Privacy policy
This policy explains how Postwme, Inc. collects, uses, shares, protects, retains, and deletes personal data when you use postwme.com, our applications, and related services.
The short version
- We use your information to create, manage, schedule, and publish the content you request.
- We do not sell personal data or use third party advertising cookies.
- You can request an export or schedule account deletion from privacy settings.
- Account deletion has a 30 day grace period that you can cancel before it expires.
1. Who is responsible
Postwme, Inc. is responsible for the processing described in this policy. Privacy requests can be sent to privacy@postwme.com.
2. Information we collect
- Account information: email address, display name, locale, authentication identity, and account status.
- Shop information: shop name, links, category, language, brand settings, team membership, and permissions.
- Customer content: uploaded photos and videos, logos, prompts, captions, generated media, drafts, schedules, and approvals.
- Connected account information: platform identity, encrypted access credentials, granted scopes, connection status, publishing targets, and post performance data.
- Billing information: subscription state, transaction references, entitlement status, and video credit activity. Stripe, Apple, and other stores handle full payment credentials.
- Technical and security information: session data, device and browser information, IP address, request logs, error data, and security signals such as Turnstile results.
- Communications: support requests and other messages you send to us.
3. How we use information
- Provide authentication, shops, team access, media storage, content generation, review, scheduling, publishing, and performance features.
- Process subscriptions and video credits, maintain entitlements, and prevent duplicate transactions.
- Secure the service, prevent abuse, investigate failures, and maintain audit records.
- Respond to support, export, deletion, and legal requests.
- Maintain and improve service reliability and product performance.
Where applicable, we process data to perform our contract with you, comply with legal obligations, protect our legitimate interests in operating a secure service, and act on consent when consent is the required basis.
4. How information is shared
We disclose information only as needed to operate the service or meet legal obligations:
- Infrastructure and authentication: Cloudflare and Supabase provide application hosting, database, authentication, and private media storage functions.
- Content processing: AI and media processing providers receive the prompts, source media, and instructions required for the generation you request.
- Payments: Stripe, RevenueCat, Apple, and applicable stores process purchases and return transaction and entitlement information.
- Connected social platforms: approved content, schedules, and necessary account credentials are sent to the platforms you connect.
- Legal and safety: information may be disclosed when required by law or reasonably necessary to protect users, Postwme, or the public.
- Business transfers: information may be transferred as part of a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate safeguards.
Postwme does not sell personal data.
5. AI and media processing
When you request generation, Postwme may provide selected media, prompts, shop context, and generation instructions to the relevant AI or media provider. Customer media remains in private storage. Provider access uses time limited signed links where supported. Review generated content before approving or publishing it.
6. Cookies and similar technology
Postwme uses session cookies for authentication, a locale cookie for language preference, and Cloudflare Turnstile signals for abuse prevention. We do not use third party advertising cookies.
7. Retention, export, and deletion
- Account, shop, media, and generated content are retained while the account is active or as needed to provide the service.
- Account deletion is scheduled with a 30 day grace period. You can cancel the request during that period.
- When deletion executes, Postwme removes the account, shops, private media, connected account credentials, drafts, and scheduled posts, subject to records we must retain for security, disputes, tax, accounting, or legal compliance.
- Detailed post performance records may be retained for up to 90 days. Aggregated performance totals may be retained longer.
- Data exports are delivered through a time limited private download.
8. Security
Postwme uses HTTPS in transit, private storage for customer media, time limited signed media links, role based access controls, and encryption for connected platform credentials. No security system is completely risk free.
9. International processing
Postwme and its providers may process data in countries other than the country where you live. The primary Supabase database region is Singapore. Where required, we use contractual or other lawful safeguards for international transfers.
10. Your choices and rights
You can update account and shop information, disconnect social accounts, request an export, or schedule deletion from settings. Depending on applicable law, you may also have rights to access, correct, delete, restrict, object to processing, or obtain a portable copy of personal data. You may have the right to complain to your local data protection authority.
Submit a request through privacy settings or email privacy@postwme.com. We may need to verify your identity before completing a request.
11. Children
Postwme is not intended for children under 16. We do not knowingly collect personal data from children under 16.
12. Policy changes
We may update this policy when the service or legal requirements change. If a change materially affects your rights, we will provide reasonable notice before it takes effect.
13. Contact
Privacy questions and requests can be sent to privacy@postwme.com.