Privacy Policy

We use your personal data for the following purposes:

• Provide the Service: operate your AI bot, publish content to your social accounts, manage your subscription
• Authentication: verify your identity and manage your account
• Payment processing: manage billing and subscriptions through Stripe
• Communication: send transactional emails (account confirmation, password reset, subscription updates)
• Service improvement: analyze usage patterns to improve the Service (anonymized analytics)
• Support: respond to your requests and provide customer support

Under the GDPR, we process your data based on the following legal grounds:

• Contract performance: processing necessary to provide the Service you subscribed to (Article 6(1)(b))
• Legitimate interest: analytics and service improvement, fraud prevention (Article 6(1)(f))
• Legal obligation: tax and accounting requirements (Article 6(1)(c))
• Consent: marketing communications, if applicable (Article 6(1)(a))

We share your data with the following third-party processors, each acting under data processing agreements:

• Stripe — payment processing (USA, EU Standard Contractual Clauses)
• Supabase — database hosting (PostgreSQL)
• Fly.io — container hosting for your AI social media manager (Europe)
• Zernio (zernio.com) — social media posting (OAuth tokens and post data)
• Moonshot (Kimi K2.5) — AI language model for content generation
• Resend — transactional email delivery
• PostHog — product analytics
• Vercel — web application hosting

We do not sell your personal data to third parties.

We take security seriously and implement the following measures:

• Per-user isolation: each subscriber receives a dedicated, isolated bot container — your data and conversations are not shared with other users
• Scoped API keys: your social media access is limited to your own accounts via profile-scoped API keys
• Encrypted connections: all data in transit is encrypted via TLS/HTTPS
• Secure credential storage: bot tokens and API keys are stored as encrypted environment variables
• Access controls: only authorized personnel have access to production systems

• Account data: retained while your account is active and for up to 30 days after deletion
• Payment records: retained as required by tax and accounting laws (up to 10 years)
• Bot conversations: processed in real-time within your isolated container and not permanently stored by PostClaw
• Analytics data: retained in anonymized form

When you cancel your subscription, your AI social media manager and associated data (social account connections) are deleted at the end of your billing period.

Under the GDPR, you have the following rights:

• Right of access: request a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your personal data
• Right to restrict processing: limit how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interest
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at hello@postclaw.io. We will respond within 30 days. You also have the right to lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.