Privacy Policy for PostMantis

PostMantis is operated by postmantis (the "Company", "we", "us", or "our"). For the purposes described in this Privacy Policy, the Company is the controller of personal data processed through the Service.

Controller details: postmantis, based in Country pending configuration. For privacy questions, access requests, deletion requests, or other data rights requests, contact [email protected].

We may collect the following categories of personal and operational data:

• Account data — name, email address, profile image, and authentication details provided through sign-in flows.
• Connected account data — provider identifiers, display names, usernames, profile image URLs, granted scopes or permissions, access tokens, refresh tokens, and related authorization data needed to maintain social publishing connections.
• Publishing data — post content, captions, media references, scheduling timestamps, target profile identifiers, provider-side post identifiers, delivery statuses, webhook configuration or delivery metadata, and related submission metadata.
• Support and communications — messages you send to us for support, provider review, compliance, or onboarding assistance.
• Billing and commercial data — plan, subscription, invoices, payment status, and billing-provider references if paid plans are enabled.

When you use PostMantis, we may automatically collect:

• IP address and request metadata,
• device, browser, and operating-system information,
• request timestamps, endpoints, response status, and error diagnostics,
• session and authentication events, and
• security and audit logs needed to operate and protect the Service.

When you connect social media accounts, PostMantis processes the credentials and provider data needed to identify the connected account, maintain authorization, publish content on your behalf, and read delivery data for content published through the Service.

Depending on the provider and the scopes you grant, this may include:

• provider account IDs and destination identifiers,
• display names, usernames or handles, and profile image URLs,
• granted scopes, permissions, access tokens, and refresh tokens,
• provider-side post IDs, publish timestamps, delivery states, and error details for published content.

Your use of third-party platforms remains subject to those platforms' own terms and privacy policies. By connecting a platform account, you confirm that you are authorized to use that account and instruct us to process the related provider data as needed to provide the Service.

PostMantis does not intentionally access private messages, direct messages, or unrelated account data outside connection management, publishing workflows, token maintenance, and delivery follow-up.

PostMantis may use essential session mechanisms required for authentication, account security, and secure operation of the Service.

We do not intend to use advertising trackers. If privacy-friendly analytics are enabled, they are intended to be configured without invasive profiling and without selling personal data.

We use personal data to:

• provide the Service and maintain user accounts,
• connect social accounts and execute publishing workflows,
• store and refresh provider authorization needed to keep connected accounts working,
• retrieve provider delivery status for content published through PostMantis,
• authenticate users and protect sessions,
• provide customer support and respond to requests,
• monitor usage, detect abuse, and improve reliability,
• operate billing and subscription workflows where applicable, and
• comply with legal obligations and valid lawful requests.

Where applicable under the GDPR and similar data protection laws, we process personal data on one or more of the following legal bases:

• Contract performance — to operate PostMantis, maintain accounts, and perform requested publishing actions.
• Legitimate interests — to secure the Service, prevent abuse, monitor system health, and improve product reliability.
• Consent — where we specifically ask for consent for optional features or communications.
• Legal obligation — to meet tax, accounting, compliance, and lawful disclosure obligations.

We may share personal data only as necessary with:

• hosting, infrastructure, storage, logging, and email service providers,
• payment processors and billing providers if paid plans are enabled,
• social platforms when instructed by you through the Service,
• authentication providers used for sign-in, and
• authorities or other parties when required by law or valid legal process.

We do not sell personal data.

Depending on the services used to operate PostMantis, personal data may be processed in multiple countries. Where required, we aim to use appropriate safeguards for international transfers, including contractual protections or reliance on recognized adequacy mechanisms.

We retain personal data for as long as necessary to provide the Service, maintain account history, comply with legal obligations, resolve disputes, enforce agreements, and protect the integrity of the platform.

• Account and publishing records are generally retained while the account is active.
• Users can request account deletion through the dashboard Settings page under Data removal and account deletion, or by contacting our privacy team.
• Provider credentials and user-owned uploaded media stored by PostMantis are removed when access is revoked or deletion is completed.
• Logs are retained for a limited period for security and operational purposes.
• Billing, financial, or tax records may be retained longer where required by law.

We implement technical and organizational measures intended to protect personal data, including access controls, encrypted credential storage, HTTPS for production traffic, and secure infrastructure practices.

Provider access credentials and webhook signing secrets are stored encrypted at rest. Sensitive values are decrypted only when needed for authenticated service operations such as publishing or provider token refresh.

No system is perfectly secure, and we cannot guarantee absolute security. However, we aim to process and store data in a way that is proportionate to the risks of operating a production social publishing service.

Depending on applicable law, you may have the right to request access to your personal data, correction of inaccurate data, deletion, restriction of processing, portability, objection to certain processing, and withdrawal of consent where consent is the legal basis.

Where available, you can use the dashboard Settings page under Data removal and account deletion to request account deletion directly. You can also contact [email protected]. We may need to verify your identity before fulfilling a request.

Account deletion removes PostMantis-held account data and stored media owned by your account, but it does not automatically delete content already published on third-party platforms or records that service providers must retain for legal, accounting, or security purposes.

PostMantis is not intended for children. We do not knowingly provide the Service to individuals under the age required by applicable law to use such a service independently.

We may update this Privacy Policy from time to time. Material changes will be posted on this page and may also be communicated through the Service or by email. Continued use of the Service after the effective date of an updated policy constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to exercise your rights, contact [email protected].

Data controller: postmantis, based in Country pending configuration.