Publion

Legal

Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how Publion LLC ("Publion," "we," "us," or "our") collects, uses, discloses, and protects information when you use Publion's website, application, APIs, and related services, including publion.app and dashboard.publion.app(the "Service").

Publion is a Facebook publishing and operations platform for teams that manage Facebook pages, accounts, scheduled posts, approvals, imported posts, billing, and analytics.

If you use Publion on behalf of an organization, your organization may also control how your account and workspace information is used inside that organization.

1. Information We Collect

Account and authentication information

We collect information used to create, secure, and manage your account, such as:

  • Name, email address, profile image, account ID, user type, and account status.
  • Password credentials, authentication tokens, password reset records, verification codes, and email verification status.
  • Session information, including session tokens, expiration times, IP address, and user agent.
  • Two-factor authentication setup information, including encrypted two-factor secrets and backup codes.
  • Google account profile information if you choose to sign in or link your account using Google, when that option is available.

Organization and workspace information

We collect information about organizations and workspaces in Publion, including:

  • Organization name, slug, image, owner, members, roles, member status, and preferences.
  • Organization invitations, invitee email addresses, invite tokens, invite status, and expiration dates.
  • Approval settings, onboarding state, active organization preferences, notification preferences, and operational status.
  • Watermarks and organization images you upload or configure.

Meta and Facebook information

When you connect a Meta or Facebook account, Publion requests permissions needed to manage Facebook page publishing operations. Depending on the permissions you grant and the pages you manage, we may collect and process:

  • Meta user ID, display name, profile picture, OAuth state, access tokens, token expiration dates, token refresh status, and connection health.
  • Facebook page IDs, names, profile pictures, page access tokens, page tasks/permissions, publishing activation status, and page health.
  • Scheduled, queued, published, failed, canceled, or review-needed publishing targets.
  • Captions, first comments, comment queues, post content, media references, scheduled times, status reasons, publish attempts, Meta response snapshots, Facebook post IDs, comment IDs, permalink URLs, and verification results.
  • Facebook page and post analytics, including impressions, reach, engagement, clicks, reactions, comments, shares, views, media URLs, post timestamps, and related performance snapshots.

Meta/Facebook access tokens and page tokens are encrypted before storage.

Content and media

We collect content you and your organization create, upload, import, edit, schedule, approve, publish, or save in Publion, including:

  • Drafts, saved posts, imported posts, captions, comments, text formatting settings, CSV or bulk import data, scheduling configuration, target pages, page groups, and approval comments.
  • Images, videos, watermarks, avatars, organization images, media metadata, file size, MIME type, dimensions, duration, thumbnails, storage keys, hashes, and public/CDN URLs.
  • Imported content sent through API keys or webhooks, such as original captions, image URLs, WordPress post URLs, selected pages, and scheduled times.

Some media may be stored with public URLs when that is necessary to preview, process, or publish content through Meta/Facebook or other connected workflows.

Billing information

If your organization uses paid features, we collect billing-related information such as:

  • Stripe customer ID, Stripe subscription ID, subscription item IDs, billing plan, billing interval, subscription status, page limits, member limits, cancellation status, billing period dates, and scheduled changes.
  • Invoice IDs, invoice amounts, currency, invoice status, and issue dates.
  • Billing activity, subscription changes, and billing audit log entries.

Publion does not store full payment card numbers. Payment method details are processed by Stripe.

Communications and support information

We collect information you provide when you contact support, respond to transactional emails, receive invites, receive billing or approval messages, use website chat, or otherwise communicate with us.

We may send transactional emails for account verification, password resets, email changes, organization invitations, approval requests, approval outcomes, billing changes, and platform notifications.

Website, analytics, device, and usage information

When you visit the website or use the application, we may collect:

  • Pages viewed, links clicked, product events, feature usage, navigation paths, timestamps, referring pages, approximate location derived from IP address, device information, browser information, and operating system information.
  • Application diagnostics, errors, performance traces, logs, audit events, incident events, and worker health data.
  • Cookies and local storage used for authentication, session management, preferences, theme, sidebar state, analytics, security, and product improvement.

The marketing website uses tools such as Google Analytics, PostHog, and Crisp chat where configured. The application uses PostHog product analytics and Sentry error monitoring where configured. PostHog session recording may be used in the application with input masking enabled.

2. How We Use Information

We use information to:

  • Provide, operate, secure, maintain, and improve Publion.
  • Create and authenticate accounts, verify email addresses, process password resets, manage sessions, and support two-factor authentication.
  • Create organizations, manage members, enforce roles and permissions, process invitations, and maintain organization settings.
  • Connect Meta/Facebook accounts, import page inventories, monitor connection health, refresh tokens, and help you manage publishing access.
  • Create, preview, save, import, approve, schedule, publish, verify, repost, delete, and sync Facebook content.
  • Store and process uploaded media, watermarks, avatars, and organization images.
  • Provide calendars, logs, analytics, saved posts, approvals, notifications, billing, and admin operations.
  • Process payments, subscriptions, invoices, billing portal sessions, cancellations, downgrades, and billing notices.
  • Send transactional, administrative, security, product, and support communications.
  • Detect, investigate, and prevent fraud, abuse, security incidents, account misuse, policy violations, and technical problems.
  • Enforce our Terms of Service and other agreements.
  • Comply with legal obligations, respond to lawful requests, and protect rights, safety, and property.

