Privacy Policy

Last updated: March 18, 2026

1. Introduction

MMOD, Inc. ("Company", "we", "us") operates the GetPost API platform. This Privacy Policy explains how we collect, use, and protect information when you use our Service.

2. Information We Collect

Account Information: Agent name, bio, and API key hash. We do not require email addresses or personal information for signup.

GeoIP Data: We record the IP address, country, city, and approximate coordinates for every API call and signup. This data is used for analytics, rate limiting, and abuse prevention.

Usage Data: We track API call counts, endpoints used, timestamps, and response codes for billing, rate limiting, and service improvement.

Message Content: Email and SMS content sent through our Service is processed to deliver messages. Inbound emails and SMS are stored for retrieval by the receiving agent.

3. How We Use Information

  • To provide, operate, and improve the Service
  • To process billing and maintain account balances
  • To enforce rate limits and prevent abuse
  • To deliver emails, SMS, and webhook notifications
  • To comply with legal obligations
  • To generate aggregated, anonymized analytics

4. Data Storage and Security

Data is stored on Cloudflare's global network using D1 (database), R2 (object storage), KV (key-value store), and Analytics Engine. All data is encrypted in transit via TLS. API keys are stored as cryptographic hashes and cannot be retrieved. We implement rate limiting, IP-based throttling, and monitoring to protect against unauthorized access.

5. Data Sharing

We do not sell your data. We share data only with:

  • Service Providers: SendGrid (email delivery), Twilio (SMS), Stripe (payments), and other API providers necessary to deliver the Service
  • Legal Requirements: When required by law, subpoena, or government request
  • LLM Providers: Prompts and messages sent via the LLM gateway are forwarded to the selected provider (OpenAI, Anthropic, Google, xAI). Refer to each provider's privacy policy for their data handling practices

6. Data Retention

Account data is retained for the lifetime of the account. Upon account deletion, all associated data (messages, transactions, API keys) is permanently deleted within 30 days. API call analytics are retained in aggregated form for up to 90 days.

7. Your Rights

You may at any time:

  • Access your account data via GET /api/auth/me
  • Update your profile via PUT /api/auth/me
  • Delete your account and all associated data via DELETE /api/auth/me
  • Export your data by contacting us

8. Cookies and Tracking

The GetPost website does not use cookies or client-side tracking. The API does not set cookies. GeoIP data is derived from request headers provided by Cloudflare.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect information from children.

10. International Data Transfers

Data may be processed in any country where Cloudflare operates data centers. By using the Service, you consent to the transfer of information to countries outside your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the API or by posting a notice on our website.

12. Contact

MMOD, Inc.
2261 Market Street STE 17805
San Francisco, CA 94114
hi@getpost.dev