Privacy Policy

Effective date: March 20, 2026

This Privacy Policy describes how Posthook, Inc. ("Posthook," "we," "us," or "our") collects, uses, and shares information when you use our websites, applications, APIs, and related services (the "Services"). If you do not agree with this Policy, do not use the Services.

1. Roles

We are the controller for personal information collected for our own business purposes (for example, marketing, billing, and support). We act as a processor for Customer Data you submit to the Services. See the Data Processing Addendum (DPA) for details.

2. Information We Collect

A. Information you provide

  • Account information: name, email address, password, and profile details.
  • Billing information: payment method details handled by Stripe; we receive limited payment metadata.
  • Support communications: messages and attachments you send to us.
  • Notification settings: email addresses, Slack webhook URLs, and other notification configuration you provide.

B. Identifiers we generate

  • API credentials: API keys, signing keys, and other identifiers associated with your Account.

C. Information collected automatically

  • Usage data: pages visited, features used, timestamps, and device/browser information.
  • Logs and analytics: operational and performance metrics, including IP addresses and request metadata where applicable.
  • Product analytics and diagnostics: in-app interaction and usage data (such as clicks, navigation events, feature usage, and error context) to operate, improve, and secure the Services. Depending on your location and the type of analytics, we may provide controls and, where required by law, obtain consent.
  • Cookies and similar technologies (see Cookie Policy).

D. Customer Data

Customer Data includes webhook payloads, endpoint URLs, headers, and scheduling metadata you submit to the Services. This may include personal data about your end users. Avoid submitting personal data in webhook payloads where possible (use identifiers or pseudonymous references). Only include personal data when strictly necessary. Do not submit Sensitive Personal Information.

For this Policy, "Sensitive Personal Information" includes government-issued identifiers, financial account or payment data, precise geolocation, biometric identifiers, health/medical information, and data revealing racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or union membership.

3. How We Use Information

We use information to:

  • Provide and operate the Services.
  • Process payments and manage subscriptions.
  • Authenticate users and secure Accounts.
  • Provide support and respond to inquiries.
  • Monitor, analyze, and improve the Services.
  • Send product updates and marketing communications (you can opt out).
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (EEA/UK)

If you are in the EEA or UK, our legal bases include:

  • Contract: to provide the Services.
  • Legitimate interests: to secure and improve the Services, prevent abuse, and communicate about product updates.
  • Consent: for marketing emails and certain cookies where required.
  • Legal obligations.

5. Sharing of Information

We may share information with:

  • Service providers (for example, payments, cloud hosting, analytics, chat support, status monitoring, and email delivery).
  • Professional advisors (legal, accounting).
  • Authorities when required by law.
  • A successor entity in a merger, acquisition, or asset sale.
  • Third-party services you configure (for example, Slack webhooks) receive delivery status information and related metadata as directed by your settings.

We do not sell personal information.

Our current subprocessors that may process Customer Data are listed in Annex B of our Data Processing Addendum (DPA).

6. International Transfers

We may transfer personal information to countries outside of your jurisdiction, including the United States. For EEA/UK transfers, we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA) as incorporated by reference in our DPA.

7. Data Retention

  • Webhook payloads and scheduling metadata: retained as needed to deliver webhooks and provide the Services. Payloads and related records may be stored until the webhook reaches a terminal state (delivered, failed permanently, or cancelled).
  • Delivery logs and analytics: retained for a limited period after terminal state for visibility, debugging, and support. Retention may vary by plan and settings (for example, as described in an Order or shown in your dashboard). We may delete or redact payload content separately from metadata.
  • Account data: retained while your Account is active and for a reasonable period after termination.

When you delete data via API or dashboard, we delete or anonymize it from active systems within a reasonable period, generally within 30 days after any applicable grace period. We may retain certain logs or records longer if your retention settings require it (for example, to show cancelled or failed status for debugging). Backups are overwritten on a rolling basis and are typically deleted within 90 days.

We may retain certain information longer as required by law, for security, or to resolve disputes.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, or export your personal information, and to object or restrict certain processing.

To exercise these rights, contact legal@posthook.io. We may verify your identity.

9. Marketing Communications

We may send marketing emails. You can opt out at any time by clicking the unsubscribe link in our emails or contacting us. Transactional or service-related emails are not subject to opt-out.

10. Security

We use reasonable safeguards to protect information, but no system is 100% secure.

11. Children's Privacy

The Services are not directed to children under 16 (or the minimum age required by your jurisdiction), and we do not knowingly collect personal information from children. If you do not meet the eligibility requirements in our Terms of Service, do not use the Services.

12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will use reasonable efforts to provide notice. The effective date will be updated.

13. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise these rights, contact legal@posthook.io.

14. Contact

Posthook, Inc.
169 Madison Ave STE 38542
New York, NY 10016
United States
Email: legal@posthook.io