We believe privacy is a right, not a feature. This policy explains exactly what data Postora collects, why we collect it, and how you stay in control.
Our core promise
Postora never sells your data. We never store your social media passwords. You can disconnect any platform or delete your account at any time. Everything we collect is used solely to provide you with the service.
Table of Contents
Account Information
When you create a Postora account, we collect your name, email address, and password. If you sign up via a third-party provider, we receive basic profile information from that provider.
Connected Social Accounts
When you connect a social media account (TikTok, Twitter/X, Instagram, Facebook), we receive an OAuth access token and basic profile data such as your username, follower count, and post count. We never receive or store your social media password.
Content You Create
We store posts, captions, scheduled content, and media files you upload or generate within Postora so we can deliver our service.
Usage Data
We automatically collect information about how you interact with Postora, including pages visited, features used, and actions taken, to improve the product.
To Provide the Service
We use your data to operate Postora — authenticating your account, publishing posts to connected platforms on your behalf, generating AI captions, and displaying your dashboard statistics.
To Improve Postora
Aggregated, anonymised usage data helps us understand which features are most valuable and where to focus development.
To Communicate With You
We may send transactional emails (password resets, billing receipts) and occasional product updates. You can opt out of marketing emails at any time.
To Process Payments
Billing is handled by our payment processor. We do not store your full card details on our servers.
We Do Not Sell Your Data
Postora does not sell, rent, or trade your personal information or social media data to any third party for advertising or commercial purposes.
Service Providers
We work with trusted third-party providers (hosting, payment processing, analytics) who process data on our behalf under strict confidentiality agreements.
Legal Requirements
We may disclose your information if required by law, court order, or to protect the rights and safety of Postora and its users.
Active Accounts
We retain your data for as long as your account is active and as needed to provide the service.
Account Deletion
When you delete your Postora account, we delete your personal data within 30 days. Anonymised, aggregated data may be retained for analytics purposes.
Access & Portability
You can request a copy of all personal data we hold about you at any time by contacting us.
Correction
You can update your account information directly in your Postora settings at any time.
Deletion
You can request deletion of your account and all associated data by contacting our support team or deleting your account from settings.
Objection
You may object to certain processing of your data, including marketing communications, at any time.
How We Protect Your Data
We use industry-standard encryption (TLS) for data in transit and encrypt sensitive data at rest. Access to user data is restricted to authorised personnel only.
Breach Notification
In the unlikely event of a data breach affecting your information, we will notify you and relevant authorities as required by applicable law.
Updates
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice in the dashboard. Continued use of Postora after changes take effect constitutes acceptance of the updated policy.
Questions or Requests
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at privacy@postora.com. We aim to respond to all requests within 5 business days.
Social Media Data
What We Access
We request only the permissions necessary to publish content on your behalf and display basic account statistics. We do not read your private messages, access your contacts, or request permissions beyond what is needed.
Token Storage
OAuth access tokens are stored securely in our database. They are never exposed to other users and are only used to perform actions you explicitly request.
Revoking Access
You can disconnect any platform at any time from your Postora dashboard. This removes our access token and stops all publishing activity to that platform immediately. You can also revoke access directly from each platform's app settings.