Postgram

Privacy Policy

Last updated: May 20, 2026

1. Who we are

Postgram ("Postgram", "we", "our", "us") operates the website usepostgram.com and the application app.usepostgram.com (the "Service"), an AI-powered social media automation platform for Instagram and Facebook. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have. By using the Service you agree to this Policy.

2. Information we collect

We collect the following categories of data:

  • Account data: name, email, password (hashed), language and currency preference, billing region.
  • Billing data: processed by Stripe; we store only invoice metadata, plan, subscription status and the last 4 digits of the card.
  • Social platform data (Instagram Graph API / Facebook Login): account username, profile picture, account ID, page ID, business account ID, list of media you have authorized us to read or publish, insights/metrics (reach, engagement, impressions) and tokens required to call the platform on your behalf.
  • Content you generate: prompts, captions, images, carousels and scheduling metadata stored in your workspace.
  • Usage data: log files, IP address, browser, device, pages visited, referrer, timestamps, error reports.
  • Cookies & local storage: session, language, currency and consent preferences.

3. How we use Instagram & Facebook data

When you connect an Instagram Business or Facebook Page, we use the Instagram Graph API and Facebook Login strictly to:

  • Identify and display your connected accounts.
  • Publish content (posts, carousels, stories) when you or our scheduler trigger a publish action.
  • Read media and insights so you can review performance inside your dashboard.
  • Refresh access tokens to keep the integration alive.

We do not sell Instagram or Facebook data, do not use it for advertising profiling, and do not share it with third parties other than the sub-processors strictly necessary to operate the Service (hosting, AI inference, payment processing). We comply with Meta's Platform Terms and Developer Policies.

4. Legal basis

We process personal data under the following legal bases (GDPR / LGPD): performance of contract (providing the Service), legitimate interest (security, fraud prevention, product improvement), consent (cookies, marketing email, social integrations), and legal obligations (tax, accounting).

5. Sub-processors

  • Cloud hosting and database providers (EU/US regions).
  • Stripe — payments and subscription management.
  • AI model providers — content generation. Inputs are sent for inference only and not used to train third-party models.
  • Meta Platforms — Instagram Graph API and Facebook Login.
  • Email delivery and customer support tools.

6. Data retention

We retain account, content and social platform data for as long as your account is active. When you delete a connected social account, the related tokens and cached media are deleted within 30 days. When you delete your Postgram account, all personal data is deleted or anonymized within 90 days, except where retention is required by law (e.g. invoices for up to 5 years).

7. Data deletion requests

You can disconnect an Instagram or Facebook account at any time from the Integrations area. You can request full deletion of your data by emailing privacy@usepostgram.com or from your account settings. Meta users can also revoke our access from Facebook → Settings → Apps and Websites. Upon receiving a deletion request we will respond within 30 days and confirm completion.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, port or restrict the processing of your personal data, and to object to processing based on legitimate interest. To exercise these rights, contact privacy@usepostgram.com.

9. Security

We protect personal data using encryption in transit (TLS 1.2+) and at rest, role-based access controls, row-level security policies, audit logs and regular dependency scans. No system is 100% secure; please use a strong unique password and enable 2FA where available.

10. International transfers

Personal data may be processed in the European Union, United States and Brazil. International transfers are protected by Standard Contractual Clauses or equivalent safeguards.

11. Children

The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us so we can delete it.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced inside the application or by email at least 15 days before they take effect.

13. Contact

Postgram — privacy@usepostgram.com · @postgram.ai