Skip to content

PostSider is in private beta. Public launch coming soon. Join the whitelist

Last updated: June 26, 2026

This Privacy Policy explains how PostSider (“PostSider”, “we”, “us” or “our”) collects, uses, shares and protects personal data in connection with the PostSider social media scheduling, publishing, analytics, AI agent and team collaboration platform (the “Service”), and the website at postsider.com and related sub-domains (the “Site”). It applies to visitors to the Site, account holders, members of customer workspaces, prospects, and anyone else who interacts with us. By using the Site or the Service you acknowledge this Policy. For our contractual terms, see our Terms of Service.

1. Who We Are (Data Controller)

The Service is operated by Lumi Zone Łukasz Blania, a sole proprietorship (jednoosobowa działalność gospodarcza) registered in Poland, with its place of business at ul. Zabrska 15, 40-083 Katowice, Poland, Tax Identification Number (NIP) 1990132289. Lumi Zone Łukasz Blania is the data controller for account, billing, customer support, marketing and Service usage data, and is the integrating party with the third-party social media platforms whose APIs the Service uses (X / Twitter, Meta, LinkedIn, YouTube, TikTok, Pinterest, Threads, Bluesky, Mastodon, Discord, Slack, Telegram and others).

For all privacy questions, requests and complaints you can reach us at lukasz@postsider.com. Postal contact details are set out at the end of this Policy.

2. The Service in Brief

PostSider lets you connect 30+ social media and chat channels and centrally schedule, publish, analyse and collaborate on content. The platform includes a calendar and scheduling engine, a media library, a publishing queue, analytics, AI-assisted content generation, team and workspace management, and a first-class agent bridge that lets your own AI agents operate the Service over MCP, REST and SDK. Some features depend on your plan and on the platforms you choose to connect.

3. The Data We Collect

3.1 Account & identity data

  • Name, email address, password (stored as a salted hash), profile picture, organisation name, role, language and timezone preferences.
  • If you sign in via a social login provider (for example Google), the basic profile fields and email returned by that provider.
  • Workspace and team membership, invitations sent and accepted, and the permissions granted within a workspace.

3.2 Connected platform data

When you connect a third-party social or messaging account to PostSider we receive and store, via that platform’s API:

  • OAuth access & refresh tokens (encrypted at rest), the scopes you granted, the platform username and identifier, and account-level metadata (for example profile picture, follower counts, page IDs, channel IDs).
  • Content and engagement data needed to provide the Service: posts you create or schedule, posts already published, comments, replies, direct messages where you have explicitly enabled that feature, post-level analytics (impressions, clicks, reach, video retention and similar), and audience-level aggregates the platform exposes.

For YouTube specifically, the Service uses YouTube API Services. Your use of those features is also subject to the YouTube Terms of Service and the Google Privacy Policy. You can revoke PostSider’s access to your Google data at any time at https://security.google.com/settings/security/permissions.

3.3 Content you upload

Text, images, video, audio, captions, links, hashtags, schedules, prompts, comments, approval notes, calendar metadata and any other content you upload to or generate within the Service, including content created or scheduled by an AI agent acting on your behalf through our API.

3.4 Billing data

Plan, subscription status, invoice history, billing email, billing address and tax identifiers. Card details and bank-account details are collected and stored directly by our payment processors (for example Stripe, Paddle); PostSider only receives a tokenised reference, the last four digits, the brand, and the expiry month and year.

3.5 Logs, usage & device data

  • IP address, user-agent, browser type and version, operating system, device identifiers, referrer URL, language preference, approximate location derived from IP (country or region).
  • Application telemetry: pages visited, features used, posts created, published or failed, API calls made (including calls made by your connected AI agents), error reports, performance metrics, and crash data.
  • Session and authentication data, including login timestamps, session tokens and security events (for example password changes, MFA enrolment, API key creation).

3.6 Communications & support data

Messages you send to us by email, in-app chat, via support tickets or via our community channels; surveys, feedback and feature requests; engagement metrics for the marketing emails you receive (open rate, click rate, link clicked).

3.7 Cookies & similar technologies

The public Site uses strictly necessary cookies and local storage (for example for security and basic preferences) without consent. For analytics we use Umami, a privacy-friendly, self-hosted analytics tool that is cookieless and collects only aggregated, anonymised usage data (such as page views, referrers and approximate country derived from IP); it does not use cookies, does not track you across other websites, and does not build advertising profiles. We load Umami only after you allow the Analytics category in our consent banner, and you can withdraw that consent at any time (after which it is not loaded on subsequent pages). For advertising we use the Meta (Facebook) Pixel, which we load only after you allow the Marketing category in the same banner. When loaded, it sets cookies and shares data about your visit (such as pages viewed and actions taken on the Site) with Meta Platforms Ireland Limited and Meta Platforms, Inc. in the United States, so that we can measure our advertising and reach relevant audiences on Meta services; this involves a transfer of personal data outside the EEA. The Meta Pixel is never loaded without your prior consent, you can withdraw that consent at any time, and we set no other advertising cookies. Within the authenticated Service, cookies and local storage that are strictly necessary to keep you signed in and to operate core features are used on the basis of providing the Service; disabling them will break parts of the Service.

