← Back to Raycaster

Privacy Policy

Last updated: February 11, 2026

1. Who We Are

Raycaster is operated by Raygency (“we”, “us”, “our”). Raycaster is an AI-powered content creation and publishing platform for LinkedIn and X (formerly Twitter). Our website is raycaster.raygency.com.

2. Information We Collect

Account Information

  • Name and email address (provided during signup or via Google/LinkedIn OAuth)
  • Hashed password (if using email/password authentication)
  • Timezone preference

Connected Account Data

  • LinkedIn: OAuth access token, refresh token, LinkedIn profile ID, and token expiry (used solely to publish content on your behalf)
  • X (Twitter): OAuth access token, refresh token, X user ID, and token expiry (used solely to publish content on your behalf)

We do not read your LinkedIn or X feed, connections, messages, or any data beyond what is required to publish posts you create.

Content You Create

  • Drafts, compositions, and published posts
  • AI-generated research and content (stored to enable editing and re-generation)
  • Writing style samples you provide for analysis
  • AI-generated images
  • Scheduling and queue preferences

Usage Data

  • Page views, clicks, and feature usage (collected via PostHog analytics)
  • Session recordings for UX improvement (via PostHog, anonymized)
  • AI usage metrics (token counts, generation counts — for quota enforcement)
  • Feedback submissions

3. How We Use Your Information

  • To provide the service: Create and publish content to LinkedIn and X on your behalf
  • To improve the product: Understand feature usage, identify bugs, and improve the user experience
  • To enforce limits: Track usage against free tier quotas (weekly publishing limits, AI generation limits)
  • To communicate: Respond to feedback you submit through the app

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate Raycaster:

  • Supabase (database hosting) — stores your account and content data
  • Anthropic (Claude API) — processes your topics to generate research and written content. Your prompts are sent to Anthropic's API; refer to Anthropic's Privacy Policy
  • OpenAI (gpt-image-1) — generates images from text prompts. Refer to OpenAI's Privacy Policy
  • LinkedIn API — publishes posts to your LinkedIn profile using your authorized token
  • X API — publishes tweets to your X account using your authorized token
  • PostHog — product analytics and session recordings. Refer to PostHog's Privacy Policy
  • Google OAuth — authentication only; we receive your name and email

5. Data Storage and Security

  • All data is stored in a Supabase-hosted PostgreSQL database with Row Level Security enabled
  • OAuth tokens are stored encrypted in the database and are only used to publish content you explicitly request
  • Passwords are hashed using bcrypt before storage
  • All connections use HTTPS/TLS encryption in transit
  • API routes are protected with authentication checks and rate limiting
  • JWT sessions expire after 7 days

6. Your Rights

You have the right to:

  • Access your data — all your drafts, compositions, and settings are visible in the app
  • Delete your content — you can delete individual drafts and compositions at any time
  • Disconnect accounts — you can disconnect LinkedIn or X at any time from Settings
  • Request account deletion — contact us to permanently delete your account and all associated data
  • Opt out of analytics — PostHog respects Do Not Track browser settings

7. Data Retention

  • Your account data is retained as long as your account is active
  • Deleted drafts and compositions are permanently removed from the database
  • AI usage logs are retained for billing and quota enforcement
  • OAuth tokens are automatically invalidated upon disconnection
  • Upon account deletion request, all data is permanently removed within 30 days

8. Cookies

We use the following cookies:

  • Session cookie — maintains your authenticated session (essential, expires in 7 days)
  • OAuth state cookies — temporary cookies for LinkedIn/X OAuth flows (expire in 10 minutes)
  • PostHog cookies — anonymous analytics identifiers (can be disabled via Do Not Track)

We do not use advertising or third-party tracking cookies.

9. Children's Privacy

Raycaster is not intended for use by anyone under 16 years of age. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of Raycaster after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to request account deletion, contact us at:

Email: privacy@raygency.com

Website: raygency.com

Terms of Service·© 2026 Raygency. All rights reserved.