Postier
Get Started

Privacy Policy

How Postier collects, uses, and safeguards your information.

Welcome to Postier!

This Privacy Policy explains how Postier ("we", "us", or "our") collects, uses, and safeguards your information when you visit postier.app (the "Site") or use any of our services (collectively, the "Service"). By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please refrain from using the Service.

Legal Entity

Postier is operated by:
Entreprise Individuelle (EI) – DA SILVA AVELAR William
Trade name: Postier
SIRET: 831 461 363 00028
Address: 10 rue de Penthièvre, 75008 Paris, France
Email: [email protected]
Director of publication: William DA SILVA AVELAR

Overview

Postier is an AI-powered social media management platform that helps you create, schedule, and analyze content across multiple social networks. This policy provides transparent details on what we collect, why we collect it, and how you can exercise your rights.

Information We Collect

  • Account Data — name, email address, organization, and billing details when you create an account or purchase a subscription via Stripe.
  • API and Product Usage Data — actions taken in the app, API calls, endpoints accessed, device/browser information, IP address, pages viewed, timestamps, and referring URLs (e.g., via Google Analytics).
  • Content Data — prompts, drafts, media, and scheduled/published posts you create or upload to the Service, including AI prompts used for content generation.
  • Connected Accounts Data — OAuth tokens and profile identifiers from social platforms you connect so we can schedule, publish, and fetch analytics in your name, in accordance with each platform’s terms.
  • Cookies & Similar Technologies — preferences and session information stored in cookies/local storage. See “Cookies & Tracking” below.

How We Use Your Information

  • Provide and operate the Service and API features.
  • Improve performance, reliability, and user experience.
  • Process payments and manage subscriptions.
  • Monitor for fraud, abuse, and security threats.
  • Communicate about product updates, service notices, and customer support (you can opt out of non-essential emails).
  • Analyze aggregated, anonymized data to enhance our features and algorithms.

Legal Bases (GDPR)

We process personal data under:

  • Contractual necessity – to create your account, provide core features, publish to connected platforms, and process payments.
  • Legitimate interests – to secure and improve the Service, prevent abuse/fraud, measure engagement (with privacy safeguards).
  • Consent – for optional cookies/trackers and marketing communications (you can withdraw consent at any time).
  • Legal obligation – to meet accounting, tax, and regulatory requirements.

Controller / Processor Roles

For your Postier account, billing, and platform telemetry, Postier acts as an independent data controller. For data we process strictly on your documented instructions to publish to your connected social accounts and retrieve analytics, Postier acts as a processor and your organization is the controller.

Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies to remember your preferences, keep you signed in, and gather analytical data. Non-essential cookies/trackers are used only with your consent via our cookie banner. You can change preferences at any time from the “Cookie Settings” link in the footer. Disabling cookies may affect functionality.

Third-Party Services

We use trusted providers to deliver core functionality:

  • AI Service Providers — such as OpenAI, Anthropic, and Google Gemini, to power AI content generation. When you use AI features, your prompts/content may be processed by these providers. We do not share personal identifying information beyond what is necessary to generate outputs and we do not permit training on your content by default where an opt-out is available.
  • Social Media Platforms — when you connect accounts (LinkedIn, Instagram, TikTok, X/Twitter, YouTube, Pinterest, Reddit, Threads, Mastodon, Bluesky, Facebook, Google Business Profile, etc.), we process data to schedule, publish, and collect analytics in accordance with each platform’s policies.
  • Google Analytics — traffic analytics (with IP anonymization where supported).
  • Stripe — payment processing; card data does not touch our servers.
  • Scaleway — hosting and databases for our infrastructure.
  • Sentry — error tracking; may log technical data for debugging.
  • Mailgun — transactional email delivery.

These providers process data under their own privacy policies and data-protection agreements with us.

Subprocessors & International Transfers

Some subprocessors may process data outside the EEA. Where applicable, we rely on adequacy decisions or Standard Contractual Clauses (SCCs), plus supplementary measures. We maintain an up-to-date list of subprocessors and locations at /subprocessors. We notify customers of material additions at least 15 days in advance via the Site or email.

Data Retention

API and operational logs are retained for up to 30 days to improve service quality and troubleshoot issues. Billing records are retained as required by law. Analytical data may be kept indefinitely in aggregated or anonymized form. Content and account data are retained for as long as your account is active and as needed to provide the Service; certain information may be retained longer where required by law or for legitimate business purposes (e.g., fraud prevention, audits).

Security

We implement industry-standard measures: TLS in transit, encryption at rest for primary data stores, role-based access, least privilege, audit logging, MFA for administrative access, and vulnerability management. We maintain incident response procedures. In the unlikely event of a personal data breach creating a high risk to your rights, we will notify you and authorities as required by law.

Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing. To exercise these rights, contact us at [email protected]. We respond within 30 days. You may also lodge a complaint with the CNIL (France) or your local data protection authority.

Children

We do not knowingly provide the Service to children under 16. If you believe we have collected data from a minor, contact us for deletion.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via the Site or email. Continued use of the Service constitutes acceptance of the revised policy.

Contact Us

For questions about this Privacy Policy, please email us at [email protected].

Last update on .