Legal

Privacy Policy

Last updated: May 21, 2026

Who we are

Key Post ("Key Post," "we," "our") is a real estate marketing platform operated from Naples, Florida, United States. We can be reached at hello@keypost.io.

What we collect

  • Account info. Name, email, phone, brokerage, MLS agent ID, and license number — provided during signup or onboarding.
  • Listings. Property records pulled from MLS providers (e.g., Bridge Data Output) on your behalf and using credentials you connect.
  • Social tokens. OAuth access tokens for Facebook, Instagram, LinkedIn, and X accounts you connect. Stored AES-256-GCM encrypted at rest; never logged.
  • Posts & analytics. Posts you schedule and the platform engagement metrics (likes, comments, reach where permitted) we fetch for them.
  • Seller contacts. Names and emails you choose to enter to enable seller receipts. Stored on the listing record; we email the seller only when you set this field.
  • Payment data. Stripe handles all card data. We retain the Stripe customer ID and subscription status only — never the card itself.
  • Usage data. Standard logs (IP address, browser, page paths) retained for security and debugging.

How we use it

  • Run Key Post — sync listings, publish posts, fetch engagement, send receipts.
  • Bill you and keep your subscription current.
  • Respond to support requests.
  • Detect abuse and screen captions for fair-housing compliance before publishing.

We do not sell your data, share it with advertisers, or use it to train AI models that benefit other customers.

Who we share with

  • AWS hosts the application and stores data in us-east-1.
  • Stripe processes payments.
  • Bridge Data Output is queried with your MLS credentials.
  • Meta, LinkedIn, X receive the posts you publish through us and return engagement data.
  • Amazon SES delivers transactional and seller-report emails.
  • Anthropic processes caption-generation requests. Anthropic does not train on Key Post data.

Your rights

California residents (CCPA) and EEA residents (GDPR) can request access, correction, or deletion of their personal data. Email privacy@keypost.ioand we'll respond within 30 days. You can also disconnect any social account and revoke our access at any time from your dashboard.

Cookies

We use cookies and localStorage for authentication (Cognito session, Stripe checkout) and to remember your preferences. No third-party advertising or analytics cookies.

Data retention

We keep your data while your account is active. On cancellation, listing and post history are retained for 30 days, then deleted. Stripe records retain longer per their requirements.

Security

We use AES-256-GCM for token storage, TLS in transit, AWS-managed KMS for at-rest encryption, and least-privilege IAM for every Lambda. We will notify affected users within 72 hours of any breach involving personal data.

Changes

We'll update this page if anything material changes and notify active users by email. The "Last updated" date above always reflects the current version.

Plain-language summary intended for transparency. Not legal advice; consult counsel for binding interpretation.