4. How We Use the Data & Legal Bases

We process the data described above for the purposes below. Where the GDPR (or UK GDPR) applies, the legal basis for each purpose is shown in brackets.

  • Provide the Service: authenticate users, create and manage your account and workspaces, store and publish your content to connected platforms, execute actions requested by your AI agents over the API, return analytics, and provide customer support. (Performance of contract.)
  • Bill and collect payment: issue invoices, manage subscriptions, prevent payment fraud, comply with tax law. (Performance of contract; legal obligation.)
  • Secure the Service: detect and prevent abuse, fraud, account takeover, brute-force attacks, spam and infrastructure attacks; investigate incidents; enforce the Terms. (Legitimate interests in keeping the Service safe; legal obligation.)
  • Operate, maintain and improve the Service: debug, monitor uptime, measure performance, test features, build aggregated usage analytics. (Legitimate interests in running and improving a reliable Service.)
  • Communicate with you: send service-related messages (receipts, security alerts, post-failure notices, scheduled-post confirmations) and, where you have opted in or where permitted, marketing communications. (Performance of contract; consent or legitimate interests, depending on the message and your jurisdiction.)
  • Comply with law: respond to lawful requests, enforce our rights, defend claims. (Legal obligation; legitimate interests.)

We do not use the content of your scheduled posts, your connected-platform content, or your private messages to send you advertising, and we do not sell that data.

Automated decision-making. We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR. The AI-assisted features described in Section 5 generate suggestions and drafts that you (or an agent you authorise and control) review before any post is published or action is taken.

5. AI-Assisted Features & Agent Access

The Service offers optional AI features that generate or rewrite captions, hashtags, image prompts, video scripts and analytics summaries, and it lets your own AI agents operate the Service through our MCP server, REST API and SDKs. To provide the generative features we transmit your prompts and the inputs you choose to include to third-party model providers (for example Anthropic and similar) acting as our sub-processors. We instruct those providers not to use your inputs or outputs to train their models. When you connect an external AI agent over our API, that agent acts under your account and the credentials you issue, and the actions it takes are attributable to you. AI outputs are generated probabilistically and may be inaccurate; you remain responsible for reviewing them before publishing.

6. PostSider as Controller vs Processor

For account, billing, Site analytics, marketing and security data, PostSider acts as a data controller.

For the content you publish through the Service and the personal data of your audience, followers, customers and message contacts that flows through PostSider on your instructions, PostSider acts as a data processor on your behalf, and you are the controller. You are responsible for having a lawful basis for that processing, for providing notices and obtaining consents from your end-users, and for honouring their rights. On request we will sign our standard Data Processing Addendum (DPA), which incorporates the EU Standard Contractual Clauses (and the UK Addendum) where relevant; email lukasz@postsider.com to request it.

7. Who We Share Data With

We do not sell personal data and we do not rent it to third parties. We share data only with:

  • Sub-processors and infrastructure providers: including cloud hosting and storage, content delivery networks, database providers, error-monitoring and observability vendors, customer-support platforms, transactional email providers, analytics platforms, payment processors and AI-model providers. We require these vendors to provide adequate security and to process data only on our instructions and for the agreed purposes.
  • Connected third-party platforms: when you schedule or publish content, we transmit it to the platform you selected; when you request analytics, we receive it from that platform. Each platform’s own privacy policy governs what it does next.
  • Other members of your workspace: content, schedules, comments and approval activity are visible to the other people in the workspaces you join, according to the role and permissions assigned to them.
  • Professional advisors: accountants, auditors, lawyers, insurers and similar advisors, under confidentiality.
  • Authorities: when we are legally required to disclose data (court order, valid law-enforcement request, regulatory request) or when disclosure is necessary to investigate or prevent fraud, abuse, security threats or harm to people. Where lawful we will attempt to redirect the request to you first.
  • Successor entities: in the event of a merger, acquisition, financing, reorganisation or sale of assets, in which case we will require the recipient to honour this Policy or provide notice of any new policy.

