Privacy Policy

Posty ("we", "us", or "our") is a social media planning and scheduling service operated from Australia. This Privacy Policy explains what information we collect, how we use it, and what choices you have when you use posty.social and our connected platform integrations.

1. Information We Collect

Account and workspace data

We collect the information needed to operate your account and workspace, including your name, email address, organisation and workspace names, team memberships, and role-based permissions.

Content you create in Posty

We store the drafts, captions, media, schedules, comments, approvals, and publishing settings you create in Posty so we can provide the product features you use.

Connected platform data

Posty connects to third-party platforms you authorise so we can publish, schedule, and report on your content. Supported platforms currently include Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and YouTube. When you connect any of these accounts, we store the credentials and basic account details needed to act on your behalf. This may include access tokens, refresh tokens, platform account IDs, display names, usernames, page or channel labels, profile images, and post or media identifiers we create through the platform's API.

YouTube API Services data

Posty uses YouTube API Services. When you connect YouTube, we may store your YouTube channel ID, channel title, channel handle, thumbnail URL, OAuth tokens, YouTube video IDs created through Posty, and analytics or reporting data returned by YouTube API Services for connected content and channels.

Logs and support requests

We collect standard operational logs such as IP address, browser details, request metadata, and support or deletion requests you send to us. We use this information for security, debugging, compliance, and customer support.

2. How We Use Your Information

• To operate your account, workspace, billing, and team access
• To store, schedule, review, and publish your content
• To connect to third-party platform APIs you authorise, including Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and YouTube API Services
• To fetch analytics, channel reporting, and post performance data you have asked us to display
• To secure the service, investigate abuse, and troubleshoot bugs
• To respond to legal, compliance, and data-rights requests

3. Platform-Specific Disclosures

When you connect a third-party platform to Posty, your use of that platform through Posty is also subject to the applicable platform terms and policies. By connecting an account, you acknowledge those terms and authorise Posty to act on your behalf within their scope.

• Bluesky — Terms of Service and Privacy Policy.
• Discord — Terms of Service, Developer Terms of Service, and Privacy Policy.
• Facebook and Instagram (Meta) — Facebook Terms, Instagram Terms, Meta Platform Terms, and Meta Privacy Policy.
• LinkedIn — User Agreement, API Terms of Use, and Privacy Policy.
• Pinterest — Terms of Service, Developer Guidelines, and Privacy Policy.
• TikTok — Terms of Service, API Terms of Service, and Privacy Policy.
• YouTube and Google — YouTube Terms of Service, YouTube API Services Terms of Service, and Google Privacy Policy. Posty uses YouTube API Services to authenticate your channel connection, upload videos you schedule, show channel identity inside Posty, and display analytics or reporting tied to the YouTube access you granted. We do not sell YouTube API data, use it for advertising, or use it for purposes unrelated to the features you asked us to provide.

4. How Information Is Shared

We share information only when needed to provide the service.

• Cloudflare hosts our application infrastructure and processes app traffic and stored data.
• Stripe processes subscriptions and billing information.
• Connected social platforms receive the OAuth and API requests needed to connect your account, publish content, and fetch reporting data. The platforms you may connect are Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and YouTube. Each platform has its own terms and privacy policy that govern how it handles the data you have authorised, including Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and Google / YouTube.

5. What We Never Do With Your Data

We want to be explicit about the things Posty does not do with any information collected through the service, including data obtained through any connected platform API such as Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and YouTube API Services:

• We do not sell your personal information to anyone.
• We do not use your information for targeted, personalised, or retargeted advertising, and we do not allow third parties to do so through the service.
• We do not use your content, account data, or data obtained from any connected platform API to train artificial intelligence or machine learning models.
• We do not share your information with data brokers or information resellers.
• We do not use your information to determine creditworthiness or for any lending purposes.
• Data obtained from a connected platform API is only sent back to that platform, and only for the purposes you authorised when connecting your account.

6. Retention, Revocation, and Deletion

We retain account and workspace data for as long as your account is active, unless a shorter retention period is required for a connected platform integration or by law.

When you disconnect any connected platform (Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, or YouTube) from inside Posty, we revoke the stored credentials where the platform provides a revocation endpoint, stop using the API on your behalf, and delete related authorised platform data as soon as possible, and no later than 7 calendar days after the disconnect.

If you revoke Posty's access from a platform's own permissions page (for example Google's permissions page, Facebook's Business Integrations, LinkedIn's permitted services, or TikTok's authorised apps), we periodically detect the revocation through token failures and delete related authorised platform data within 30 calendar days. For YouTube specifically, we delete authorised YouTube API data within 30 calendar days of revocation, as required by the YouTube API Services Terms.

You can also submit a manual deletion request through our contact form (the subject will be prefilled with "Delete my data") or by emailing privacy@posty.social.

7. Your Choices and Rights

• Access, correct, or delete your personal information
• Disconnect connected platforms you no longer want Posty to use
• Review and revoke Posty's access directly with each connected platform: Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and Google / YouTube.
• Request support or data deletion through our privacy contact

8. Security

We use TLS encryption for all data in transit and apply role-based access controls inside the application. Credentials for every connected platform — including OAuth access tokens, refresh tokens, and any other secrets we store on your behalf for Bluesky, Discord, Facebook, Instagram, LinkedIn, Pinterest, TikTok, and YouTube — are encrypted at rest using hybrid RSA-OAEP and AES-GCM encryption before being written to our database. No system is perfectly secure, but we work to reduce the amount of platform data stored and to remove it when access is revoked or no longer needed.

9. Changes and Contact

We may update this Privacy Policy from time to time. Material changes will be reflected on this page by updating the last updated date.

Questions about this Privacy Policy can be sent to privacy@posty.social.