Privacy Policy

Posty ("we", "us", or "our") is operated by a sole trader based in Australia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media planning and scheduling service at posty.app (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign in via Google OAuth, we receive your name, email address, and profile picture from Google.

Organisation & Workspace Data

We collect information about the organisations and workspaces you create or join, including organisation names, slugs, and your role within them.

Connected Social Media Accounts

When you connect social media accounts (e.g. Instagram, Facebook, LinkedIn, X/Twitter), we store the access tokens and refresh tokens necessary to publish content on your behalf. We may also store your social media profile name and identifier.

Content & Media

We store the posts, images, videos, captions, and scheduling data you create within the Service. This includes draft content, approved content, and published content.

Usage & Log Data

We automatically collect standard log information such as your IP address, browser type, and pages visited. This data is used for security, debugging, and improving the Service.

2. How We Use Your Information

• To provide, operate, and maintain the Service
• To authenticate your identity and manage your account and organisation memberships
• To publish and schedule content to your connected social media accounts
• To process payments and manage your subscription via Stripe
• To communicate with you about service updates and support
• To detect, prevent, and address technical issues and security threats

3. Third-Party Services

We share your information with the following third parties:

• Cloudflare — hosting, content delivery, and security. Your data is processed on Cloudflare's global network.
• Stripe — payment processing. When you subscribe, your payment details are handled directly by Stripe. We do not store your full card number.
• Social media platforms — when you connect an account and schedule posts, we transmit your content to the relevant platform (e.g. Meta, LinkedIn, X) via their APIs.

We do not sell your personal information to any third party.

4. Data Storage & Security

Your data is stored on Cloudflare's infrastructure. We use industry-standard security measures including encryption in transit (TLS) and access controls to protect your information. Social media access tokens are stored securely and used only for their intended purpose.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law.

6. Your Rights

Under Australian Privacy law, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent for data processing where applicable
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, contact us at the email below.

7. Cookies

We use essential cookies to maintain your session and authenticate you. We do not use third-party tracking or advertising cookies.

8. Children's Privacy

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@posty.app.