Back to home

Posta — Create once. Post everywhere. — Privacy Policy

Last updated: February 2026

At Posta — Create once. Post everywhere. (available at getposta.app) ("we", "us", or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Email address, name, and password when you create an account
  • Profile Information: Display name, avatar, and preferences
  • Payment Information: Billing details processed securely through LemonSqueezy
  • User Content: Images, videos, captions, and other content you upload
  • Communications: Messages you send to us for support or feedback

1.2 Information from Third-Party Services

When you connect social media accounts, we receive:

  • Platform user ID and username
  • Profile name and profile picture
  • OAuth access tokens (stored securely and encrypted)
  • Permissions granted for posting and account access

1.3 Automatically Collected Information

We automatically collect certain information when you use the Service:

  • Device information (browser type, operating system)
  • IP address and approximate location
  • Usage data (features used, actions taken)
  • Log data (access times, pages viewed, errors)

2. How We Use Your Information

We use the collected information to:

Purpose Legal Basis
Provide and maintain the Service Contract performance
Process media (cropping, compression, face detection) Contract performance
Publish content to connected social platforms Contract performance
Process payments and manage subscriptions Contract performance
Send service-related communications Legitimate interest
Improve and optimize the Service Legitimate interest
Detect and prevent fraud or abuse Legitimate interest
Comply with legal obligations Legal obligation

3. Data Storage and Security

3.1 Where We Store Your Data

  • User data and metadata: Stored in Supabase (PostgreSQL databases)
  • Media files: Stored in Google Cloud Storage with encryption at rest
  • OAuth tokens: Encrypted using AES-256 before storage
  • Payment data: Processed and stored by LemonSqueezy (we do not store card details)

3.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure authentication with JWT tokens
  • Row-level security policies in our database
  • Regular security audits and updates
  • Access controls and audit logging

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

  • Social Media Platforms: To publish content on your behalf (TikTok, Instagram, etc.)
  • Service Providers: Cloud hosting (Google Cloud), payment processing (LemonSqueezy), authentication (Supabase)
  • Legal Requirements: When required by law, legal process, or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account data: Retained while your account is active, deleted upon account deletion
  • Media files: Retained while your account is active, deleted within 30 days of account deletion
  • Usage logs: Retained for up to 90 days for security and debugging purposes
  • Payment records: Retained as required by tax and legal obligations

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Restriction: Request restriction of processing
  • Objection: Object to certain types of processing
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected].

7. Cookies and Tracking

We use essential cookies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Ensure security and prevent fraud

We do not use third-party advertising or tracking cookies.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]