Privacy Policy

Introduction

At Postbase ("Postbase," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, services, and website (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We reserve the right to make changes to this Privacy Policy at any time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

• Register for an account: Name, email address, password, and company information
• Use the Service: Brand materials, documents, images, social media content, training data, and other content you upload
• Connect third-party accounts: Social media account credentials and permissions
• Make payments: Billing information, payment card details (processed securely by our payment processor)
• Contact us: Name, email address, and message content when you reach out for support or inquiries
• Participate in surveys or promotions: Any information you choose to provide

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

• Usage data: Pages viewed, features used, actions taken, time spent on the Service
• Device information: IP address, browser type, operating system, device type, unique device identifiers
• Log data: Server logs, error reports, system activity
• Cookies and tracking technologies: Information collected through cookies, web beacons, and similar technologies
• Analytics data: Information about how you interact with the Service and content performance

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms: Profile information, followers, engagement metrics when you connect your accounts
• Authentication services: Information from OAuth providers (Google, etc.) if you use social login
• Payment processors: Transaction confirmations and payment status
• Analytics providers: Aggregated usage statistics and performance metrics

1.4 Data We DO NOT Collect or Store

To protect your security and privacy, we explicitly do NOT collect or store:

• Social media passwords: We only use secure OAuth tokens.
• Full payment card numbers: These are processed and stored securely by our payment processor (Stripe).
• Private Direct Messages (DMs): We do not read your private DMs unless you explicitly enable specific auto-reply features.
• Cross-customer training data: We do not use your training data for other customers.

1.5 User Responsibility for Uploaded Content

You are responsible for ensuring you have the rights to upload all content you provide. PostBase is not liable for copyright violations caused by user-uploaded content.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide and maintain the Service: Process your account registration, enable core functionality, and deliver features you request
• Train AI agents: Use your uploaded content to create your individual AI agent. Your data is not used to train Postbase’s global models or improve third-party models like OpenAI or Anthropic.
• Generate content: Create social media posts and other content based on your training data and preferences
• Process payments: Handle billing, subscriptions, and financial transactions
• Communicate with you: Send service updates, technical notices, security alerts, and support messages
• Improve the Service: Analyze usage patterns, identify bugs, develop new features, and enhance user experience
• Personalize your experience: Customize content, recommendations, and features based on your preferences
• Ensure security: Detect, prevent, and respond to fraud, security threats, and illegal activities
• Marketing and promotions: Send promotional communications (with your consent) and conduct market research
• Comply with legal obligations: Respond to legal requests, enforce our Terms of Service, and protect our rights

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual necessity: To provide the Service as outlined in our Terms of Service
• Legitimate interests: To improve our Service, ensure security, and conduct business operations
• Consent: Where you have provided explicit consent for specific processing activities
• Legal obligation: To comply with applicable laws and regulations

Data Processing Agreement (DPA): A Data Processing Agreement (DPA) is available upon request for business users.

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting providers (AWS, Google Cloud, etc.)
• Payment processors (Stripe, PayPal, etc.)
• Email service providers
• Analytics providers
• Customer support platforms
• AI and machine learning service providers (OpenAI, Anthropic, etc.)

These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

4.2 Social Media Platforms

When you connect your social media accounts and authorize us to publish content, we share the generated content with the respective platforms according to your instructions and their APIs.

4.3 Business Transfers

If Postbase is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as a court order or subpoena.

4.5 Protection of Rights

We may disclose information to protect and defend our rights, property, or safety, or that of our users or the public, as required or permitted by law.

5. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Secure data centers with physical security measures
• Employee training on data protection and privacy
• Incident response and breach notification procedures

5.1 OAuth and Social Tokens

OAuth tokens used to connect your social media accounts are encrypted. We only ask for the minimal permissions required to operate the Service (e.g., posting content, reading replies). You can revoke these permissions at any time through the connected social platform's settings.

5.2 Data Breach Notification

If a data breach occurs that affects your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable law.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Session logs: Retained for 30 days
• Analytics data: Retained for 24 months
• Payment records: Retained for 7 years (legal requirement)
• AI training data: Retained until account deletion

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies.

7. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

7.1 General Rights

• Access: Request access to your personal information and obtain a copy
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to certain exceptions)
• Data portability: Request a copy of your information in a machine-readable format
• Objection: Object to certain processing activities based on legitimate interests
• Restriction: Request restriction of processing in certain circumstances

7.2 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to withdraw consent at any time (where processing is based on consent)
• The right to lodge a complaint with your local supervisory authority
• The right not to be subject to automated decision-making, including profiling

7.3 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

7.4 Account Deletion and Data Portability

You can delete your account and all associated data at any time from the dashboard or by emailing postbase@postbase.net. Upon deletion, your tokens and training data are permanently removed from our systems.

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at postbase@postbase.net. We will verify your identity and respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information and improve your experience. Cookies are small data files stored on your device that help us recognize you and remember your preferences.

8.1 Types of Cookies We Use

• Essential cookies: Necessary for the Service to function properly
• Functional cookies: Remember your preferences and settings
• Analytics cookies: Help us understand how you use the Service
• Marketing cookies: Used to deliver relevant advertisements

8.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can choose to block or delete cookies, but this may affect your ability to use certain features of the Service.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

9. International Data Transfers

Postbase is based in the United Kingdom, and we process and store information in the U.S. and other countries. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in countries that may not have the same data protection laws as your country.

For transfers from the EEA, UK, or Switzerland to the U.S., we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.

10. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at postbase@postbase.net.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information from our servers.

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

When you connect third-party social media accounts to our Service, those platforms may collect information about your use of our Service in accordance with their own privacy policies.

12. AI and Machine Learning

Postbase uses artificial intelligence and machine learning technologies to provide core functionality, including content generation and agent training. Your uploaded content and training data are used to create personalized AI agents specific to your brand.

Third-Party AI Providers: We use third-party AI providers (such as OpenAI and Anthropic) to power certain features. These providers may temporarily store input/output data for up to 30 days solely for abuse monitoring purposes, unless an enterprise zero-retention policy is in place. They do not use your data to train their general foundation models.

We implement safeguards to ensure that your data is used only for the purposes you authorize and is not used to train general AI models that would be accessible to other users.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email or through a prominent notice on the Service
• Provide at least 30 days' notice before the changes take effect

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised policy, you must stop using the Service.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Data Protection Officer

For users in the EEA, UK, or Switzerland, we have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws. You can contact our DPO at: