Privacy Policy.

We collect three categories of data:

• Account data — name, email, hashed password (Argon2), workspace and role, and billing identifiers handled by our payment processor.
• Platform data — OAuth tokens for connected social accounts (encrypted at rest), page/profile IDs, scopes you granted, and metadata of posts you create or schedule.
• Usage data — IP address, user agent, timestamps, feature events, request traces, and product analytics — used to operate and improve the service.

We do not knowingly collect data from children under 16. If you believe a minor has registered, contact us and we will remove the account.

We use personal data only to:

• operate and maintain the PostAura service;
• authenticate accounts, run campaigns, generate content, and publish on your behalf;
• prevent abuse, secure infrastructure, and comply with platform policies;
• send transactional emails (billing, security, product changes) — marketing emails are opt-in;
• improve features through aggregated, de-identified analytics.

We do not train foundation models on your private content. AI requests are sent to the model providers you select via our LLM router, under their respective data-processing terms.

Where European data-protection law applies, we process personal data under one or more of the following lawful bases: performance of a contract with you, our legitimate interests in operating and securing the service, your explicit consent (e.g., marketing, optional cookies), and compliance with legal obligations.

We share data only with vetted sub-processors who help us run the service:

• cloud hosting and database providers (compute, storage, backups);
• AI model providers you select per campaign (Anthropic, OpenAI, Google, OpenRouter, DeepSeek, xAI, Perplexity);
• social platforms you connect (LinkedIn, Meta/Facebook/Instagram, X, Threads) — only data needed to publish or fetch metrics;
• payment processor (for subscription billing);
• email and analytics providers used for transactional messages and product telemetry.

We never sell personal data. We may disclose data if required by law, court order, or to protect our rights and users' safety.

PostAura is operated from servers in the EU and US. When personal data is transferred outside your jurisdiction, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent safeguards required by applicable law.

We keep personal data only as long as needed to provide the service or meet legal obligations.

• Account data: until you delete your account, plus up to 30 days for backup expiry.
• Posts and campaign data: retained while your account is active; you can delete any campaign or run at any time.
• Logs and analytics: typically retained 30–90 days, then aggregated or removed.
• Billing records: retained as required by tax and accounting law (typically 6–10 years).

Security controls include:

• Argon2 password hashing, refresh-token rotation with theft detection;
• Fernet symmetric encryption for stored OAuth tokens;
• TLS 1.2+ in transit, encrypted backups at rest;
• OPA-driven RBAC/ABAC and per-user data isolation;
• audit logs on the Business plan;
• least-privilege access for engineers, with reviewed change control.

No system is perfectly secure. If you discover a vulnerability, please report it to security@postaura.com.

Depending on where you live, you may have the right to:

• access a copy of personal data we hold about you;
• correct inaccurate data;
• delete your account and associated data;
• restrict or object to certain processing;
• port your data in a machine-readable format;
• withdraw consent (where processing is consent-based);
• lodge a complaint with your local supervisory authority.

Most rights are exercisable directly from your account settings. For anything else, email privacy@postaura.com.

We use a small number of cookies to keep you signed in, remember preferences, and measure aggregate usage. Details — including how to control them — are in our Cookie Policy.

We may update this Privacy Policy from time to time. Material changes are announced at least 14 days in advance via email or in-product notice. The current version and last-updated date are always at the top of this page.

Privacy questions, requests, or complaints: email privacy@postaura.com. General queries: see /contact.