Privacy Policy

Last updated: 18 June 2026  ·  Effective date: 18 June 2026

This Privacy Policy describes how Mindcraft Edtech Services OPC Pvt. Ltd. ("we", "us", or "our") collects, uses, and protects your personal information when you use LinkedIn Article Poster (LAP), accessible at linkedin-article-poster.fly.dev.

By using LAP, you agree to the collection and use of information in accordance with this policy. This policy is compliant with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA).

1. Information We Collect

We collect only the information necessary to provide the service:

• Account information: Your email address, name, and hashed password when you register.
• Payment information: Your email address for order creation. Card/UPI details are processed entirely by Razorpay and never stored on our servers.
• LinkedIn OAuth tokens: Access tokens issued by LinkedIn when you connect your account. These are stored encrypted and used solely to publish posts on your behalf at your instruction.
• Content data: Post drafts, writing styles, prompt templates, and content calendar entries you create within the app.
• API usage logs: Token counts and cost estimates for Anthropic API calls made through your account. No post content is logged — only metadata.
• License key: A cryptographically signed token tied to your email and subscription tier.

We do not collect sensitive personal data such as financial credentials, Aadhaar numbers, biometrics, or health information.

2. How We Use Your Information

• To create and manage your account and subscription.
• To deliver your license key via email after payment.
• To publish LinkedIn posts on your behalf at times you schedule.
• To generate posts using the Anthropic API with your own API key.
• To provide customer support when you contact us.
• To enforce our Terms of Service and prevent misuse.

We do not use your data for advertising, profiling, or sell it to third parties.

3. Third-Party Services

LAP integrates with the following third-party services. Their respective privacy policies govern how they handle your data:

• Razorpay — Payment processing. Razorpay collects and stores your payment instrument details. We share only your email and order amount with Razorpay. Razorpay Privacy Policy.
• LinkedIn — OAuth authentication and post publishing. We access only the permissions you explicitly grant. LinkedIn Privacy Policy.
• Anthropic — AI post generation using your own Anthropic API key. Your key and prompts are sent to Anthropic's API per their terms. Anthropic Privacy Policy.
• Resend — Transactional email delivery (license keys, notifications). Resend Privacy Policy.
• Fly.io — Cloud hosting. All data is stored on Fly.io servers in the Mumbai (bom) region. Fly.io Privacy Policy.

4. Data Storage and Security

Your data is stored in a SQLite database on a Fly.io persistent volume located in Mumbai, India. We implement the following security measures:

• Passwords are hashed using bcrypt before storage — we never store plaintext passwords.
• LinkedIn tokens are stored with encryption at rest.
• All communication between your browser and LAP is encrypted via HTTPS (TLS).
• License keys are HMAC-signed and verified on every use.
• Anthropic API keys are stored encrypted and never exposed in the UI after saving.

5. Data Retention

We retain your account data for as long as your account exists. Your content data (post drafts, calendar entries, writing styles) is retained indefinitely — even if your subscription lapses — so you do not lose your work.

You may request deletion of your account and all associated data at any time by contacting us at support@mindcraftedtech.in. Deletion requests are processed within 30 days.

6. Cookies

LAP uses a single HTTP-only session cookie (lap_token) to keep you signed in. This cookie is:

• Not accessible to JavaScript (HTTP-only flag).
• Transmitted only over HTTPS (Secure flag).
• Valid for 7 days, after which you must sign in again.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

7. Your Rights

Under the DPDPA 2023, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Erasure — request deletion of your personal data.
• Grievance redressal — lodge a complaint with our Grievance Officer.

To exercise any of these rights, contact us at support@mindcraftedtech.in. We will respond within 30 days.

8. Children's Privacy

LAP is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last updated" date at the top of this page. Continued use of LAP after any changes constitutes acceptance of the updated policy.