This Privacy Policy describes how PostaiLit ("we", "us", "our") collects, uses, and protects your information when you use our Service, and explains your rights. By using PostaiLit, you agree to the practices described here.
Definitions
- Account: a unique account created to access our Service.
- Device: any device used to access the Service.
- Personal Data: any information relating to an identified or identifiable individual.
- Service: the PostaiLit platform at postailit.com and business.postailit.com.
- Usage Data: data collected automatically when you use the Service.
- You: the individual or business using the Service.
Information We Collect
Personal Data
When you create an account or use our Service, we may collect:
- Name and email address
- Business name and website URL
- Payment information (processed securely by Stripe; we never store card details)
- Brand assets you upload (logos, photos, brand colours, brand voice information)
- Social media account identifiers and access tokens for publishing
- Content preferences and onboarding information
Usage Data
We automatically collect information such as your IP address, browser type, pages visited, time and date of visits, and other diagnostic data when you use the Service.
How We Use Your Information
- To provide, operate, and improve the Service
- To generate AI-powered social media content on your behalf using your brand information
- To publish approved content to your connected social media accounts
- To send transactional emails (approvals, publishing confirmations, billing receipts)
- To send service updates and feature announcements (you may opt out at any time)
- To respond to your support requests
- To monitor and analyse usage to improve the platform
- To comply with legal obligations
Meta Platforms Data
When you connect your Facebook page and Instagram business account to PostaiLit, we access data through the official Meta Graph API. We request only the permissions required to operate the Service. We do not access private messages, comments, or personal profile data beyond what is necessary.
Permissions we request
Access tokens
Access tokens granted by Meta are stored encrypted at rest using industry-standard encryption. Tokens are never logged, transmitted in URLs, or shared with any third party. They are used solely to perform the publishing and reporting actions described above.
Revoking access
You may revoke PostaiLit's access at any time through your Facebook Business Settings or by disconnecting your accounts within our app. When you revoke access, we permanently delete your associated access tokens, page identifiers, Instagram account identifiers, and historical post records within 30 days, except where we are legally required to retain certain records.
TikTok Platform Data
When you connect your TikTok account to PostaiLit, we access data through the official TikTok API for Developers. We request only the permissions required to operate the Service. We do not access your private messages, follower lists, or personal profile data beyond what is necessary to identify your account and publish approved content.
Permissions we request
Access tokens
Access and refresh tokens granted by TikTok are stored encrypted at rest using industry-standard encryption. Tokens are never logged, transmitted in URLs, or shared with any third party, and are used solely to identify your account and publish the content you approve.
Revoking access
You may revoke PostaiLit's access at any time from your TikTok settings (Security & permissions > Manage app permissions) or by disconnecting your account within our app. When you revoke access, we permanently delete your associated access tokens and account identifiers within 30 days, except where we are legally required to retain certain records.
LinkedIn Platform Data
When you connect your LinkedIn account or page to PostaiLit, we access data through the official LinkedIn APIs. We request only the permissions required to operate the Service. We do not access your connections, private messages, or personal profile data beyond what is necessary to identify your account and publish approved content.
Permissions we request
Access tokens
Access and refresh tokens granted by LinkedIn are stored encrypted at rest using industry-standard encryption. Tokens are never logged, transmitted in URLs, or shared with any third party, and are used solely to identify your account and publish the content you approve.
Revoking access
You may revoke PostaiLit's access at any time from your LinkedIn settings (Settings & Privacy > Data privacy > Other applications > Permitted services) or by disconnecting your account within our app. When you revoke access, we permanently delete your associated access tokens and account identifiers within 30 days, except where we are legally required to retain certain records.
AI Content Generation
PostaiLit uses artificial intelligence to generate social media content, images, captions, and short videos based on your brand information. This is core to the Service. All generated content is presented to you for review and approval before anything is published to your social accounts. You remain in full control of what is posted.
