← back to home

privacy policy

effective date: april 1, 2026

1. data controller

PostAI SAS is the data controller for personal data processed through the Service. Our details are:

PostAI SAS
15 rue de la Paix, 75001 Paris, France
legal@postai.app

2. data we collect

We collect the following categories of personal data:

  • Account information: name, email address, and password (hashed) when you register.
  • Connected social accounts: OAuth tokens and profile metadata for each platform you connect (e.g. Twitter/X, LinkedIn, Instagram, TikTok).
  • Content you create: posts, captions, media, schedules, and AI-generated drafts saved in your Workspace.
  • Usage analytics: pages visited, features used, session duration, and error logs collected via PostHog.
  • Payment information: billing address and payment method details processed and stored by Stripe. We do not store raw card numbers.

3. how we use your data

We use your personal data to: provide and operate the Service; authenticate your identity and manage your account; process subscription payments and invoices; schedule and publish content to connected social platforms on your behalf; generate AI-powered content suggestions; send transactional emails (account notifications, billing receipts, security alerts) via Resend; analyse usage patterns to improve and develop the product; and detect and prevent fraud, abuse, and security incidents.

4. data storage & security

All user data is stored in Supabase, which operates its EU region within the European Union. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. We implement role-based access controls so that only authorised PostAI personnel can access production data, and only where strictly necessary for operational support.

5. third-party services

We share data with the following third-party sub-processors to operate the Service:

  • Supabase — database, authentication, and file storage (EU region).
  • Stripe — payment processing (EU data centre).
  • Trigger.dev — background job execution and scheduling.
  • Resend — transactional email delivery.
  • Vercel — application hosting and edge network.
  • PostHog — product analytics (EU cloud instance).

6. data retention

We retain personal data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow reactivation, after which it is permanently deleted from production systems. Anonymised analytics data may be retained indefinitely. Stripe retains payment records for the period required by applicable tax and financial regulations.

7. your rights

Under GDPR you have the following rights regarding your personal data:

  • Right of access: obtain a copy of the data we hold about you.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to restriction: request that we limit processing of your data.
  • Right to object: object to processing based on legitimate interests.

To exercise any of these rights, email legal@postai.app. We will respond within 30 days.

8. cookies

We use the following cookies:

  • Auth session cookie (Supabase) — strictly necessary to keep you logged in.
  • PostHog analytics cookies — used to understand how users interact with the product. You can opt out via our cookie banner.
  • Stripe cookies — used during the checkout flow for fraud prevention.

9. children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. international transfers

We process and store data within the EU wherever possible. Where data is transferred outside the EU (e.g. to a sub-processor without an EU region), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection.

11. contact & dpo

For any privacy-related enquiries or to exercise your rights, contact us at legal@postai.app. You also have the right to lodge a complaint with the French data protection authority, the CNIL (www.cnil.fr).