At Postai we handle your data with transparency and responsibility. This Policy explains what data we collect, what we use it for and what your rights are. For any question, write to us at hola@postai.es.
1. Data controller
Llorenç Crespo Pratginestós · NIF: 47976114T · Olot, Girona, Spain · hola@postai.es
Regulatory framework: GDPR (EU) 2016/679, LOPDGDD and LSSI.
2. Data we collect and why
2.1 Data provided by the User
- Registration: full name, email, password (encrypted).
- Profile: plan, language, settings.
- End clients: companies and LinkedIn profiles entered by the User.
- Corporate documents: PDF/DOCX/TXT files to contextualize AI generation.
- Billing: handled by Stripe. We do not store card data.
2.2 Data generated by use
- Access and activity logs.
- Technical data: IP, browser, OS, timestamp.
- Generated content: plannings, posts, configurations.
- Error logs and technical telemetry.
3. Legal bases (art. 6 GDPR)
- Service provision and account management: contract performance.
- Billing: legal obligation.
- Transactional communications: contract performance.
- Service improvement (aggregate analysis): legitimate interest.
- Commercial communications: consent or prior relationship (art. 21 LSSI).
- Security: legitimate interest.
4. Processing purposes
- Generation of plannings, posts and cards; management of companies and profiles; PDF export.
- Authentication, limit control, technical support.
- Billing via Stripe.
- Transactional communications (registration, password, payments).
- Fraud detection and audit logs.
- Anonymized analysis to improve features.
Postai does not use User data to train AI models.
5. Providers and processors
| Provider | Function | Location |
|---|---|---|
| Supabase | Database, auth, storage | EU (Ireland) |
| Vercel / Lovable | Frontend hosting | EU / USA |
| Anthropic | AI API for content generation | USA |
| Stripe | Payments and subscriptions | EU / USA |
| Resend | Transactional emails | USA |
| Google Analytics 4 | Web analytics (consent only) | EU / USA |
Standard contractual clauses from the European Commission apply to international transfers.
6. Data retention
| Data type | Period |
|---|---|
| Account data | Account lifetime + 12 months blocked |
| Generated content | Lifetime + 30 days after cancellation |
| Corporate documents | While they remain in the account |
| Billing data | 5–7 years (tax obligation) |
| Technical logs | 90 days |
| Support communications | 2 years |
7. Data security
- Encryption in transit (TLS) and at rest.
- User isolation with Row Level Security (RLS).
- Secure authentication via Supabase Auth.
- Restricted access to production data.
- API keys as server-side secrets.
8. Cookies and similar technologies
Postai only uses strictly necessary cookies for the operation of the service (session, language preferences) and, with the User's explicit consent, Google Analytics 4 (GA4) analytics cookies to measure the aggregate use of the platform.
Analytics cookies are only loaded after the User accepts them in the cookie banner. The User may revoke consent at any time from the "Configure cookies" link in the footer.
More information on Google Analytics privacy practices: https://policies.google.com/privacy
9. Commercial communications
We may send you communications about the service (news, important changes) under the previous contractual relationship (art. 21 LSSI), always with an opt-out mechanism.
10. Rights of data subjects
You can exercise these rights by sending an email to hola@postai.es with subject "GDPR Rights" and a copy of your ID:
- Access, rectification, deletion, opposition, restriction, portability, withdrawal of consent.
Response within one month. If we don't respond, you can complain to the AEPD (www.aepd.es).
11. End-client data managed by the User
The User acts as data controller for their end-clients' data; Postai acts as data processor. For a formal DPA, contact hola@postai.es.
12. Minors
Service not directed to persons under 18.
13. Modifications
We will notify substantial changes by email or platform notice with reasonable advance.
14. Contact
Email: hola@postai.es · Llorenç Crespo Pratginestós, NIF 47976114T · https://postai.es