To generate content, we send relevant brand information to the following AI providers. The data we send includes your business name, brand voice and tone, content themes and pillars, product and service descriptions, target audience details, brand colours and fonts, and any reference images you upload (logo, style references, product photos). We do NOT send your social account passwords, payment information, or any customer data of yours.
- Anthropic: AI text generation, content planning, and analysis services. Some research features may issue web searches to third-party websites to retrieve current industry context. Anthropic's privacy policy.
- AI image and video providers: PostaiLit uses third-party AI services to generate and analyse images and to produce short videos, including from the reference images you upload (logo, style references, product photos). We disclose these providers by category; a current, named list of these sub-processors is maintained internally and available to customers on request via support.
These providers process data only to generate the content we request. They do not use your data to train their models under the API agreements we use. Generated content is returned to PostaiLit and stored alongside your account for review and publishing.
We may add, remove, or substitute AI providers over time as the technology evolves. We will update this Privacy Policy and provide notice through the Service when we make material changes to our AI sub-processors.
Sub-Processors
We use the following third-party providers to operate the Service. Each provider is contractually required to protect your data and process it only on our instructions:
- Stripe: payment processing and subscription billing.
- Anthropic: AI text generation, content planning, and analysis services.
- AI image and video providers: image generation, visual analysis, and short-video production. Disclosed by category; a current named list is available on request.
- Meta Platforms: content publishing and analytics retrieval via Facebook and Instagram APIs.
- TikTok: content publishing via the TikTok API for Developers.
- LinkedIn: content publishing via the LinkedIn APIs.
- Spaceship: web hosting and infrastructure.
- Transactional email providers: delivery of receipts, approvals, and notifications.
Cookies and Tracking
We use cookies to operate the Service and improve your experience:
- Necessary cookies: essential for login, security, and core functionality. Cannot be disabled.
- Preference cookies: remember your settings and choices within the platform.
- Analytics cookies: help us understand how the Service is used (only with your consent).
You can manage cookie preferences through your browser settings or our cookie consent banner on the website.
Sharing Your Information
We do not sell your personal data. We share your information only as follows:
- Sub-processors: third-party companies listed in the Sub-Processors section above, who help us operate the Service under contractual data protection obligations.
- Social media platforms: content and publishing instructions are shared with Facebook, Instagram, TikTok, and LinkedIn via their official APIs.
- Legal requirements: we may disclose your data if required by law, court order, or to protect user safety.
- Business transfers: in a merger or acquisition, your data may be transferred. We will notify you in advance.
Data Retention
We retain your personal data for as long as your account is active. If you close your account or revoke our access to your connected social accounts, we will delete your personal data, access tokens, and connected account identifiers within 30 days, except where we are legally required to retain it longer. Generated content and published post records may be retained for up to 12 months to support historical reporting features, after which they are deleted automatically.
Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your personal data
- Object to or restrict certain processing
- Request a portable copy of your data
- Withdraw consent at any time where processing is based on consent
To exercise any right, contact us at support@postailit.com. We will respond within 30 days.
Data Deletion Requests
To request permanent deletion of all data associated with your PostaiLit account, including data linked to your Facebook, Instagram, TikTok, or LinkedIn accounts, visit our deletion request page at postailit.com/data-deletion, or email support@postailit.com with the subject line "Data Deletion Request".
Once verified, deletion is processed within 30 days. We will confirm completion by email. Note that deletion is permanent and cannot be reversed.
Data Security
We use industry-standard encryption (HTTPS/TLS) for all data in transit, store sensitive credentials (including Meta access tokens) encrypted at rest, and limit data access to authorised personnel. Authentication uses secure password hashing, and we offer two-factor authentication for account login. No method of transmission over the internet is fully secure, and we cannot guarantee absolute security.
Children's Privacy
PostaiLit is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the Service. The updated policy is effective when posted.
Contact Us
Questions about this Privacy Policy or how we handle your data?
Email: support@postailit.com
Help Centre: help.postailit.com
Data deletion: postailit.com/data-deletion