Privacy Policy

1. Information We Collect

PostlyBoost collects the following information to provide our services:

• Account Information: Email address, name, and profile information when you create an account
• Social Media Data: Access tokens and basic profile information from connected social media accounts (Instagram, Facebook)
• Generated Content: Captions, images, and posts you create using our AI tools
• Usage Data: Information about how you use our services, including post generation history, feature usage, and interaction patterns
• Technical Data: IP address, browser type, device information, and cookies
• Payment Information: Billing details processed securely through Stripe (we do not store credit card information)

2. Legal Basis for Data Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services and fulfill our obligations to you
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and optional features (you can withdraw consent at any time)
• Legal Obligation: To comply with applicable laws and regulations

3. How We Use Your Information

We use your information to:

• Provide and improve our AI-powered post generation services
• Connect to your social media accounts for posting
• Process payments and manage subscriptions
• Send you important updates about our services
• Ensure the security and integrity of our platform
• Analyze usage patterns to improve user experience
• Comply with legal obligations and prevent fraud

4. Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party services that help us operate our platform (payment processing, hosting, analytics)
• Legal Requirements: When required by law or to protect our rights and safety
• Social Media Platforms: To post content on your behalf when you authorize us to do so
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with appropriate safeguards)

5. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• We use GDPR-compliant data processing agreements with all third-party services
• Data transfers to the US are protected by appropriate safeguards
• We implement technical and organizational measures to protect your data

6. Data Security

We implement appropriate security measures to protect your personal information:

• Encryption of data in transit (HTTPS/TLS)
• Data stored securely in Google's Firebase infrastructure
• Secure authentication and authorization systems
• User data isolation and access controls
• Input validation and rate limiting
• Security monitoring and incident logging

7. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach (as required by GDPR)
• Provide details about the nature of the breach and affected data
• Explain the measures we're taking to address the breach
• Recommend steps you can take to protect yourself
• Report to relevant authorities as required by law

8. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data and information about how we process it
• Rectification: Update or correct your personal information
• Erasure: Request deletion of your account and associated data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Objection: Object to certain types of data processing
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing based on consent
• Lodge Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents): You also have the right to know what personal information we collect, sell, or disclose, and to opt-out of the sale of personal information (though we do not sell personal information).

9. Data Deletion Instructions

To request deletion of your data from PostlyBoost, please follow these steps:

1. Email us: Send a request to privacy@postlyboost.com
2. Include: Your email address and user ID (if available)
3. Specify: What data you want deleted
4. Timeline: We'll process your request within 30 days

What we'll delete:

• Your user account and profile information
• All generated posts and content
• Connected social media accounts and tokens
• Usage analytics and preferences
• Payment history and subscription data
• All associated metadata and logs

What may be retained:

• Data required for legal compliance (tax records, fraud prevention)
• Anonymized analytics data (no personal identifiers)
• Backup data for a limited period (up to 90 days)

Note: After deletion, your data cannot be recovered. Please ensure you have backed up any important content before requesting deletion.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Retention Periods:

• Account data: Until account deletion or 2 years of inactivity
• Generated content: Until account deletion
• Payment records: 7 years (for tax and legal compliance)
• Logs and analytics: 12 months

11. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience, analyze usage, and provide personalized content:

• Essential Cookies: Required for basic functionality (authentication, security)
• Analytics Cookies: Help us understand how users interact with our service
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used for advertising and marketing purposes (with consent)

You can control cookie settings through your browser preferences or our cookie consent banner.

12. Third-Party Services

Our service integrates with third-party platforms including:

• Firebase (Google): For authentication and data storage
• OpenAI: For AI-powered caption generation
• Unsplash: For image search and selection
• Stripe: For payment processing
• Instagram/Facebook: For social media posting
• LaunchDarkly: For feature flag management

Each of these services has their own privacy policy governing how they handle your data. We recommend reviewing their privacy policies for complete information.

13. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For users between 13-18 years old, we require parental consent for data processing activities.

14. Automated Decision Making

Our AI-powered content generation involves automated processing. You have the right to:

• Request human review of automated decisions that significantly affect you
• Express your point of view and contest automated decisions
• Request an explanation of the logic involved in automated processing

15. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page
• Sending email notifications to registered users
• Displaying in-app notifications
• Updating the "Last Updated" date

Your continued use of our service after any changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Data Protection Officer: For GDPR-related inquiries, you may also contact our designated data protection officer at the email above.