Privacy Policy

1. Introduction

Poststash ("we," "us," or "our") operates a social media scheduling and content management platform at poststash.com (the "Service"). This Privacy Policy explains what data we collect, why we collect it, and how we handle it. By using the Service you agree to these practices.

2. Information We Collect

We collect the following categories of data:

• Account data. Your email address and any profile information you provide when you sign up or log in via OAuth.
• Social platform tokens. OAuth access tokens and refresh tokens for the platforms you connect (X, Threads, Instagram, LinkedIn). These are stored securely and used only to post on your behalf.
• Post content. The text, images, and metadata of posts you create and schedule inside the Service.
• Technical & usage data. IP address, browser type, operating system, pages visited, and feature usage, collected automatically via server logs and analytics.
• Payment data. Billing is handled by Stripe. We do not store full card details — only a subscription status and customer reference.

3. How We Use Your Data

• To provide, operate, and maintain the Service.
• To schedule and publish posts to connected social platforms on your behalf.
• To process payments and manage your subscription via Stripe.
• To send transactional emails (e.g. account notifications, post failures).
• To improve and develop new features, using aggregated or anonymised data where possible.
• To comply with legal obligations.

4. Third-Party Services

We share your data with the following third parties only to the extent needed to operate the Service:

• Supabase — database and authentication infrastructure.
• Stripe — payment processing.
• Upstash (QStash) — job queue for reliable post scheduling.
• Resend — transactional email delivery.
• X, Threads, Instagram, LinkedIn APIs — to publish posts on your behalf using your connected tokens.

We do not sell your personal data to third parties.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Usage data may be retained in anonymised form.

6. Security

We use industry-standard measures to protect your data, including encrypted storage and Row Level Security on our database. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Cookies

We use session cookies for authentication and small analytics cookies to understand how the Service is used. You can disable cookies in your browser settings, but this may affect the functionality of the Service.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict certain types of processing.
• Request a portable copy of your data.

To exercise any of these rights, contact us at julien@poststash.com.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we become aware that we have done so, we will delete the data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. We will notify you of material changes by email or via an in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

Questions or concerns? Email us at julien@poststash.com.