8. International Data Transfers

PostSider operates from Poland (European Union) and uses sub-processors in the United States, the European Union, the United Kingdom and other jurisdictions. As a result, personal data we process may be transferred to and stored in countries outside your own, including countries that may not have been recognised as providing an “adequate level of protection” by the European Commission, the UK ICO or other regulators.

Where personal data subject to the GDPR or UK GDPR is transferred to a country without an adequacy decision, we rely on the European Commission Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by additional technical and organisational measures (encryption in transit and at rest, access controls, contractual restrictions on sub-processor use of the data). You may request a copy of the relevant safeguards by emailing lukasz@postsider.com.

9. Data Retention

  • Account data: kept for as long as your account is active. After account closure, retained for up to 90 days to allow recovery, then deleted or anonymised, except where longer retention is required (see below).
  • Scheduled content not yet published: kept until published or until you delete it.
  • Published-post records and analytics: kept while your account is active, so historical analytics remain available.
  • OAuth tokens: kept while the connection is active; revoked tokens are deleted promptly. You can disconnect a platform at any time from your account settings.
  • Billing records: retained for the period required by Polish tax and accounting law (typically 5 years from the end of the relevant calendar year).
  • Logs: operational and security logs are typically retained for up to 12 months.
  • Backups: encrypted backups roll off on their normal schedule (typically within 30 to 90 days) after deletion from the live system.

Where retention is required for legal, regulatory, dispute-resolution or fraud-prevention reasons, we may keep data longer than the periods above.

10. Security

We maintain administrative, technical and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include: encryption of data in transit (TLS) and of sensitive data at rest; encryption of OAuth tokens; password hashing with a modern algorithm; role-based access controls and least-privilege provisioning; audit logging; multi-factor authentication for staff access to production systems; vendor security reviews and contractual data-protection commitments; and incident-response procedures. No system is fully secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you and receive a copy in a portable format;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data, subject to retention obligations;
  • object to or restrict certain processing, including direct marketing;
  • withdraw consent where processing is based on consent (without affecting the lawfulness of processing already carried out);
  • lodge a complaint with your supervisory authority. In Poland this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa.

Most account changes can be made by signing in to your account and editing your profile, billing or workspace settings, or by disconnecting a platform from the integrations page. To exercise rights that cannot be handled in-product, email lukasz@postsider.com. We will respond within the timeframe required by applicable law (typically 30 days, extendable for complex requests). We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the “California Privacy Laws”) gives you the rights summarised in Section 11, including the right to know what categories of personal information we collect about you and the purposes for which we use them (described in Sections 3 and 4), the right to delete, the right to correct, the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights. PostSider does not sell personal information and does not share it for cross-context behavioural advertising. To exercise your California rights, email lukasz@postsider.com.

13. Polish & EEA Residents

Lumi Zone Łukasz Blania processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the Polish Personal Data Protection Act (ustawa o ochronie danych osobowych). If you are located in the European Economic Area, you may exercise the rights set out in Section 11 and lodge a complaint with the Polish President of the Personal Data Protection Office (UODO) or with the supervisory authority in your country of residence. Requests should be sent to lukasz@postsider.com.

14. Children

The Service and the Site are intended for business use and are not directed to children. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe a child has provided us with personal data, please contact us at lukasz@postsider.com and we will delete it.

15. Marketing & Cookies Choices

You can unsubscribe from marketing emails at any time using the unsubscribe link in any such email. Unsubscribing from marketing does not stop transactional and account-related emails, which are necessary while your account is active. As described in Section 3.7, the Site uses strictly necessary cookies by default and, only with your consent, privacy-friendly analytics (Umami) and the Meta (Facebook) Pixel for advertising. You can manage or withdraw that consent at any time through the consent banner (reopen it via the Cookie settings link in the footer) or via your browser settings.

16. Third-Party Sites and Services

The Site and the Service link to and integrate with third-party services. Their handling of your data is governed by their own privacy policies, not this one. We encourage you to review the privacy policy of any platform you connect to PostSider, including the Google Privacy Policy at https://policies.google.com/privacy for YouTube integrations.

17. Changes to this Policy

We may update this Privacy Policy from time to time. If a change is material we will provide reasonable notice (for example by email or in-product notice) before it takes effect. The date the Policy was last updated is shown at the top of this page; we encourage you to review it periodically.

18. Contact Us

For privacy questions, requests, or complaints, email lukasz@postsider.com, or write to us at:

Lumi Zone Łukasz Blania
ul. Zabrska 15, 40-083 Katowice, Poland
NIP: 1990132289

Run your social media
on autopilot.

Start free in minutes. Publish it yourself, or let your AI agent take the wheel.

30+ networks · MCP, REST and SDK · No credit card

Private beta Whitelist members get 50% off all plans. Join the list before we open the doors.