 Marketing Communications

You can opt out of promotional emails by clicking the "unsubscribe" link in any email or adjusting your notification preferences in your account settings.

6.4 Cookie Preferences

Most browsers allow you to refuse cookies or alert you when cookies are being sent. You may also disable cookies through your browser settings, though this may affect certain features of the Service.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for authentication and security
• Performance Cookies: Help us understand how you use the Service
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Track usage patterns and improve the Service
• Marketing Cookies: Used for retargeting and advertising (with consent)

8. Third-Party Links

The Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9. Children's Privacy

Sleepy Post is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal information, we will immediately delete such information and terminate the child's account.

10. Data Retention

We retain your personal information for as long as necessary to:

• Maintain your account and provide the Service
• Comply with legal and tax obligations
• Resolve disputes and enforce agreements

You may request deletion of your data at any time, subject to legal retention requirements.

11. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence. By using Sleepy Post, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules. We implement appropriate safeguards for international transfers.

12. Your Privacy Rights by Region

12.1 EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, correct, delete, restrict, port, and object to processing of your personal data.

12.2 California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt-out of the sale of your personal information.

13. Changes to This Privacy Policy

WeLinkMe Inc. may update this Privacy Policy at any time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

We will respond to your privacy request within 30 days or as required by applicable law.