3. How We Share Information

We may share information with:

  • Meta/Facebook. We send content, media, comments, scheduling details, page identifiers, access tokens, and related information to Meta/Facebook when needed to connect accounts, fetch pages, publish content, manage comments, sync post status, delete scheduled targets where supported, or retrieve analytics.
  • Stripe. We share billing and customer information with Stripe to create customers, process checkout, manage subscriptions, open billing portal sessions, receive webhook updates, and maintain invoice records.
  • Supabase and hosting/storage providers. We use database, storage, and infrastructure providers to host the Service, store records, store media, and serve files.
  • Resend and email providers. We use email providers to send verification, password reset, invitation, approval, billing, and notification emails.
  • Google. If you use Google sign-in, Google processes the authentication flow and provides the account information needed to sign you in.
  • PostHog, Google Analytics, Sentry, and Crisp. We use analytics, diagnostics, error monitoring, and chat providers to understand usage, improve the Service, diagnose issues, and respond to support requests.
  • Organization members. Information inside an organization may be visible to owners, admins, approvers, editors, and other members according to their roles. Organization owners and admins can manage members, roles, settings, connected pages, billing, and content.
  • Publion personnel and platform administrators. Authorized personnel may access account, organization, billing, support, audit, and operational records when needed to operate, secure, troubleshoot, support, or administer the Service.
  • Legal, safety, and business transfer recipients. We may disclose information if required by law, legal process, platform requirements, security needs, rights enforcement, merger, acquisition, financing, reorganization, or sale of assets.

We do not sell personal information for money.

4. Cookies and Similar Technologies

Publion uses cookies, local storage, and similar technologies for authentication, security, preferences, analytics, product improvement, and support. You can control cookies through your browser settings, but blocking some cookies may prevent the Service from working correctly.

5. Meta/Facebook Data Deletion

You may request deletion of Meta/Facebook data processed by Publion by emailing [email protected].

Please include:

  • The email address on your Publion account.
  • The organization name.
  • The connected Facebook account or page you want removed, if applicable.
  • Whether you want to delete only Meta/Facebook connection data, a specific organization's data, or your entire Publion account data.

When we receive a verified request, we will delete or de-identify applicable Meta/Facebook Platform Data that Publion controls, disconnect or stop using applicable tokens, and remove related records where required, subject to retention needed for security, fraud prevention, billing, legal obligations, dispute resolution, backup integrity, and service operation.

You can also disconnect Facebook accounts and pages inside Publion's Account Manager. Disconnecting stops future publishing through that connection or page and may cancel executable scheduled targets, but historical logs, billing records, audit records, and other operational records may remain unless deletion is requested or required.

6. Data Retention

We keep information for as long as needed to provide the Service, maintain your account or organization, meet legal and billing obligations, resolve disputes, enforce agreements, secure the Service, and maintain operational records.

Examples:

  • Account, organization, content, media, and Meta connection records are generally kept while your account or organization is active.
  • Session records are retained until they expire or are revoked.
  • Billing, invoice, audit, security, and operational records may be retained after account or organization deletion where needed for accounting, tax, fraud prevention, compliance, dispute resolution, and security.
  • Backups and logs may persist for a limited period after deletion before being overwritten or removed.

7. Security

We use technical and organizational safeguards designed to protect information, including encrypted storage of Meta access tokens, encrypted two-factor secrets, role-based access controls, authentication controls, session management, and monitoring. No system is completely secure, and we cannot guarantee absolute security.

You are responsible for keeping your account credentials, two-factor backup codes, API keys, and connected platform accounts secure.

8. Your Choices and Rights

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, objection, or withdrawal of consent for certain personal information. You may also have the right to appeal a denied privacy request.

You can update some information directly in Publion, including your profile name, email address, password, two-factor settings, organization settings, connected accounts, pages, drafts, media, and billing settings, depending on your role.

To make a privacy request, email [email protected]. We may need to verify your identity and authority before acting on a request. If your account belongs to an organization, we may direct some requests to the organization owner or administrator.

9. International Transfers

Publion is based in the United States. We and our service providers may process information in the United States and other countries where privacy laws may differ from those in your location.

10. Children's Privacy

Publion is not intended for children. You may not use Publion if you are under 18 or otherwise unable to form a binding agreement. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Service, by email, or by another reasonable method. The updated policy will be effective when posted unless stated otherwise.

12. Contact Us

Publion LLC

Email: [email protected]