Privacy Policy

Posbly — posbly.com

Effective Date: March 2026 · Last Updated: March 2026

1. Introduction

Posbly ("we", "us", "our") operates the website and API at posbly.com. This Privacy Policy explains what personal data we collect, how we use it, how we protect it, and what rights you have in relation to it.

We are committed to protecting your privacy and handling your data responsibly. This policy is written to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other relevant regulations.

By using Posbly, you agree to the collection and use of information as described in this Privacy Policy.

2. What Data We Collect

2.1 Account Data

When you register for Posbly, we collect:

Name and/or business name;
Email address;
Password (stored securely in hashed form — we never store plain-text passwords);
Billing information (processed and stored securely by our payment processor — Posbly does not store full payment card details).

2.2 Social Media Account Credentials (OAuth Tokens)

To publish on your behalf, Posbly requires authorisation to connect to your social media accounts. We collect and store:

OAuth access tokens provided by each connected platform (e.g., Facebook, Instagram, X, TikTok, YouTube, Threads, Bluesky, Pinterest, LinkedIn);
Platform-assigned account identifiers and display names;
Page, profile, or channel identifiers where applicable.

These tokens grant Posbly the minimum permissions necessary to schedule and publish content. We do not use these tokens for any purpose other than delivering the Service on your behalf. We do not read, scrape, or store your social media followers, private messages, or profile data beyond what is strictly necessary for publishing.

2.3 Publishing Request Logs

As a publishing helper, Posbly maintains operational logs of every publishing request. These logs include:

Timestamp of the request;
Target platform(s);
Platform-assigned post identifiers (returned after successful delivery);
Account and profile identifiers used;
Delivery status (success, failure, error code);
Credit balance changes associated with the request;
API key or agent identifier associated with the request (where applicable).

We do not retain copies of your post content in our logs beyond what is required to transmit it to the target platform. Post content is processed in transit and is not stored for any purpose other than delivery.

2.4 Media Files

Images, videos, and other media you upload for scheduled posts are stored temporarily on our servers. All media is automatically deleted within 24 hours of the associated post being published or permanently cancelled. We do not use your media for any purpose other than transmitting it to the designated platform at the scheduled time.

2.5 Usage and Technical Data

We collect technical data required to operate the Service, including:

IP address and general geographic region;
Browser type and operating system (for web interface users);
API key identifiers and usage patterns;
Credit balance and purchase history;
Error logs and diagnostic information.

2.6 Communications

If you contact us by email (support@posbly.com, privacy@posbly.com, payment@posbly.com), we will collect and retain the content of that communication and your contact details in order to respond.

3. How We Use Your Data

We use the data we collect for the following purposes:

Purpose	Legal Basis
Delivering the publishing Service (scheduling and transmitting posts)	Performance of contract
Maintaining your account and authentication	Performance of contract
Processing payments and managing credit balances	Performance of contract
Maintaining operational logs for Service integrity and safety	Legitimate interests
Detecting and preventing spam, abuse, and security threats	Legitimate interests
Blocking requests that violate platform policies	Legitimate interests / Legal obligation
Responding to support enquiries	Performance of contract / Legitimate interests
Sending service notifications (e.g., balance warnings, platform change alerts)	Performance of contract
Compliance with legal obligations	Legal obligation
Improving the reliability and performance of the Service	Legitimate interests

We do not use your data for advertising, profiling, or to train AI models. We do not sell your data to third parties.

4. Logging and the Role of Posbly as a Processor

Posbly is a technical tool. We process and log publishing request metadata because:

It is necessary to deliver the Service correctly (track scheduled posts, retry failed deliveries, charge credits accurately);
It helps us detect misuse, spam, and abuse;
It may be required by the policies of connected social media platforms, which hold Posbly accountable as a developer for misuse that occurs through our integration.

We are not responsible for the content you publish. You are the publisher of record. By accepting our Terms of Use, you confirm that you are responsible for all content transmitted through your account and that you have accepted the terms of each connected social media platform.

We retain request logs for a period of 90 days from the date of the request, after which they are deleted, unless we are required to retain them longer by applicable law or an active enforcement investigation.

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

5.1 Connected Social Media Platforms

To deliver the Service, we transmit your content and associated metadata (timestamps, account identifiers) to the social media platforms you connect. Each platform's privacy policy governs how they handle data received through their API:

Meta (Facebook, Instagram, Threads): facebook.com/privacy/policy
X (Twitter): twitter.com/en/privacy
TikTok: tiktok.com privacy policy
YouTube (Google): policies.google.com/privacy
Bluesky: bsky.social privacy policy
Pinterest: policy.pinterest.com/privacy-policy
LinkedIn: linkedin.com/legal/privacy-policy

5.2 Payment Processors

Payment processing is handled by a third-party payment processor. We share only the billing information necessary to process your transaction. We do not store your full card details.

