Privacy Policy

Last updated: 2025-09-23

This Privacy Policy explains how Posterly ("we", "us", "our"), operated by Grassroots Marketing LLC (trading as Posterly), collects, uses, shares, and safeguards information when you use our website and application.

Who we are

Controller: Grassroots Marketing LLC, trading as Posterly
Address: 1801 Smart Heights, Dubai, UAE
Contact: support@poster.ly
Governing law and venue: UAE (Dubai Courts)

Information we collect

• Account & OAuth data: When you connect social accounts (e.g., Instagram, Facebook, TikTok, YouTube, Threads, X/Twitter, LinkedIn), we receive profile identifiers and OAuth tokens/refresh tokens necessary to publish content on your behalf. Tokens are stored securely and can be revoked at any time via the provider’s security settings.
• Content you provide: Media files, captions, and scheduling details you upload to Posterly.
• Operational data: Minimal logs and technical data (e.g., error logs) to operate, secure, and improve the service.
• Billing: Subscription payment processing is handled by Stripe. We do not store full payment card details.

How we use information

• Provide, maintain, and improve the Posterly service.
• Publish content to the platforms you authorize.
• Provide support and communicate service updates.
• Ensure security and prevent misuse.

Third‑party processors

We rely on trusted vendors to provide the service. These include:

• Supabase (database, storage, auth)
• Vercel (hosting)
• Railway (background worker hosting)
• Upstash (Redis queue)
• OpenAI (optional AI caption features)
• Google Drive (file import), Google/YouTube Data API
• Meta (Facebook/Instagram), TikTok, X/Twitter, LinkedIn
• Stripe (billing)

Operational logs, queue, and metrics

To deliver scheduled posts reliably, Posterly processes jobs via a background worker and Redis-based queue. We record minimal operational data such as job identifiers (e.g., post IDs), platform, timestamps, duration, HTTP status, and error codes strictly for troubleshooting, reliability, and abuse prevention. These logs are accessible only to authorized personnel and are not sold or used for advertising.

• Queue artifacts: Completed jobs are automatically removed within ~24 hours (or after a small recent count), and failed jobs are retained for up to ~7 days for diagnosis before deletion.
• Metrics: Internal service metrics (e.g., counts of jobs and per‑platform concurrency in use) may be exposed on a private endpoint for monitoring. These metrics do not include your captions, media, or personal information.

Google/YouTube disclosures

Posterly uses the YouTube Data API to enable uploads and related features. By using these features you agree to the YouTube Terms of Serviceand the Google Privacy Policy. You can revoke Posterly access in your Google Account at myaccount.google.com/permissions.

Data retention & deletion

Upon cancellation, we promptly revoke access tokens and delete account‑level content and personal data unless a longer retention is required by law. Operational logs and backups are purged on a rolling basis and, where applicable, within 30 days. Queue artifacts are automatically cleaned as described above. You may also contact support@poster.ly to request deletion at any time.

Children

Posterly is intended for users aged 13+. We do not knowingly collect data from children.

International transfers

Data may be processed in locations where our providers operate. We apply reasonable safeguards and use reputable vendors.

Security

We use TLS in transit and encrypt sensitive data at rest where applicable (e.g., tokens in Supabase).

Changes

We may update this policy. Material changes will be noted by updating the "Last updated" date above.

Contact

For questions or rights requests, contact support@poster.ly. No Data Protection Officer is appointed.