PostivexSign in
Legal Document

Privacy Policy

Last updated: June 1, 2025 · Effective: June 1, 2025

Summary: Postivex collects only what it needs to operate the service. We do not sell your personal data. EU/UK users have full GDPR rights. You can delete your account and all data at any time.

Table of Contents

  1. 1. Who We Are
  2. 2. Data We Collect
  3. 3. How We Use Your Data
  4. 4. Legal Basis for Processing (GDPR)
  5. 5. Third-Party Services
  6. 6. Data Storage & Security
  7. 7. International Data Transfers
  8. 8. Data Retention
  9. 9. Your Rights
  10. 10. Children's Privacy
  11. 11. Cookies
  12. 12. Changes to This Policy
  13. 13. Contact Us & DPO

1. Who We Are

Postivex Ltd. ("Postivex", "we", "our", or "us") operates the social media management platform accessible at https://postivex.com and its subdomains.

For the purposes of the General Data Protection Regulation (GDPR), Postivex Ltd. is the data controller of personal data processed through our platform.

Contact: privacy@postivex.com

2. Data We Collect

We collect personal data in the following categories:

Account Data

  • Name and email address (from registration or social OAuth)
  • Profile picture (optional)
  • Hashed password (if using email/password login)

Social Profile Data

  • LinkedIn profile information (name, headline, about, skills, connections) — only when you connect your account via OAuth
  • Facebook Page data (page name, category, about, engagement) — only with your permission
  • Reddit profile data (username, bio, karma) — only with your permission
  • OAuth access tokens (encrypted) necessary to read/write on your behalf

Content Data

  • Posts you create, schedule, or publish through Postivex
  • AI-generated content created on your behalf
  • Post performance analytics

Usage Data

  • Pages visited and features used within the app
  • Browser type, device type, operating system
  • IP address and approximate geographic location (country/city level)
  • Session timestamps

Payment Data

  • We do not store payment card details. All payment processing is handled by our PCI-DSS compliant payment processors (Paddle, LemonSqueezy, PayPal, or SSLCommerz).
  • We retain transaction IDs, subscription status, and payment history.

3. How We Use Your Data

We use your data for the following purposes:

  • Service delivery: To operate and maintain your Postivex account and provide features
  • AI analysis: To generate profile audits, content recommendations, and lead analysis using your profile and post data
  • Content publishing: To schedule and publish posts to your connected social profiles on your behalf
  • Analytics: To provide you with performance insights on your content and profiles
  • Billing: To process subscription payments and manage your account plan
  • Communications: To send transactional emails (receipts, alerts, password resets) and, with consent, product updates
  • Security: To detect fraud, abuse, and security incidents
  • Legal compliance: To comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your data for advertising on other platforms.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your data under the following legal bases:

Contract performance (Art. 6(1)(b))

Processing necessary to provide the service you subscribed to

Legitimate interests (Art. 6(1)(f))

Security, fraud prevention, product improvement, and business analytics — balanced against your rights

Consent (Art. 6(1)(a))

Marketing emails and non-essential cookies — you can withdraw consent at any time

Legal obligation (Art. 6(1)(c))

Compliance with tax, financial reporting, and law enforcement requirements

5. Third-Party Services

Postivex integrates with the following third-party services, each with their own privacy policies:

Anthropic (Claude API)

Purpose: AI content generation, profile audit, lead analysis

Data transfer: Post content and profile data is sent to Anthropic for processing. No permanent storage by Anthropic per their API terms.

View privacy policy →

OpenAI (DALL-E 3)

Purpose: AI image generation for posts

Data transfer: Image prompts are sent to OpenAI. Generated images are temporarily stored on Postivex servers.

View privacy policy →

LinkedIn (OAuth API)

Purpose: Profile connection, data reading, post publishing

Data transfer: Limited to data you authorize during OAuth consent

View privacy policy →

Facebook (Graph API)

Purpose: Page connection and management

Data transfer: Limited to data you authorize during OAuth consent

View privacy policy →

Reddit (OAuth API)

Purpose: Profile connection

Data transfer: Limited to data you authorize during OAuth consent

View privacy policy →

Payment Processors (Paddle, LemonSqueezy, SSLCommerz, PayPal)

Purpose: Subscription billing and payment processing

Data transfer: Payment data is processed directly by the chosen gateway. We receive transaction confirmation only.

Infrastructure (VPS / Cloud)

Purpose: Hosting and data storage

Data transfer: All user data is stored on our controlled servers. We do not use shared multi-tenant cloud databases.

6. Data Storage & Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest (OAuth tokens, passwords)
  • Access controls limiting employee access to production data
  • Regular security audits and vulnerability assessments
  • Automatic session expiry and secure cookie handling
  • Rate limiting and DDoS protection

While we take every reasonable precaution, no system is 100% secure. If you discover a security vulnerability, please contact security@postivex.com.

7. International Data Transfers

Postivex operates from the European Union and stores data on servers within the EU. When data is processed by third-party AI providers (Anthropic, OpenAI) based in the United States, such transfers are conducted under:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-U.S. Data Privacy Framework (where applicable)

By using Postivex, you acknowledge these international transfers as described in this policy.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account data: Retained until account deletion, then deleted within 30 days
  • Content & posts: Retained while account is active; deleted upon account deletion
  • Payment records: Retained for 7 years for tax/legal compliance
  • Activity logs: Retained for 90 days for security purposes
  • Backups: Encrypted backups are retained for up to 30 days

You can request deletion of your account and personal data at any time through Settings → Account → Delete Account, or by emailing privacy@postivex.com.

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR)

Request a copy of all personal data we hold about you

Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete personal data

Right to Erasure / 'Right to be Forgotten' (Art. 17 GDPR)

Request deletion of your personal data, subject to legal retention requirements

Right to Restriction (Art. 18 GDPR)

Request that we restrict processing of your data in certain circumstances

Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format (JSON/CSV)

Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests or for direct marketing

Right to Withdraw Consent

Withdraw consent for marketing emails or non-essential cookies at any time

Right to Lodge a Complaint

File a complaint with your national data protection authority (e.g., ICO in the UK, CNIL in France)

To exercise any of these rights, email privacy@postivex.com. We will respond within 30 days. We may need to verify your identity before processing the request.

For US residents (California): You have additional rights under the CCPA, including the right to know, the right to delete, and the right to opt-out of sale (we do not sell data). Contact us at the same email.

10. Children's Privacy

Postivex is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact privacy@postivex.com and we will delete it promptly.

11. Cookies

We use cookies and similar tracking technologies. For a full breakdown of cookies we use and how to manage them, see our Cookie Policy.

In summary, we use:

  • Essential cookies: Required for authentication and security (cannot be disabled)
  • Functional cookies: Remember your preferences
  • Analytics cookies: Understand how the service is used (requires consent)

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Sending an email to your registered address
  • Displaying a prominent notice in the Postivex dashboard
  • Updating the "Last Updated" date at the top of this page

Your continued use of Postivex after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us & Data Protection Officer

For privacy-related inquiries, to exercise your rights, or to report a concern:

Privacy Team: privacy@postivex.com

Data Protection Officer: dpo@postivex.com

Company: Postivex Ltd.

Website: https://postivex.com

EU residents may also contact their local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

© 2026 Postivex Ltd. All rights reserved.
Terms of ServiceCookie PolicyBack to Home