Privacy Policy for MyPostiz

Last updated: June 4, 2026

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

2. What is MyPostiz?

MyPostiz is a self-hosted instance of Postiz, an open-source social media management and scheduling platform. It is hosted on infrastructure provided by Hostinger and is operated by NorthByte Studio for internal and authorized use. MyPostiz allows connected users to schedule, draft, and publish content across linked social media accounts.

3. Data We Collect

To provide the service, MyPostiz collects and processes the following data:

• Account data: Email address and display name used during login or registration.
• Social media OAuth tokens: Access and refresh tokens for connected social media platforms (e.g. Instagram, X/Twitter, LinkedIn, TikTok). These are stored securely and used exclusively to publish content on your behalf.
• Post content: Text, images, and videos you create or schedule within the platform.
• Usage data: Standard server logs including IP addresses, timestamps, and request metadata, generated automatically by the hosting infrastructure.

4. Purpose of Processing

Data is processed exclusively for the following purposes:

• Authenticating users and maintaining sessions
• Scheduling and publishing posts to connected social media accounts
• Storing drafts and post history for the authenticated user
• Ensuring the security and stability of the service

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

5. Hosting & Infrastructure

MyPostiz is hosted on servers provided by Hostinger International Ltd.. All data is stored and processed on these servers. Hostinger acts as a data processor under our instructions and is contractually bound to handle data in compliance with GDPR. For more information, see Hostinger's Privacy Policy.

6. Third-Party Social Media Platforms

When you connect a social media account, MyPostiz communicates with that platform's API using OAuth 2.0. We store only the tokens required for authenticated API access. We do not read, store, or share any data from your social media accounts beyond what is strictly necessary to fulfill a scheduled or manual post action you have initiated.

Each connected platform has its own privacy policy that governs how your data is handled on their end.

7. Data Retention

Your data is retained for as long as your account exists or as long as it is necessary to provide the service. Post history and drafts are kept until you delete them. OAuth tokens are removed when you disconnect a social media account. Server logs are retained for a maximum of 30 days.

8. Your Rights (GDPR)

As a data subject under GDPR, you have the following rights:

• Right of access: You can request a copy of the data we hold about you.
• Right to rectification: You can request correction of inaccurate data.
• Right to erasure: You can request deletion of your data ("right to be forgotten").
• Right to restriction: You can request that we limit how we process your data.
• Right to data portability: You can request your data in a machine-readable format.
• Right to object: You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at LeonardoGranetto@gmail.com.

9. Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or misuse. OAuth tokens are stored in encrypted form. Access to the server and database is restricted to authorized personnel only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with an updated date. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact

For any questions or requests regarding this Privacy Policy, please contact:
LeonardoGranetto@gmail.com