5.3 Infrastructure Providers

We use reputable cloud infrastructure and hosting providers to operate the Service. These providers process data on our behalf under data processing agreements and are not permitted to use your data for their own purposes.

5.4 Third-Party Integrations

If you access Posbly through a third-party integration platform (such as Make.com), that platform processes data under its own terms. Posbly only shares API responses necessary for the integration to function.

5.5 Legal Compliance

We may disclose your data if required to do so by law, court order, or lawful request by public authorities, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Posbly, our users, or the public.

6. OAuth Tokens and Social Media Permissions

When you authorise Posbly to connect to your social media accounts, you grant us OAuth access tokens with the minimum permissions required to publish content on your behalf. Specifically:

We request only write/publishing permissions relevant to scheduling and posting;
We do not request access to your followers, contacts, direct messages, or private analytics beyond what is strictly necessary;
OAuth tokens are encrypted at rest;
If you disconnect a platform from Posbly, the associated token is deleted from our systems immediately. You should also revoke access directly in the relevant platform's settings to ensure full revocation.

7. AI Agents and API Access

Posbly's API is designed to be accessible by AI agents and automated workflows. If you use an API key to allow an agent to operate under your account:

All activity performed by that agent is attributed to your account;
Logs of agent activity are retained under the same rules as any other publishing request;
We record the API key identifier associated with each request so you can monitor agent usage through your account dashboard;
You are responsible for keeping your API keys secure and revoking any keys that may have been compromised.

8. Data Retention

Data Type	Retention Period
Account data	Until account deletion, then deleted within 30 days
OAuth tokens	Until platform disconnected or account deleted
Publishing request logs	90 days from request date
Media files	Up to 24 hours after post delivery or cancellation
Payment records	As required by applicable financial and tax law (typically 7 years)
Email communications	2 years from last contact

After retention periods expire, data is securely deleted or anonymised.

9. Security

We take appropriate technical and organisational measures to protect your personal data, including:

Encryption of data at rest and in transit (TLS/HTTPS);
Hashed storage of passwords;
Encrypted storage of OAuth tokens;
Access controls limiting data access to authorised personnel only;
Regular security assessments;
Immediate incident response procedures.

No system can be guaranteed fully secure. If you suspect a security incident involving your account, contact support@posbly.com immediately.

10. Cookies and Tracking

Posbly uses only the cookies and local storage necessary for the Service to function, including:

Session and authentication cookies;
User preference storage.

We do not use third-party advertising trackers, retargeting pixels, or cross-site tracking technologies. We do not display advertisements.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

11.1 Right of Access

You may request a copy of the personal data we hold about you.

11.2 Right to Rectification

You may request correction of inaccurate or incomplete data.

11.3 Right to Erasure (Right to Be Forgotten)

You may request deletion of your account and associated personal data by emailing privacy@posbly.com. We will honour this request subject to any legal retention obligations.

11.4 Right to Restriction

You may request that we restrict the processing of your data in certain circumstances.

11.5 Right to Data Portability

You may request a copy of your data in a structured, machine-readable format.

11.6 Right to Object

You may object to processing based on legitimate interests.

11.7 Rights Under CCPA (California Users)

California residents have the right to know what personal data we collect, the right to opt out of data sales (we do not sell data), and the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, email privacy@posbly.com. We will respond within 30 days.

12. International Data Transfers

Posbly may process or store data in jurisdictions outside your own. Where data is transferred internationally, we take steps to ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms where required.

13. Children's Privacy

Posbly is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has registered an account, please contact us at privacy@posbly.com and we will take appropriate action.

14. Third-Party Platform Policies

When you use Posbly to publish on social media platforms, those platforms collect and process data in accordance with their own privacy policies. Posbly has no control over how those platforms use your data once a post has been delivered. You are encouraged to review the privacy policies of all platforms you connect.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on posbly.com. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

For any privacy-related questions, requests, or concerns:

Privacy & Data Requests: privacy@posbly.com
Payment & Billing: payment@posbly.com
General Support: support@posbly.com
Website: posbly.com

This Privacy Policy was last updated in March 2026 and reflects applicable data protection laws and platform integrations as of that date.