Privacy Policy

Last updated: April 2025

1. What We Collect

Humanpost collects the minimum data required to deliver the service. When you connect your LinkedIn account, we receive your LinkedIn profile information (name, email address, and profile identifier) through LinkedIn's OAuth flow using the r_liteprofile and r_emailaddress permissions.

While you compose a LinkedIn post with the Humanpost Chrome Extension active, the extension records keystroke timing metadata (timestamps of key events, pauses, and edits). We do not record which specific keys you press. The post content itself is hashed and stored as part of the cryptographic proof chain.

If you subscribe to a paid plan, payment is handled entirely by Stripe. Humanpost never sees or stores your card number or billing details. Stripe shares only the subscription status and a customer identifier with us.

2. How We Use Your Data

Keystroke timing metadata is processed by our scoring engine to produce a human-authorship score using four statistical signals: timing variance, burst/pause ratio, revision density, and session plausibility. No machine-learning model is trained on your data.

The sequence of writing events is assembled into a Merkle chain using SHA-256 hashes to produce a tamper-evident proof of process. This proof is stored alongside your score and made available via a shareable verification certificate at humanpost.site.

With your explicit consent, Humanpost publishes your post to LinkedIn on your behalf using the w_member_social permission. You remain in full control and can revoke this permission at any time through your LinkedIn settings.

3. Data Storage and Security

All data is stored on servers hosted within the European Union. Data at rest is encrypted using AES-256-GCM. All data in transit is protected by TLS 1.2 or higher.

Session tokens are short-lived and stored in memory only. We do not use third-party analytics trackers or advertising cookies on any Humanpost page.

4. Third-Party Services

We rely on the following third-party services to operate Humanpost:

  • LinkedIn, to authenticate your identity and publish posts on your behalf. LinkedIn's own privacy policy applies to data held by LinkedIn.
  • Stripe, to process subscription payments securely. Stripe is a PCI DSS Level 1 certified payment processor.
  • Google Cloud, for EU-region infrastructure and object storage of verification certificates.

5. Chrome Extension Permissions

The Humanpost Chrome Extension requests the following permissions:

  • storage, to persist your session token and scoring preferences locally in your browser.
  • activeTab, to detect when you are composing a post on LinkedIn and activate the scoring overlay.
  • Host permission for linkedin.com, to inject the timing capture script into the LinkedIn post composer. The script runs only on the linkedin.com domain and only when the composer is open.

The extension does not read your LinkedIn feed, messages, or any content outside the post composer.

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access, to request a copy of the personal data we hold about you.
  • Right to rectification, to request correction of inaccurate personal data.
  • Right to erasure, to request deletion of your personal data (see section 7 below).
  • Right to data portability, to receive your data in a structured, machine-readable format.
  • Right to object, to object to processing of your personal data in certain circumstances.

To exercise any of these rights, contact us at the address in section 8.

7. Data Deletion

You may request full deletion of your account and all associated data at any time by sending an email to hello@flowhouse.ai with the subject line "Delete my Humanpost account" and your registered email address.

We will process your request within 30 days and confirm deletion by reply. Note that published LinkedIn posts are not deleted from LinkedIn, as those are governed by LinkedIn's own terms. Publicly accessible verification certificates will be invalidated and removed from humanpost.site.

8. Contact

Questions about this privacy policy or requests under GDPR can be directed to the data controller:

Flowhouse GmbH
Kronprinzenstr. 97
40217 Dusseldorf
Germany
E-Mail: hello@flowhouse.ai