Last updated: April 19, 2026 · MEDISTRAT SDN. BHD. , Malaysia
Post2Share ("we", "our", or "us") is a social media management platform operated by MEDISTRAT SDN. BHD. , based in Malaysia. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services at app.post2share.com.
By using Post2Share, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.
We collect the following information when you use Post2Share:
pages_manage_posts, pages_read_engagement, read_insights).instagram_business_basic, instagram_business_content_publish, instagram_business_manage_insights, instagram_business_manage_comments, instagram_business_manage_messages).threads_basic, threads_content_publish, threads_manage_insights).urn:li:person:...), post IDs, and engagement data (likes, comments) to publish posts and display analytics on your behalf. We request w_member_social and r_member_social scopes.| Platform | What We Access | Status |
|---|---|---|
Public profile, email, page access tokens — publish text, photos & videos to Pages; read page insights and engagement. Scopes: pages_manage_posts, pages_read_engagement, read_insights, pages_show_list, pages_manage_metadata | Live | |
Business account ID, username, access token — publish images, videos & Reels; read insights. Scopes: instagram_business_basic, instagram_business_content_publish, instagram_business_manage_insights, instagram_business_manage_comments, instagram_business_manage_messages | Live | |
| 🧵 Threads | User ID, username, access token — publish text, image & video posts; read post analytics. Scopes: threads_basic, threads_content_publish, threads_manage_insights | Live |
Person URN, access token — publish text, image & video posts; read post engagement via Community Management API. Scopes: w_member_social, r_member_social | Live | |
| ▶️ YouTube | OAuth tokens — upload videos & Shorts, check processing status. Scopes: youtube.upload, youtube, youtube.readonly | Live |
| ✕ X (Twitter) | OAuth 2.0 PKCE tokens — publish tweets, upload media. Scopes: tweet.read, tweet.write, users.read, media.write | Live |
Username, access token, refresh token — create image & video pins on boards. Scopes: pins:write, boards:read, user_accounts:read | Coming Soon | |
| Not yet connected | Coming Soon | |
| 🎵 TikTok | Not yet connected | Coming Soon |
Post2Share's use of data from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
youtube.upload exclusively to upload videos you create within Post2Share.youtube scope to verify video processing status after upload.Post2Share's use of Facebook and Instagram data complies with the Meta Platform Policy and Meta Developer Policies.
pages_manage_posts, instagram_business_content_publish, and related scopes. We only request permissions necessary for the features you use.Post2Share's use of Threads data complies with the Threads API Policy.
threads_basic, threads_content_publish, and threads_manage_insights scopes.fb_exchange_token grant. Page tokens are stored per connected Page.ig_exchange_token grant before expiry.w_member_social for publishing and r_member_social for reading post engagement analytics. Expired tokens require manual reconnection.th_refresh_token grant.All tokens are stored encrypted and only used to perform actions you initiate within Post2Share.
Post2Share includes an AI Credit system used for AI image generation (Seedream 4.5 by ByteDance), AI caption writing, analytics, and automation. Your prompts may be sent to third-party AI providers to generate results. We do not store prompts beyond what is necessary to deliver the generation. AI Credits never expire and are managed in your AI Credit Wallet in Settings.
Your data is stored on secure cloud infrastructure with encrypted storage of OAuth tokens, HTTPS/TLS for all data in transit, role-based access controls, and regular security reviews. While we take reasonable precautions, no system is completely secure.
We retain your data for as long as your account is active. Upon account deletion, personal data is removed within 30 days except where required by law. Aggregated, anonymized analytics data may be retained.
Under Malaysian law (PDPA 2010) you have the right to access, correct, or delete your personal data, withdraw consent, and disconnect any connected social account from within platform Settings. Contact us at info@post2share.com to exercise these rights.
Post2Share uses essential browser storage (cookies and localStorage) to maintain login sessions and workspace preferences. We do not use tracking cookies or third-party advertising cookies.
Post2Share is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will delete the account promptly.
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use after changes constitutes acceptance.