Privacy Policy

1. Introduction

Postification ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software-as-a-service (SaaS) platform for scheduling and automating social media posts.

This Privacy Policy applies to all users of Postification, regardless of their location. We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union and European Economic Area.

By using Postification, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our service.

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data

• Email address (required for account creation and authentication)
• Name or display name (if provided)
• Account password (stored in encrypted form)
• Account creation date and last login information

2.2 Authentication & Authorization Data

• OAuth tokens and refresh tokens for connected social media accounts (encrypted at rest)
• API credentials for third-party platforms (stored securely and encrypted)
• Token expiration dates and refresh information

2.3 Social Media Account Information

• Social media platform identifiers (e.g., X/Twitter username, account ID)
• Profile information (username, display name, avatar URL) obtained from connected accounts
• Account connection status and timestamps

2.4 Content & Scheduling Data

• Scheduled post content (text, captions)
• Scheduled publication dates and times
• Post status (pending, sent, failed)
• Media metadata (file names, sizes, types) for uploaded images and videos
• Post creation and modification timestamps

Note: Media files (images, videos) are stored with third-party storage providers. We store metadata about these files but do not process or analyze the content of media files beyond what is necessary for publication.

2.5 Payment Data

• Payment transaction identifiers and receipts
• Subscription plan information and billing periods
• Payment status and history

Important: We do not collect or store your full payment card numbers, CVV codes, or other sensitive payment information. Payment processing is handled by third-party payment providers who are PCI-DSS compliant.

2.6 Usage & Technical Data

• Log data (IP addresses, browser type, device information, access times)
• Usage analytics (features used, pages visited, interaction patterns)
• Error logs and diagnostic information
• Cookies and similar tracking technologies (see Section 10)

2.7 Communication Data

• Support requests and customer service communications
• Feedback and survey responses (if provided)

3. How We Use Data

We use the data we collect for the following purposes:

3.1 Service Provision

• To create and manage your account
• To authenticate and authorize your access to the service
• To schedule and publish your social media posts according to your instructions
• To connect and manage your social media account integrations
• To store and retrieve your scheduled content and media

3.2 Communication

• To send you service-related notifications (e.g., post publication confirmations, errors)
• To respond to your support requests and inquiries
• To send important updates about the service or changes to our policies
• To send marketing communications (only with your consent, and you may opt out at any time)

3.3 Service Improvement

• To analyze usage patterns and improve our service functionality
• To identify and fix bugs, errors, and technical issues
• To develop new features and enhance existing ones

3.4 Legal Compliance & Security

• To comply with applicable laws, regulations, and legal processes
• To respond to lawful requests from government authorities
• To enforce our Terms of Service and protect our rights
• To detect, prevent, and address fraud, security threats, and abuse
• To protect the safety and security of our users and service

3.5 Business Operations

• To process payments and manage subscriptions
• To maintain business records and accounting
• To conduct analytics and business intelligence

4. Legal Basis for Processing (GDPR)

For users in the European Union and European Economic Area, we process your personal data based on the following legal grounds:

4.1 Consent

We process certain data based on your explicit consent, such as:

• Marketing communications
• Non-essential cookies and analytics
• Optional profile information

You may withdraw your consent at any time by contacting us or adjusting your account settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.2 Contractual Necessity

We process data necessary to perform our contract with you, including:

• Account creation and authentication
• Providing the core scheduling and publishing functionality
• Processing payments and managing subscriptions
• Customer support and service delivery

4.3 Legitimate Interests

We process data based on our legitimate interests, which include:

• Improving and optimizing our service
• Preventing fraud and abuse
• Ensuring security and system integrity
• Business analytics and service development

We balance our legitimate interests against your privacy rights and will not process data in ways that override your fundamental rights and freedoms.

4.4 Legal Obligation

We process data to comply with legal obligations, such as:

• Tax and accounting requirements
• Responding to lawful government requests
• Compliance with data protection regulations

5. Third-Party Services

Postification integrates with and relies on third-party services. We share data with these services only as necessary to provide our service. Each third-party service has its own privacy policy that governs how they handle your data.

5.1 Social Media Platforms

We integrate with social media platforms (X/Twitter, and potentially Instagram, LinkedIn, and others) through their APIs. When you connect your social media accounts:

• We receive OAuth tokens that allow us to publish content on your behalf
• We may access basic profile information (username, display name, avatar)
• We publish content according to your scheduled posts
• Social media platforms' privacy policies govern their use of data

5.2 Authentication & Database Services

We use Supabase for authentication and database services. Supabase processes your account data, authentication credentials, and content data in accordance with their privacy policy and our data processing agreement.

