Privacy Policy

oContentMan (“we”, “us”, “our”) is a product of Oamari. We operate the oContentMan platform, a LinkedIn content management service accessible at this domain and related subdomains. Our contact address for privacy matters is hello@ocontentman.com.

2.1 Account & identity data

When you sign up we collect your email address and a hashed password (or your OAuth provider identifier if you use social login). We store your display name as provided.

2.2 LinkedIn OAuth tokens

After you connect your LinkedIn account we store the access token returned by the LinkedIn OAuth 2.0 flow. This token is encrypted at rest using AES-256-GCM before being written to our database. We never log, display, or transmit this token to the client browser. We use it solely to publish posts on your behalf when you explicitly schedule or trigger a publish action.

2.3 Content you create

We store the post ideas, drafts, schedules, brand profiles, and voice samples you create within the platform. This content belongs to you (see Section 9).

2.4 Billing data

Payments are processed by Paystack. We store only the customer code and subscription code returned by Paystack after a successful transaction — we never see or store your raw card details. Paystack's own privacy policy governs their handling of your payment data.

2.5 Usage & analytics data

We use PostHog for product analytics. PostHog collects pseudonymous event data (page views, feature interactions, session duration) and associates it with a randomly assigned PostHog distinct ID. We do not send your email or name to PostHog unless you have explicitly provided consent. You can opt out of analytics via the “Do not track” browser setting, which we honour.

2.6 Technical & log data

Our infrastructure (Supabase / Vercel) may collect standard server logs including IP addresses, HTTP request metadata, and error traces for security and debugging purposes. These logs are retained for up to 30 days.

• Providing, operating, and improving the oContentMan service.
• Passing your post drafts and brand voice samples to the Groq AI inference API to generate text. Your content is sent to Groq under their standard API terms; it is not used to train their public models without separate consent.
• Scheduling and publishing posts to LinkedIn via the official LinkedIn API.
• Processing payments and managing your subscription via Paystack.
• Sending transactional emails (post approval requests, billing receipts).
• Detecting and preventing fraud, abuse, and security incidents.
• Complying with legal obligations, resolving disputes, and enforcing our Terms of Service.

We do not sell your personal data to third parties. We do not use your content for advertising.

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing personal data are:

• Contract performance — processing necessary to deliver the service you signed up for (account management, publishing, billing).
• Legitimate interests — security monitoring, fraud prevention, product analytics (balanced against your interests and rights).
• Legal obligation — retaining records as required by applicable law.
• Consent — where we rely on consent (e.g. marketing communications) you may withdraw it at any time.

We retain your account and content data for as long as your account is active. If you delete your account we will delete or anonymise your personal data within 30 days, except where retention is required to comply with legal obligations (e.g. financial records which we retain for 7 years) or to resolve open disputes.

Encrypted LinkedIn OAuth tokens are automatically invalidated and deleted when you disconnect your LinkedIn account.

Depending on your jurisdiction you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion; restrict or object to processing; receive your data in a portable format; and withdraw consent at any time where processing is based on consent.

California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, email hello@ocontentman.com. We will respond within 30 days.

We use strictly necessary session cookies for authentication (managed by Supabase Auth). We also set an analytics cookie for PostHog. We do not use advertising or retargeting cookies. A “Do Not Track” signal disables the PostHog cookie.

LinkedIn OAuth tokens are encrypted at rest (AES-256-GCM). All data in transit is protected by TLS 1.2+. We apply the principle of least privilege to infrastructure access. Row-level security (RLS) policies in the database ensure that users can only access their own data. Despite these measures, no system is perfectly secure — if you believe your account has been compromised please contact us immediately at hello@ocontentman.com.

Our sub-processors may process data in the United States and other jurisdictions. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers out of the EEA.

oContentMan is not directed at children under 16 years of age and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice in the app at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance.

For privacy questions: hello@ocontentman.com
For general support: hello@ocontentman.com