Privacy Policy

Last updated: March 25, 2026

PostedLabs, Inc. ("POSTED", "we", "us", or "our") operates the POSTED mobile application and website at postedlabs.io (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information:

• Account information: Name, email address, and password when you create an account.
• Workspace data: Workspace name, logo, and team member information you provide.
• Social account credentials: OAuth tokens for connected social media accounts (Instagram, TikTok, X/Twitter, LinkedIn, YouTube). We do not store your social media passwords.
• Content data: Posts, captions, media files, and scheduling information you create within the Service.
• Usage data: Information about how you interact with the Service, including device type, operating system, and feature usage patterns.
• Communications: Email address provided for waitlist signup or support inquiries.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Publish scheduled posts to connected social media platforms on your behalf
• Generate analytics and reports based on your social media account performance
• Send transactional emails (account confirmations, scheduling notifications, approval requests)
• Send product updates and announcements (you may opt out at any time)
• Improve and develop new features for the Service
• Respond to support requests
• Comply with legal obligations

3. Social Media Platform Data

POSTED integrates with third-party social media platforms including Meta (Instagram), TikTok, X Corp (Twitter), LinkedIn, and YouTube. When you connect a social media account:

• We access your account only to perform actions you explicitly authorize (publishing posts, reading analytics)
• We store OAuth access tokens securely in Firebase to maintain your connected accounts
• We do not sell or share your social media data with third parties for advertising purposes
• You may disconnect any social account at any time from within the app
• Revoking access through the platform's own settings will invalidate our stored token

Your use of connected platforms is also governed by those platforms' own privacy policies and terms of service.

4. Data Storage and Security

Your data is stored using Google Firebase, including Firebase Authentication, Firestore, and Firebase Storage. We implement industry-standard security measures including:

• Encrypted data transmission (TLS/SSL)
• Firebase Security Rules to restrict data access to authorized users only
• Regular security reviews

While we take reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service providers: Third-party vendors that help us operate the Service (Firebase/Google, Loops.so for email). These parties are bound by confidentiality obligations.
• Social media platforms: Data you choose to publish is transmitted to the respective platforms per your instructions.
• Legal requirements: We may disclose information if required by law or in response to valid legal process.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time — see Section 9 below.

We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, financial records).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a portable format
• Objection: Object to certain types of processing
• Opt-out: Unsubscribe from marketing emails at any time

To exercise these rights, contact us at privacy@postedlabs.io.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

9. Data Deletion

You may request deletion of your account and all associated personal data at any time. See our User Data Deletion Policy for full details and instructions.

10. Cookies and Tracking

Our website may use cookies and similar tracking technologies to improve user experience and analyze usage. You may control cookie preferences through your browser settings.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, please contact us at:

PostedLabs, Inc.
privacy@postedlabs.io
postedlabs.io