How Postairo collects, uses, and protects data.

Postairo provides a social publishing workspace that helps users connect channels, prepare content, schedule publishing, and review workspace activity. This Privacy Policy explains what information we collect, how we use it, and how we protect it when you use the service.

By accessing or using Postairo, you agree to the collection, use, disclosure, storage, and deletion practices described in this policy.

We collect information needed to operate the service, authenticate users, and support connected publishing workflows.

• Account information: details such as your email address, name, login credentials, and basic profile data.
• Google account data: when you sign in with Google, we receive your Google user ID, email address, display name, profile photo, and whether the email address is verified.
• Connected social account data: OAuth access tokens, refresh tokens, platform user identifiers, and profile details returned through supported platform authorization flows (Instagram, Facebook, YouTube, TikTok, Twitter/X, LinkedIn, Pinterest, Threads). These are used solely to publish content and manage connections on your behalf.
• Content and media: post text, scheduling choices, media attachments, and related publishing metadata.
• Usage and diagnostics: technical information such as browser details, IP address, device identifiers, and activity logs used to improve reliability and security.
• Workspace records: workspace names, member roles, API keys, billing references, and other settings necessary to run your account.
• Payment information: payment details collected to process subscription and billing securely. Payment transactions are handled by third-party payment processors; we do not store full card details.

We use collected information to provide and improve the core functionality of Postairo.

• Authenticate users and protect access to workspaces.
• Create or link your account when you sign in with Google or another supported provider.
• Connect supported channels and publish or schedule content on your behalf.
• Display publishing status, queue information, and workspace activity inside the app.
• Communicate service updates, support responses, and account-related notices.
• Monitor abuse, troubleshoot incidents, and comply with legal obligations.
• Process subscription payments and maintain billing records.

Postairo uses Google OAuth in two ways: Google sign-in for authentication, and YouTube connection for publishing videos from your workspace. By connecting YouTube, you are also subject to the YouTube Terms of Service. For information on how Google collects and processes data, please refer to the Google Privacy Policy.

• OAuth scopes requested: for Google sign-in, we request the openid, email, and profile scopes. For YouTube channel connection, we request the https://www.googleapis.com/auth/youtube.upload and https://www.googleapis.com/auth/youtube.readonly scopes.
• Data accessed: for Google sign-in, we access your Google user ID, email address, display name, profile photo, and verified email status. For YouTube, we access the connected channel identifier, channel title, and channel avatar where available.
• Data usage: we use Google sign-in data to authenticate you, create or match your Postairo account, and show your profile in the app. We use YouTube data to connect your channel, upload videos, display the connected channel in the dashboard, and check publishing status.
• Data sharing: we do not sell Google user data. We only share it with Google and our service providers as needed to authenticate your account, connect channels, publish content you request, and operate the service.
• Data storage and protection: for Google sign-in, we do not store Google access tokens or refresh tokens. For YouTube publishing, Postairo stores the connected account's encrypted OAuth credentials so we can publish videos and refresh access when needed. Access is limited to authorized systems and protected with standard security controls.
• Data retention and deletion: Google sign-in and YouTube connection records are retained until you disconnect the account, delete your Postairo account, or ask us to remove it, unless retention is required by law, billing, fraud prevention, or legitimate security needs. Upon account deletion or disconnection, Google-related data is removed within 90 days.
• AI and machine learning: Google user data accessed through OAuth is not used to train AI or machine learning models, and is not shared with any third party for that purpose.

If you disconnect Google or YouTube from your Postairo account or delete your account, we remove the related connection record according to the retention rules in this policy.

When you connect a social media account to Postairo, we request OAuth authorization with the minimum scopes needed to publish and manage content on your behalf. The following describes each supported platform.

• Instagram: scopes instagram_business_basic, instagram_business_content_publish, instagram_business_manage_insights. Used to publish posts and retrieve basic analytics.
• Facebook: scopes pages_show_list, pages_read_engagement, pages_read_user_content, pages_manage_engagement, pages_manage_posts, read_insights. Used to publish to Facebook Pages and retrieve engagement data.
• Threads: scopes threads_basic, threads_content_publish, threads_manage_insights. Used to publish Threads posts and retrieve insights.
• Twitter / X: scopes tweet.read, tweet.write, users.read, offline.access. Used to post tweets and read basic account information.
• TikTok: scopes user.info.basic, video.publish, video.upload. Used to upload and publish videos to TikTok.
• LinkedIn: scopes openid, profile, email, w_member_social. Used to publish posts to your LinkedIn profile.
• Pinterest: scopes boards:read, pins:read, pins:write. Used to create and manage Pins on your boards.

For each connected platform, we store encrypted OAuth credentials (access tokens and refresh tokens where applicable) solely to perform publishing operations you initiate. We do not sell or share this data with third parties outside of operating the service. Tokens are removed when you disconnect the account or delete your Postairo account.

Your use of each integration is also subject to the respective platform's own terms of service and privacy policy.

We do not sell Google user data or other personal information. We only share data in limited situations that are necessary to run the service.

• Service providers: third-party companies that help us operate the service, including cloud hosting and infrastructure providers, database services, authentication services, logging and monitoring tools, email delivery providers, product analytics platforms, and customer support tooling. These providers process information only as needed to perform services on our behalf.
• Connected platforms: Google, YouTube, and other supported platforms as needed to complete OAuth authentication, connect channels, or publish content you request.
• Payment processors: billing and subscription payments are handled by third-party payment processors who are contractually obligated to protect your information.
• Legal and safety reasons: when required by law, to respond to valid requests, or to protect users, accounts, and the service.

We retain personal data only for as long as it is needed to provide the service, maintain records related to your workspace, and satisfy legal or operational requirements.

Google account metadata, OAuth connection records, and related account information are retained until you disconnect the account, delete your Postairo account, or ask us to remove it, unless retention is required by law, billing, fraud prevention, or legitimate security needs.

Requests related to connected Facebook, Instagram, Threads, Google sign-in, YouTube, or other platform data can be initiated through the in-app disconnect flow or from the public data deletion page.

If you need us to delete Google user data associated with your account, contact support@postairo.com from the email address tied to your account. We will acknowledge your request within 5 business days and complete the deletion within 30 days, except where retention is required by law or legitimate operational need.

We use reasonable administrative, technical, and organizational safeguards to protect information processed by Postairo, including HTTPS transport, access controls, token encryption, and limited internal access.

No online system is completely secure. While we work to protect your data, we cannot guarantee absolute security in every circumstance.

We may rely on third-party services for infrastructure, authentication, analytics, payment, or operational support. Those providers may process information only as needed to perform services on our behalf and under appropriate obligations.

Postairo also depends on third-party platform APIs, including Google and YouTube, for sign-in and connected publishing features. Your use of those integrations is also subject to the relevant platform's own terms and privacy policies, including the YouTube Terms of Service and the Google Privacy Policy.

Postairo is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.

If you believe we may have collected information from a child under 13, please contact us at support@postairo.com.

Depending on your jurisdiction, you may have rights relating to your personal data, including the right to:

• request access to the information we hold about you,
• request correction of inaccurate or incomplete information,
• request deletion of eligible data,
• object to or restrict certain processing, and
• request data portability where applicable.

To make a request, contact us at support@postairo.com.

We may update this Privacy Policy from time to time to reflect product changes, operational needs, or legal requirements. When that happens, we will update the date on this page and, where appropriate, provide additional notice.

Questions about this Privacy Policy, privacy requests, or account data handling can be sent to support@postairo.com.