Privacy Policy

Last updated: December 01, 2025

Introduction

Welcome to Posta Social ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform.

By using Posta, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you register for and use our service, we collect the following personal information:

  • Name and email address
  • Account credentials (username and password)
  • Billing information (processed securely through Stripe)
  • Profile information you choose to provide

Social Media Account Information

When you connect your social media accounts to Posta, we collect:

  • OAuth tokens and credentials for connected platforms (Twitter/X, Instagram, Facebook, LinkedIn, TikTok, YouTube)
  • Public profile information from connected accounts
  • Access to post, schedule, and manage content on your behalf
  • Analytics and engagement data from your social media accounts

Content and Usage Data

  • Posts, captions, images, and videos you create or upload
  • Scheduling preferences and calendar data
  • Team collaboration and workspace information
  • Usage patterns and feature interactions

Technical Information

  • IP address and browser type
  • Device information and operating system
  • Log data and analytics
  • Cookies and similar tracking technologies

How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our social media management services
  • Post Scheduling: To publish content to your connected social media accounts at scheduled times
  • AI Features: To generate captions, optimize content, and provide AI-powered suggestions
  • Analytics: To fetch and display performance metrics from your social media accounts
  • Team Collaboration: To enable workspace management and team member access
  • Payment Processing: To process subscription payments and manage billing
  • Communications: To send service updates, notifications, and customer support responses
  • Security: To detect and prevent fraud, abuse, and security issues
  • Legal Compliance: To comply with legal obligations and enforce our terms of service

How We Store and Protect Your Data

Data Security

We implement industry-standard security measures to protect your personal information:

  • All OAuth tokens and credentials are encrypted at rest
  • Data transmission is secured using SSL/TLS encryption
  • Access to personal data is restricted to authorized personnel only
  • Regular security audits and updates to protect against vulnerabilities

Data Location

All your data is stored and processed exclusively within the European Union. We do not transfer your personal data outside of the EU, ensuring compliance with EU data protection standards and GDPR requirements.

Data Retention

We retain your personal information only for as long as necessary to provide our services and comply with legal obligations. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

Third-Party Services

We work with the following third-party service providers:

Social Media Platforms

We integrate with Twitter/X, Instagram, Facebook, LinkedIn, TikTok, and YouTube to provide our services. Your use of these platforms is subject to their respective privacy policies and terms of service.

Payment Processing

We use Stripe to process payments. We do not store your complete credit card information. Payment data is handled directly by Stripe in accordance with their privacy policy.

AI Services

We use third-party AI services to provide caption generation and content optimization features. Content you submit for AI processing is shared with these service providers to deliver the requested functionality.

Analytics and Infrastructure

We use analytics tools and hosting providers to operate our service. These providers have access to limited data necessary to perform their functions.

Data Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: With trusted third parties who assist in operating our service (under strict confidentiality agreements)
  • Team Members: With workspace members you invite to collaborate
  • Legal Requirements: When required by law, court order, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
  • Protection: To protect our rights, property, safety, or that of our users

GDPR Compliance and Your Rights

We are committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of EU residents. Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Update or correct inaccurate information through your account settings
  • Right to Erasure: Request deletion of your account and personal data ("right to be forgotten")
  • Right to Data Portability: Download your content and data in a portable, machine-readable format
  • Right to Restriction: Request limitation of processing of your personal data
  • Right to Object: Object to certain processing of your personal data, including for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated

Additional Rights for All Users

  • Disconnect Accounts: Remove connected social media accounts at any time
  • Opt-Out: Unsubscribe from marketing communications (service emails may still be sent)
  • Account Management: Update preferences and settings through your account dashboard

To exercise these rights, please contact us at hey@posta.social or through your account settings. We will respond to your request within 30 days as required by GDPR.

Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience, analyze usage, and provide personalized features. You can control cookie preferences through your browser settings.

Data Storage and Transfers

Your personal data is stored and processed exclusively within the European Union, ensuring the highest level of data protection in accordance with GDPR standards.

Children's Privacy

Our service is not intended for users under the age of 16. We do not collect personal information from children. If we become aware that we have collected data from a child without appropriate consent, we will delete that information promptly.

Changes to This Privacy Policy

We update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

Your continued use of Posta after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hey@posta.social

Website: https://posta.social