← Back Home

Privacy Policy

Effective Date: August 25, 2025

Who We Are

PostWave (“we”, “us”, “our”) provides tools to plan, schedule and analyze social media content. Contact: support@postwave-app.com. For GDPR, we act as the data controller for your account data and as a processor for content you instruct us to publish.

1. Information We Collect

• Account: name, email, password (bcrypt/argon2 hashed), timezone, preferences.
• Billing: via our processor (last4/brand/exp only; no full card storage on our servers).
• Content: posts you draft/upload, schedules, thumbnails and captions you create.
• Social Accounts: OAuth tokens, account IDs, usernames, and metrics returned by each platform (e.g., views, likes, followers).
• Usage/Device: IP, user-agent, pages viewed, events, approximate location, crash logs.
• Cookies: necessary, analytics and preference cookies. See Cookie Controls below.

2. How We Use Data

• Provide the app (authenticate, connect social accounts, schedule/publish posts).
• Analytics and product improvement (aggregate statistics, debug, prevent abuse).
• Support and service communications.
• Billing and fraud prevention.
• Legal compliance and enforcement of our Terms.

3. Legal Bases (GDPR)

Consent (connecting social accounts, analytics); Contract (providing the service); Legitimate Interests (security, anti-abuse); Legal Obligation (tax/records).

4. Sharing & Sub-Processors

We don’t sell personal data. We share it with vendors under DPAs and confidentiality:

• Stripe – payments and invoicing
• Cloud hosting & storage (e.g., AWS/Render/Heroku) – infrastructure
• Email/SMS (e.g., SendGrid/Postmark) – transactional emails
• Analytics/Crash – usage metrics and diagnostics

5. Retention

• Account/profile: while your account is active + up to 30 days after deletion.
• Published post metrics: as long as you keep the social account connected or until you delete them.
• Server logs: ~90 days (security/diagnostics).
• Invoices/financial records: 10 years or as required by law.

6. Security

TLS in transit, encryption at rest for sensitive fields, scoped OAuth tokens, access controls, audit logging, least-privilege keys, and regular backups. No social media passwords are stored—only OAuth tokens.

7. International Transfers

Where data moves outside the EEA/UK, we use appropriate safeguards (e.g., SCCs).

8. Your Rights

GDPR/UK/CCPA rights to access, correct, delete, port, or object/restrict processing. Email support@postwave-app.com. We may verify identity before acting. You can disconnect any social account in Settings.

9. Provider-Specific Disclosures

• Google/YouTube: Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. You can revoke access anytime at myaccount.google.com/permissions.
• Meta (Facebook & Instagram): You can remove PostWave via Facebook’s “Apps and Websites” settings. Data Deletion instructions appear below and at our Data Deletion page.
• X (Twitter): Revoke access at twitter.com/settings/connected_apps.
• LinkedIn: Revoke access at linkedin.com/psettings/permitted-services.
• TikTok: Revoke access at tiktok.com/setting/active-website.

10. Data Deletion Instructions (required by Meta)

You can delete your PostWave account and associated personal data from Manage Account. You may also email support@postwave-app.com with subject “Data Deletion Request”. After verification, we will delete personal data within 30 days, except data we must keep for legal/audit purposes. Disconnecting a social account in Settings immediately revokes our token and scheduled publishing for that account.

11. Cookies & Controls

We use strictly necessary cookies (auth, security), analytics, and preferences. Where required, we present a consent banner. You can change preferences anytime via the cookie settings link in the footer or your browser controls.

12. Children

PostWave is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided data, contact us to remove it.

13. Changes

We may update this policy and will post the new Effective Date. Material changes will be notified in-app or by email.

Contact

support@postwave-app.com