AnyPost

Privacy Policy

Last updated 2026-05-31

Overview

AnyPost ("we", "us") is operated by the AnyPost team and runs anypost.md — a service that turns public social-post URLs into clean Markdown for humans and agents. This policy explains what we collect, why, and your choices. For any privacy request, reach us at hey@anypost.md.

What we collect

When you convert a post (guest or API key)

  • The URL you submit and conversion options (format, thread, comments, etc.)
  • Technical metadata needed to operate the service (IP address, user agent, timestamps)
  • Conversion outcomes (success/failure, platform detected, credits charged)

We do not require an account for basic conversions. Public post content is fetched from third-party platforms at your request; we do not claim ownership of that content.

When you create an account

  • Google sign-in profile (email, display name, avatar) via Firebase Authentication
  • Billing and credit balance tied to your account
  • API keys you create (apk_ prefixes stored hashed; full keys shown once at creation)

When you purchase credits

  • Stripe checkout metadata (email, payment status). We do not store full card numbers — Stripe processes payments.

Analytics

  • Product analytics via PostHog (page views, feature usage). We identify users with Google uid or an agent:apk_ prefix — never full API keys.

Cookies and local storage

We use a small number of cookies and browser storage to run the service, not for advertising:

  • Authentication — Firebase sets cookies/tokens to keep you signed in after Google sign-in.
  • Analytics — PostHog sets first-party cookies to measure page views and feature usage. We proxy PostHog through our own domain (/ph); we do not run third-party ad trackers.
  • Local storage — your browser stores your API key and converter preferences (format, thread, author, comments toggles) locally so the app works across visits. These never leave your device except when sent to our API to perform a conversion.

You can clear cookies and local storage in your browser at any time (this signs you out and resets stored preferences). To opt out of analytics, block the /ph endpoint or use your browser's tracking-protection settings; the conversion service still works.

How we use data

  • Provide, secure, and improve the conversion API and website
  • Enforce plan limits, free-tier caps, and abuse prevention
  • Bill for credit packs and show usage in your account
  • Support requests sent to hey@anypost.md

What we do not do

  • Sell personal data
  • Use your converted content to train third-party models
  • Mix AnyPost billing data with unrelated products in our infrastructure

Retention

Conversion logs and account records are kept as long as needed for operations, billing, and legal compliance. You may request deletion of account data by emailing hey@anypost.md.

Third parties

We use subprocessors to operate the service, including hosting, authentication (Google/Firebase), payments (Stripe), database (Supabase), and analytics (PostHog). Fetched post content originates from the platform you link to (X, LinkedIn, Reddit, etc.) and their respective policies apply to that source material.

Security

API keys are secrets — treat them like passwords. We store key hashes and show the full key only once at creation. Use HTTPS for all API calls.

Children

AnyPost is not directed at children under 13. We do not knowingly collect data from children.

Changes

We may update this policy. The "Last updated" date at the top reflects the latest revision. Continued use after changes constitutes acceptance.

Contact

Questions about privacy: hey@anypost.md.

See also our Terms of Service.