CrossPostr
Sign in

Privacy Policy

Last updated: 8 July 2026

FSL Software Ltd, trading as CrossPostr.

This Privacy Policy explains how FSL Software Ltd, a company registered in England & Wales (company number 17258058, registered office 2 Rhosili Road, Cefn Hengoed, CF82 7JE), trading as CrossPostr ("CrossPostr", "we", "us", "our"), collects and processes your personal data when you use the CrossPostr website, API, MCP server, and dashboard (together, the "Service"). We are the data controller for the personal data described below.

We are committed to protecting your data in line with the UK GDPR and the Data Protection Act 2018. Questions? Email privacy@crosspostr.io.

1. Data we collect

2. How we use your data

3. Legal bases (UK GDPR)

4. Storage, security, and retention

OAuth tokens are encrypted at rest using AES-256-GCM. Data is hosted on infrastructure within the UK/EU and on Cloudflare's network. We retain connected-account data only while the account is connected: when you disconnect an account or delete your CrossPostr account, we delete the associated tokens and stop retrieving data from that platform. We may retain minimal billing and log records where required for legal, accounting, or security purposes.

5. Connected platforms

CrossPostr acts on your behalf to publish to and read analytics from third-party platforms. We request the minimum scopes required:

PlatformScopes requestedPurpose
YouTube (Google) youtube.upload, youtube.readonly, yt-analytics.readonly, youtube.force-ssl Upload videos, read your channel and video data, retrieve analytics, and manage comments where you request it.
TikTok user.info.basic, video.list, video.upload (and video.publish where enabled) Identify your account, list your videos, upload content to your inbox/drafts, and publish where you enable direct posting.

YouTube API Services

CrossPostr uses YouTube API Services. By connecting a YouTube account, you agree to the YouTube Terms of Service. Google's handling of your data is described in the Google Privacy Policy. You can revoke CrossPostr's access to your Google/YouTube data at any time via the Google security settings page (https://myaccount.google.com/permissions).

Limited Use. CrossPostr's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data solely to provide and improve the user-facing features of the Service, do not transfer it except as necessary to provide those features or as required by law, do not use it for advertising, and do not allow humans to read it except with your consent, for security, to comply with law, or where the data is aggregated and anonymised.

TikTok

CrossPostr integrates with the TikTok Content Posting and Display APIs to publish content and read analytics on your behalf, subject to TikTok's Terms of Service and Privacy Policy. You can revoke access from your TikTok account's connected-apps settings.

6. Sharing and sub-processors

We do not sell your personal data. We share it only with service providers who process it on our behalf under contract, including: cloud/hosting and network providers (including Cloudflare), payment processing (Stripe), and the social platforms you connect. We may disclose data where required by law.

7. International transfers

Where data is transferred outside the UK/EEA (for example to a sub-processor), we rely on adequacy decisions or appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

8. Your rights

Under UK data protection law you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. To exercise any right, email privacy@crosspostr.io. You also have the right to complain to the Information Commissioner's Office (ICO).

9. Cookies

The marketing site uses only essential cookies. The dashboard uses cookies strictly necessary for authentication and security. We do not use advertising cookies.

10. Children

The Service is not directed to individuals under 18, and we do not knowingly collect their data.

11. Changes

We may update this policy; we will revise the "Last updated" date and, for material changes, provide additional notice.

12. Contact

FSL Software Ltd, trading as CrossPostr — privacy@crosspostr.io.