Privacy Policy
Last updated: April 8, 2026
PostBolt respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and disclose information about you when you visit our website, create an account, or use the PostBolt service for cross-platform social media publishing (the "Service").
Sole Proprietor (FOP) Kharchenko Yaroslav Oleksandrovych ("PostBolt", "we", "us", "our"), registered at Komunalna St 16, Hlukhiv, Sumy Oblast, 41400, Ukraine, is the data controller for personal data we process about our customers and website visitors.
For personal data contained in content that you publish to third-party social networks through the Service, we act as a data processor on your behalf — see our Data Processing Agreement.
Information You Provide
- Account information: name, email, hashed password, time zone, language, billing address, and tax identification where required.
- Billing information: processed by our payment provider (e.g., Stripe). We store only a tokenised reference and the last four digits of your card.
- Connected social accounts: when you connect Instagram, Facebook, YouTube, LinkedIn, X/Twitter, TikTok, Threads, Pinterest, Bluesky, Mastodon, or similar, we receive OAuth access and refresh tokens, the account/page ID, display name, and scopes granted. We do not receive your social-network password.
- Content you upload: posts, captions, hashtags, schedules, images, videos, alt text, metadata, drafts, and templates.
- Support communications: messages you send through email, contact forms, or support chat, including attachments.
Information Collected Automatically
- Usage data: pages viewed, features used, publishing outcomes, errors, click events, referrers, and session duration.
- Device and connection data: IP address, browser type, operating system, device type, screen size, and language preference.
- Cookies and similar technologies: see our Cookie Policy.
Information from Third Parties
- Social platform metadata: post IDs, permalinks, publishing status, error codes, and high-level analytics returned by the platforms you publish to.
- Payment provider: Stripe sends us subscription status, invoices, refunds, and fraud signals.
- Authentication providers: if you sign in with Google, Apple, or another OAuth provider, we receive your email, name, and provider user ID.
We process personal data under the following GDPR Art. 6 legal bases:
- Performance of a contract: providing the Service (account, scheduling, publishing, analytics, billing), and customer support.
- Legitimate interests: security, fraud and abuse prevention, audit logs, product analytics, and debugging.
- Consent / legitimate interests: marketing emails about new features (unsubscribe at any time), depending on jurisdiction.
- Legal obligation: tax, accounting, and lawful requests.
Important: we do not sell your personal data. We do not use the content you publish to train machine-learning models. We do not read your content for advertising purposes.
We share personal data only with the following categories of recipients:
- Social platforms you connect. When you publish a post, we transmit the content and scheduling parameters to the platform you selected.
- Subprocessors and infrastructure providers. Cloud hosting, databases, object storage, email delivery, error monitoring, analytics, support tooling — listed in Schedule 2 of our DPA.
- Payment processor. Stripe (or equivalent) for billing and tax calculation.
- Professional advisers. Lawyers, accountants, auditors, and insurers under confidentiality obligations.
- Authorities. Where required by law, court order, or to protect our rights, safety, or property.
- Successors. In a merger, acquisition, or asset sale, personal data may transfer to the successor entity.
We do not sell your personal information to third parties.
We are based in Ukraine and use infrastructure providers located in the European Union and the United States. Where personal data is transferred outside its country of origin, we rely on:
- the European Commission's Standard Contractual Clauses (SCCs) and the UK Addendum,
- adequacy decisions where applicable,
- supplementary technical measures (encryption in transit and at rest).
You can request a copy of the safeguards by emailing support@postbolt.org.
We retain personal data only as long as necessary:
- Account record: lifetime of your account plus 30 days.
- Drafts and scheduled posts: until you delete them or close the account.
- Connected social-account tokens: until you disconnect or close PostBolt.
- Billing records and invoices: 7 years (Ukrainian tax law).
- Server and security logs: up to 12 months.
- Backups: up to 35 days from creation.
When you delete your account, we permanently delete or irreversibly anonymise your personal data within 30 days, except where retention is required by law.
Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, Ukrainian Law on Personal Data Protection, and similar regimes), you have the right to access, rectify, erase, restrict, object, port your data, and withdraw consent. You may also lodge a complaint with your local supervisory authority.
To exercise these rights, email support@postbolt.org. We respond within 30 days and may need to verify your identity.
California residents have additional rights — see Do Not Sell or Share My Personal Information.
We implement administrative, technical, and physical safeguards including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, audit logging, and regular backups. See Security & Compliance for details.
If we become aware of a personal-data breach affecting your information, we will notify you and the relevant supervisory authority within 72 hours where required by law.
PostBolt is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact support@postbolt.org and we will delete it.
Once your content is published to a third-party platform, that platform's terms and privacy policies govern how the content and any resulting interactions are processed. We recommend reviewing the privacy policies of every platform you connect.
We may update this Privacy Policy from time to time. We will post the revised version on this page, update the "Last updated" date, and for material changes notify you by email or in-app notice at least 14 days before they take effect.
- Controller: Sole Proprietor (FOP) Kharchenko Yaroslav Oleksandrovych
- Address: Komunalna St 16, Hlukhiv, Sumy Oblast, 41400, Ukraine
- Privacy contact: support@postbolt.org
- General support: support@postbolt.org