Security & trust

Your accounts, handled with care.

Connecting a social account means trusting us with something that matters. Here's exactly how we earn that — in plain language, no security theatre.

“Will this get my account banned?”

No. We post through each platform's official developer API — the same sanctioned path the platforms build for tools like ours. We never scrape, never automate a logged-in browser session, and never do anything that violates a platform's terms. That's also why some networks take time to turn on: we go through each one's formal app review rather than cutting corners.

“Can you see or take my stuff?”

We ask for the narrowest permissions that let us do the job — publish posts and read the performance of your own content. Every access token we store is encrypted, every workspace is walled off from every other, and your content is never used to train AI models. You can disconnect or delete everything in one click.

How it works

Safe by construction.

Official APIs only

We integrate through Meta, YouTube, TikTok, and LinkedIn's official developer programmes. No scraping, no unofficial endpoints, no session hijacking — the approaches that get accounts flagged.

Encrypted tokens

OAuth tokens are encrypted at rest with AES-256-GCM before they ever touch our database. We never log them, never return them, and never expose them through the API.

Narrow scopes

We request only the permissions a feature needs — publish on your behalf, and read insights for your own posts. We don't ask for your messages, your contacts, or anything we don't use.

No model training

Your posts, captions, brand kit, and media are yours. We do not use your content to train AI models — full stop. The AI works for you, on your material, under your direction.

Walled-off workspaces

Every piece of data is scoped to your workspace and enforced at the database layer on every request — so one customer can never read or touch another's accounts, posts, or media.

You stay in control

Disconnect any channel and we wipe its tokens immediately. Delete your data and it's gone. Nothing publishes without you — you edit, you approve, you publish.

What we'll never do

  • Scrape platforms or automate your logged-in session.
  • Train AI models on your content.
  • Post anything without your explicit approval.
  • Sell your data, or share it beyond what a connected platform requires.
  • Request permissions we don't actually use.
  • Stamp a “made with postme.live” watermark on your work.
Verification

Reviewed, and accountable.

  • Google-verifiedYouTube OAuth approved
  • Independently reviewedsecurity audit, June 2026
  • Encrypted at restAES-256-GCM tokens
  • Network-isolatedhardened infrastructure
  • A real companyOutback Yak ↗

postme.live is built by Outback Yak — a registered Melbourne software firm (ABN 11 672 730 773). Meta and TikTok app reviews are in progress; we'll show each platform's verification here the day it clears.

Your data, your call

Disconnect anytime

Removing a channel wipes its stored tokens immediately while keeping your own post history intact.

Delete everything

One request removes your data for good. See Data deletion.

Read the fine print

Our Privacy policy, Terms, and Permissions spell out the rest.

Found something that looks off? Tell us at [email protected] — we read every report.

Security & trust · postme.live