Privacy Policy

PostMesh is a social-media management platform. This policy explains what personal data we collect when you visit our site, create an account, or connect your social networks, how we use it, the legal bases we rely on, and the rights you have under the EU General Data Protection Regulation (GDPR). For the purposes of the GDPR, PostMesh is the data controller for the account and website data described below.

Account data: your name, email address, password (stored only as a salted hash), workspace and team details, and billing information processed by our payment provider.

Connected-account data: when you connect a social network we store the access and refresh tokens needed to publish on your behalf. Tokens are encrypted at rest. We read back only the data each network exposes for the features you use — for example post metrics, comments, or mentions.

Content you upload: the media and copy you create to publish. Original media you upload is stored in EU object storage; the renditions we generate to publish are deleted shortly after they ship.

Usage and technical data: log data, IP address, device and browser information, and the essential cookies needed to keep you signed in and to secure the service.

To provide the service (performance of our contract with you): authenticating you, publishing your posts to the networks you connect, scheduling, validation and previews, analytics, and the unified inbox.

To keep the service secure and working (legitimate interests): fraud and abuse prevention, debugging, capacity planning, and proactive token-health monitoring so a dead connection never silently drops your posts.

To communicate with you (contract and legitimate interests): service notices, failure digests, and replies to messages you send us.

For marketing (consent): only where you have opted in, and you can withdraw consent at any time.

We host PostMesh on EU infrastructure and store your media in EU object storage. We do not run the service on US-owned cloud. Where a sub-processor outside the EU is unavoidable, we rely on an adequacy decision or Standard Contractual Clauses and apply additional safeguards. We never warehouse data a network's own terms forbid us to keep.

We share data only with the sub-processors needed to run the service — our EU hosting and storage providers, our payment provider, and the social networks you choose to connect — and only to the extent required to deliver the features you use. We do not sell your personal data.

We keep account data for as long as your account is active and for a limited period afterwards to meet legal, accounting and dispute-resolution obligations. Connected-account tokens are deleted when you disconnect a network or close your account. Publishing renditions are deleted shortly after a post ships.

Under the GDPR you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent where we rely on it. You also have the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact us at privacy@postmesh.xyz.

We may update this policy as the product evolves; we will post the new version here and update the date below. Questions about your data can be sent to privacy@postmesh.xyz.