Privacy Policy

Last Updated: January 31, 2026

Our Commitment to Your Privacy

At Posttely, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform and services.

By accessing or using Posttely's website, services, or platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

1.1 Account Information

When you create an account, we collect:

• Name and username
• Email address
• Password (encrypted)
• Profile information
• Payment and billing information (processed securely through payment processors)
• Subscription and plan details

1.2 Social Media Account Information

When you connect your social media accounts, we collect and store:

• Access tokens and refresh tokens (encrypted)
• Account identifiers (user IDs, page IDs, account IDs)
• Account names, usernames, and display names
• Profile pictures and avatars
• Account types (Business, Creator, Personal)
• Email addresses associated with social accounts
• Token expiration dates

Note: We only access your social media accounts with your explicit authorization through OAuth. We never store your social media passwords.

1.3 Content and Media

We collect and store:

• Posts, captions, descriptions, and hashtags you create or schedule
• Images, videos, and other media files you upload
• Scheduled posting times and time zones
• Post status (draft, scheduled, published, failed)
• Engagement metrics (likes, comments, shares, views)
• Analytics data retrieved from social media platforms

1.4 Workspace and Team Information

If you use team collaboration features, we collect:

• Workspace and organization names
• Team member information
• Roles and permissions
• Review and approval workflows

1.5 Usage and Technical Information

We automatically collect:

• IP addresses
• Browser type and version
• Device information
• Operating system
• Pages visited and features used
• Session information
• Error logs and debugging information
• Referral sources

1.6 Communication Data

We collect information when you:

• Contact our support team
• Subscribe to our newsletters or marketing emails
• Participate in surveys or feedback
• Apply for job positions
• Submit feature requests or bug reports

1.7 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for the platform to function (session management, authentication, CSRF protection)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Currently not in use, but may be added in the future with your consent

You can control cookies through your browser settings. However, disabling essential cookies may affect platform functionality.

2. How We Use Your Information

We use the information we collect to:

• Provide Services: Deliver social media management, scheduling, publishing, and analytics features
• Authenticate Accounts: Verify your identity and manage access to connected social media accounts
• Publish Content: Schedule and publish posts to your connected social media accounts
• Retrieve Analytics: Fetch and display performance metrics from social media platforms
• Manage Subscriptions: Process payments, manage billing, and handle subscription renewals
• Communicate: Send service-related notifications, updates, and support responses
• Improve Services: Analyze usage patterns to enhance features and user experience
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Compliance: Meet legal obligations and enforce our terms of service
• Marketing: Send promotional emails (only with your consent; you can opt-out anytime)

3. Third-Party Services and Integrations

Posttely integrates with various third-party services to provide our platform functionality:

3.1 Social Media Platforms

We integrate with the following platforms (each has its own privacy policy):

• Instagram (Meta)
• Facebook (Meta)
• Twitter/X
• LinkedIn
• Pinterest
• Reddit
• Mastodon
• Tumblr
• Bluesky
• Threads (Meta)
• Google Business Profile

When you connect these accounts, you authorize us to access and manage your content according to each platform's API terms. We recommend reviewing each platform's privacy policy.

3.2 Service Providers

We use trusted third-party service providers who process data on our behalf:

• Amazon Web Services (AWS) S3: Cloud storage for media files (images, videos)
• Hosting Providers: Application and database hosting
• Email Service Providers: Transactional and marketing email delivery
• Payment Processors: Secure payment processing (we do not store full payment card details)
• Pexels API: Stock image library integration
• Email Validation Services: Email address verification
• reCAPTCHA: Bot protection and security

All service providers are contractually bound to protect your data and only process it as necessary to provide services.

3.3 OAuth Authentication

We use OAuth 2.0 for secure authentication with:

• Google (for Google Business Profile)
• Meta (for Facebook and Instagram)
• Other social platforms

OAuth allows you to authorize access without sharing passwords. You can revoke access at any time through your account settings or the respective platform's settings.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 With Your Consent

We share information when you explicitly authorize us to do so.

4.2 Service Providers

We share data with trusted service providers who assist in operating our platform, subject to confidentiality agreements.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Respond to valid legal requests

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify you for analytics, research, or marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data in transit (HTTPS/TLS) and sensitive data at rest
• Access Controls: Limited access to personal data on a need-to-know basis
• Secure Storage: Encrypted storage of access tokens and credentials
• Regular Audits: Security assessments and vulnerability testing
• Firewalls: Network security and intrusion detection
• Authentication: Strong password requirements and optional two-factor authentication (2FA)

Important: While we take reasonable security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

When you delete your account, we will:

• Delete your personal information from our active databases
• Retain certain information as required by law or for legitimate business purposes
• Delete or anonymize data in backups within a reasonable timeframe

Some information may be retained longer if required by law or for security purposes.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

• Request access to your personal information
• Request a copy of your data in a portable format

7.2 Correction and Deletion

• Update or correct inaccurate information
• Request deletion of your personal information
• Delete your account through account settings

7.3 Objection and Restriction

• Object to processing of your personal information
• Request restriction of processing

7.4 Consent Withdrawal

• Withdraw consent for data processing (where applicable)
• Opt-out of marketing communications (unsubscribe link in emails)
• Manage cookie preferences

7.5 Social Media Account Disconnection

You can disconnect your social media accounts at any time through:

• Your Posttely account settings
• The respective social media platform's app settings

Disconnecting will revoke our access and stop data collection from that platform.

To exercise these rights, contact us at: help@posttely.com

We will respond to your request within 30 days (or as required by applicable law).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses
• Data processing agreements with service providers
• Compliance with applicable data protection regulations

9. Children's Privacy

Posttely is not intended for users under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at help@posttely.com.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making

Legal Basis for Processing: We process your data based on:

• Your consent
• Performance of a contract (providing services)
• Legitimate interests (security, fraud prevention, service improvement)
• Legal obligations

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal or regulatory requirements
• Service updates

We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to addressing your inquiries promptly and transparently.

14. Additional Information

14.1 Data Controller

Posttely is the data controller responsible for your personal information. For questions about data processing, contact us at help@posttely.com.

14.2 Supervisory Authority

If you are in the EEA and believe we have not addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

14.3 Links to Other Websites

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies.