PostSyncly
Start free
Back homeLegal

Privacy Policy

Last updated May 5, 2026

This Privacy Policy explains how PostSyncly, Inc. (“we”) collects, uses, shares and protects personal data. We act as a data controller for marketing-site visitors and account holders, and as a data processor for the content and contacts you bring into the Service. Our processor obligations are governed by the Data Processing Addendum.

1. What we collect

Account data

  • Name, work email, profile photo (optional)
  • Workspace name, billing entity and tax details
  • Identity-provider attributes when SSO is enabled

Service data

  • Posts, drafts, comments, approval decisions and assets you upload
  • Inbox messages routed through connected platforms (with your authorization)
  • Analytics events generated by your use of the product (page views, actions)

Technical data

  • IP address, user agent, request metadata for security and debugging
  • First-party analytics (page paths, referrer, viewport) — no third-party ad SDKs

2. How we use it

  • To provide, secure and operate the Service you signed up for
  • To bill you and provide receipts
  • To respond to support requests and surface contextual help
  • To send service announcements (operational, not marketing)
  • To improve the product through aggregated, de-identified usage analysis
  • To comply with legal obligations and respond to lawful requests

We do not sell personal data, and we do not train third-party AI models on customer content.

3. Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: contract (delivering the Service), legitimate interests (security, fraud prevention, product improvement), consent (marketing communication and optional cookies) and legal obligation (tax, accounting, responding to lawful requests).

4. Sharing

We share personal data only with:

  • Sub-processors we use to deliver the Service (hosting, payments, email delivery, AI inference, error tracking). The current list is published at /legal/subprocessors and changes are notified at least 30 days before they take effect.
  • Connected platforms you authorize (Meta, X, LinkedIn, TikTok, YouTube, Google, etc.) — only the data you choose to publish or read.
  • Authorities, when required by law and only after notifying the data subject where lawful.

5. International transfers

Today, all production data is hosted in a single region. Where data is transferred outside its primary region (for example, to a sub-processor we rely on for AI inference or email delivery), we rely on the EU Standard Contractual Clauses (2021), the UK IDTA, and the EU-US Data Privacy Framework where applicable. Multi-region provisioning for EU data residency is on our roadmap; if your compliance program requires it before signing, talk to us first.

6. Retention

Account and billing data is retained for the life of your account plus seven years for tax compliance. Service content is retained per your workspace settings; on termination you have a 30-day export window, after which content is removed from active systems within 60 days and from backups within 12 months.

7. Your rights

You may request to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (subject to legal retention obligations)
  • Export your data in a structured, machine-readable format
  • Object to processing or withdraw consent for marketing
  • Lodge a complaint with your supervisory authority

Step-by-step options (disconnecting channels, Meta/Facebook deletion, and email) are on User data deletion. We respond to verified requests within 30 days. Email support@postsyncly.com to make a request.

8. Security

TLS 1.2+ in transit, AES-256-GCM envelope encryption at rest for stored OAuth tokens, Postgres row-level security for tenant isolation, and a full audit log for every mutating action. Read the full list of controls on the Security overview.

9. Cookies

We use first-party cookies for authentication, security and a small number of functional preferences. We do not use advertising cookies. EU/UK visitors are asked for consent before any non-essential cookies are set.

10. Children

The Service is not intended for, and not knowingly used by, anyone under the age of 16. If you believe a child has provided personal data, contact us and we’ll delete it.

11. Changes

We’ll post material changes here with a new “last updated” date, and notify account owners by email at least 30 days before they take effect.

12. Contact

Privacy questions: support@postsyncly.com. EU representative under Article 27 GDPR: available on request via the same address.