Postrivo

Privacy Policy

Effective date: June 21, 2026

1. Introduction

Postrivo ("we," "us," or "our") operates the Postrivo platform, a social media marketing tool that helps individuals and teams plan, publish, and analyze content across social media platforms. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

We collect information in the following ways:

a. Information You Provide

  • Account information: first name, last name, email address, phone number, and password
  • Organization details: organization name and team member information
  • Content: posts, captions, media files, comments, and scheduling preferences you create through the platform
  • Brand voice settings: business description, tone preferences, and sample content
  • Payment information: billing details when you subscribe to a paid plan (processed by our payment provider; we do not store card numbers)

b. Information from Connected Platforms

  • Social media account details: platform usernames, page/account IDs, and profile information from Facebook and Instagram
  • Access tokens: encrypted OAuth tokens used to publish content and retrieve analytics on your behalf
  • Performance data: post impressions, reach, engagement metrics, and audience insights from connected platforms

c. Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, and timestamps
  • Device information: browser type, operating system, screen size, and IP address
  • Cookies and similar technologies: session cookies for authentication and preferences

3. How We Use Your Information

  • Provide, operate, and maintain the platform
  • Publish content to your connected social media accounts on your behalf
  • Generate AI-assisted captions, hashtags, and content suggestions
  • Display analytics and performance metrics for your published content
  • Send transactional emails: account verification, password resets, team invitations, and publishing notifications
  • Improve and personalize the platform experience
  • Respond to your requests, comments, or questions
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Social media platforms: We share your content, media, and account tokens with Facebook, Instagram, and other connected platforms solely to publish and manage content on your behalf
  • AI service providers: Post content may be sent to AI providers (such as OpenAI) to generate captions, rewrites, and suggestions. This data is not used to train AI models
  • Infrastructure providers: We use Supabase for database and authentication, Vercel for hosting, and Resend for transactional email delivery
  • Team members: Content, analytics, and account information is shared with members of your organization workspace
  • Legal requirements: We may disclose your information if required by law, regulation, or legal process

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase (hosted on AWS). We implement industry-standard security measures including:

  • Encryption of social media access tokens at rest using AES-256-GCM
  • HTTPS encryption for all data in transit
  • Row-level security (RLS) policies to ensure data isolation between organizations
  • Signed OAuth state parameters to prevent CSRF attacks
  • Rate limiting on authentication and AI endpoints

Media files (images and videos) are stored in private Supabase Storage buckets with time-limited signed URLs. Published content may reference media hosted on Facebook or Instagram CDNs.

6. Data Retention

  • Account data is retained for as long as your account is active
  • Published post data and analytics are retained until you delete them or deactivate your account
  • AI generation history is retained for audit and cost-tracking purposes
  • Upon account deactivation, posts, media, connections, team data, and settings are permanently deleted. Your name and email are retained with a deleted status for record-keeping

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update your name, email, phone number, and profile information through Settings
  • Deletion: Delete your account and all associated data through Settings > Profile > Deactivate Account
  • Disconnect: Revoke platform access by disconnecting social media accounts at any time
  • Export: Export your analytics data as CSV from the Analytics page

8. Third-Party Links and Integrations

Our platform integrates with third-party services including Meta (Facebook and Instagram), OpenAI, and Giphy. These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

9. Children's Privacy

Postrivo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at Privacy@Postrivo.com.