5.3 Payment Processors

We use third-party payment processors to handle transactions. These processors collect payment information directly from you and process it according to their privacy policies. We receive only transaction identifiers and payment status information.

5.4 Hosting & Infrastructure

Our service is hosted on third-party cloud infrastructure providers. These providers may process your data as part of hosting and infrastructure services, subject to their privacy policies and our agreements with them.

5.5 Analytics & Monitoring

We may use analytics services to understand how our service is used. These services may collect anonymized or aggregated usage data. We do not share personally identifiable information with analytics providers without your consent.

We require all third-party service providers to maintain appropriate security measures and handle your data in accordance with applicable data protection laws.

6. Data Storage & Security

We implement technical and organizational measures to protect your personal data:

6.1 Security Measures

• Encryption: Sensitive data, including OAuth tokens and API credentials, is encrypted at rest using industry-standard encryption methods
• Secure Transmission: Data transmitted between your device and our servers is encrypted using TLS/SSL
• Access Controls: We limit access to personal data to authorized personnel who need it to perform their job functions
• Authentication: Strong password requirements and secure authentication mechanisms
• Regular Security Audits: We conduct regular security assessments and updates

6.2 Data Location

Your data may be stored and processed in servers located outside your country of residence, including in the United States, European Union, and other jurisdictions where our service providers operate. We ensure that appropriate safeguards are in place for international data transfers (see Section 9).

6.3 No Absolute Security

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge that you provide your data at your own risk.

6.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours (as required by GDPR)
• Notify affected users without undue delay if the breach poses a high risk
• Provide information about the nature of the breach and steps we are taking to address it

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Active Accounts

We retain data for active accounts for the duration of your use of the service. This includes:

• Account information and profile data
• Scheduled posts and content
• Connected social media account information
• Payment and subscription records

7.2 Account Deletion

When you delete your account:

• We will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal purposes
• Scheduled posts will be cancelled and deleted
• OAuth tokens and API credentials will be revoked and deleted
• Some data may be retained in backups for a limited period, but will not be actively processed

7.3 Legal Retention

We may retain certain data beyond account deletion if required by:

• Legal obligations (e.g., tax records, accounting requirements)
• Ongoing legal disputes or investigations
• Legitimate business interests (e.g., fraud prevention)

7.4 Logs & Analytics

Log data and analytics information may be retained in anonymized or aggregated form for longer periods for business intelligence and service improvement purposes.

8. Your Rights (GDPR & Data Protection)

Depending on your location, you may have the following rights regarding your personal data:

8.1 Right to Access

You have the right to request access to your personal data and receive information about:

• What personal data we hold about you
• How we use your data
• Who we share your data with
• How long we retain your data

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most account information directly through your account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

We may refuse deletion requests if retention is necessary for legal compliance or legitimate business interests.

8.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another service provider, where technically feasible.

8.5 Right to Object

You have the right to object to processing of your personal data based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

8.6 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of data or object to processing.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country if you believe we have violated data protection laws. For EU users, you can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@postification.com. We will respond to your request within one month (or as required by applicable law). We may request verification of your identity before processing certain requests.

We will not discriminate against you for exercising your privacy rights.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, European Union member states, and other jurisdictions where our service providers operate.

When we transfer data from the European Economic Area (EEA) to countries outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

By using Postification, you consent to the transfer of your data to these jurisdictions. We will take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

10. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze service usage.

10.1 Essential Cookies

These cookies are necessary for the service to function and cannot be disabled:

• Authentication cookies (to keep you logged in)
• Session cookies (to maintain your session state)
• Security cookies (to protect against fraud and abuse)

10.2 Analytics Cookies

We may use analytics cookies to understand how users interact with our service. These cookies collect anonymized usage data. You can opt out of analytics cookies through your browser settings or our cookie preferences.

10.3 Third-Party Cookies

Some third-party services we integrate with (such as payment processors) may set their own cookies. These are governed by the respective third-party privacy policies.

10.4 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of the service.

We do not use invasive tracking technologies or sell your data to third parties for advertising purposes.

11. Children's Privacy

Postification is not intended for children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

If you are under 18, please do not use Postification or provide any personal data to us.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page with a new "Last updated" date
• Sending an email notification to the address associated with your account (for material changes)
• Displaying a notice within the service

Your continued use of the service after any changes to this Privacy Policy constitutes your acceptance of the modified policy. If you do not agree to the changes, you may stop using the service and delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: