Privacy Policy

When you sign in, we store your email address to identify your account.

When you connect a social account (LinkedIn, Bluesky, X, Instagram, or TikTok), we store the access credentials needed to publish on your behalf. For LinkedIn, X, Instagram, and TikTok this is an OAuth access token (and refresh token where the platform issues one). For Bluesky this is the app password you generate in your Bluesky settings.

For Instagram (via the Meta Graph API) and TikTok (via the Content Posting API), we also store the public account identifier and display name/username returned during authorization, so we can show you which account is connected and publish to the correct profile.

When you publish a post through Postlia, we store the post content, any media URL you attach, which platforms it was sent to, and whether it succeeded — so you can review your post history.

We do not collect payment information, IP addresses, or any analytics beyond what Vercel and Supabase collect by default.

Your email is used only to send magic-link sign-in emails. We do not send marketing emails.

Your social account credentials are used exclusively to publish posts and media you explicitly initiate, and to display your connected account name. We do not read your timeline, followers, direct messages, or any other account data beyond what is required to publish and confirm a post.

Specifically for Instagram and TikTok: we use the granted permissions only to publish content you create in Postlia and to retrieve your basic profile (username/display name and account ID). We never use TikTok or Meta platform data for advertising, profiling, or sale, and we do not share it with third parties.

Your post history is stored so you can review what you've published inside Postlia.

All data is stored in Supabase (PostgreSQL), hosted on AWS in the US-East region. Row-level security ensures your data is only accessible to you.

Social access tokens are stored encrypted at rest by Supabase. We do not log or expose them outside of the publish flow.

We use Supabase for database and authentication, Vercel for hosting, and each social platform's API (LinkedIn, Bluesky, X, Meta/Instagram, and TikTok) for publishing the content you initiate.

Our use of information received from these platforms adheres to each platform's developer policies, including the Meta Platform Terms and the TikTok Developer Terms of Service. Use of data obtained through TikTok and Meta APIs is limited to the publishing features described above.

We do not sell, rent, or share your data with any third parties beyond what's necessary to operate the service.

You can disconnect any social account from your dashboard at any time — this immediately deletes the stored credentials and access tokens for that platform.

To delete your account and all associated data, email us at hello@postlia.com and we will process it within 7 days. You can also revoke Postlia's access at any time from your LinkedIn, X, Instagram/Facebook, or TikTok account settings.

We may update this policy as the product evolves. Material changes will be communicated via email.