Privacy Policy

Your data, your control.

We built Postalyst for creators who value their privacy. This policy explains exactly what we collect, why we collect it, and how you can control it — including data from LinkedIn and X.

Last updated: April 27, 2026
postalyst.com & app.postalyst.com
connect@postalyst.com
Table of Contents
DefinitionsData We CollectLinkedIn & X DataHow We Use Your DataData SharingData RetentionYour RightsSecurityChildren's PrivacyPolicy ChangesContact Us

This Privacy Policy describes how Postalyst ("we", "us", "our") collects, uses, and protects your information when you use our AI-powered LinkedIn and X growth platform. By using the Service, you agree to the practices described here.

01

Interpretation & Definitions

Words with capitalized initial letters have meanings defined below and apply equally in singular and plural forms.

TermDefinition
AccountA unique account created to access Postalyst or parts of it.
CompanyPostalyst, operated from Tamil Nadu, India.
ServiceThe Postalyst platform at postalyst.com and app.postalyst.com.
Personal DataAny information relating to an identified or identifiable individual.
Usage DataData collected automatically from your use of the Service.
Connected AccountA third-party platform (LinkedIn, X/Twitter) you authorize Postalyst to access via OAuth 2.0.
YouThe individual or legal entity accessing or using the Service.
02

Data We Collect

Personal Data

When you create an account or use our Service, we may collect:

  • Email address — for authentication and transactional communications
  • First and last name — to personalize your experience
  • Profile photo — pulled from your connected LinkedIn or X account
  • Professional headline — imported from LinkedIn to personalize AI content generation

Usage Data

Collected automatically when you use the Service, including IP address, browser type and version, pages visited, time and date of visits, time spent on pages, and device identifiers.

Tracking Technologies & Cookies

We use Session Cookies and Persistent Cookies for:

  • Essential Cookies — Required to authenticate you and keep the Service functional
  • Preference Cookies — Remember your settings and login details
  • Analytics Cookies — Help us understand how users interact with the platform (with your consent where required by law)
03

LinkedIn & X (Twitter) Data

Postalyst connects to LinkedIn and X on your behalf via OAuth 2.0. This is the most important section for platform users — here is exactly what we access, why, and how it is stored.

in
LinkedIn Data Access
Data / PermissionWhy We Access ItStored?
Name, photo, headline, profile URL profilePersonalize your dashboard and AI-generated contentCached briefly
Primary email address emailAuthentication and account managementYes, securely
Create/modify/delete posts on your behalf Schedule and publish content you create in PostalystToken only
1st-degree connection countDisplay network size in growth metricsAggregated
Retrieve org posts, comments, reactions & engagement Show analytics for content published on your LinkedIn PageAggregated
Create/modify/delete org posts, comments, reactions Schedule and publish content to your LinkedIn PageToken only
Org page reporting — followers, visitors, analytics Display audience growth and engagement analytics for your PageAggregated
Manage org pages & reporting Admin access to manage your connected LinkedIn Page settingsToken only
𝕏
X (Twitter) Data Access
Data / PermissionWhy We Access ItStored?
Name, username, profile photoPersonalize your Postalyst dashboardCached briefly
Publish tweets / threads on your behalfSchedule and publish content you create in PostalystToken only
Post engagement metrics (likes, reposts, impressions)Show post performance analytics in your dashboardAggregated
Follower countDisplay audience growth trendsAggregated

What We Never Do With Your Social Data

  • We never sell your LinkedIn or X data to any third party
  • We never use your data to train AI models without your explicit consent
  • We never access your social accounts beyond what you explicitly authorized via OAuth
  • We never store full post histories — only analytics for posts published through Postalyst
  • Revoking OAuth access in LinkedIn or X immediately stops all data access. You can also disconnect from your Postalyst account settings.
04

How We Use Your Data

  • Provide the Service — Power scheduling, publishing, analytics, and AI content generation
  • Account management — Authenticate you and maintain your account
  • AI personalization — Your profile data helps our AI generate content matching your tone and audience
  • Service communications — Send transactional emails (post published, connection issues, security alerts)
  • Product improvement — Analyze usage patterns using aggregated, non-identifiable data
  • Legal compliance — Meet obligations under applicable law

We do not use your data for advertising, third-party marketing, or profiling unrelated to the Service.

05

Data Sharing

We do not sell your personal data. We may share it only in these limited situations:

  • Infrastructure providers — Cloud hosting (Vercel, Neon Postgres) to operate the Service, bound by data processing agreements
  • Legal requirement — If required by law, court order, or government authority
  • Business transfers — In the event of a merger or acquisition, with prior notice to you
  • With your consent — For any other purpose, only with your explicit approval
06

Data Retention

Data CategoryRetention Period
Account informationDuration of account + up to 24 months after closure
LinkedIn / X OAuth tokensUntil you disconnect or revoke access
Post analytics dataDuration of account (deleted on account closure)
Usage / analytics dataUp to 24 months from collection
Support correspondenceUp to 24 months from ticket closure
Server logsUp to 24 months for security purposes

When retention periods expire, data is securely deleted or anonymized. Residual copies in encrypted backups are purged on our routine backup cycle.

07

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

👁
Access
Request a copy of the personal data we hold about you
✏️
Correction
Request correction of inaccurate or incomplete data
🗑️
Deletion
Request deletion of your personal data
🔌
Disconnect
Revoke LinkedIn or X access at any time from account settings
📦
Portability
Request your data in a portable, machine-readable format
🚫
Object
Object to processing of your data for certain purposes

To exercise any of these rights, email connect@postalyst.com. We will respond within 30 days.

08

Security

  • Encrypted storage — All data stored in encrypted databases (Neon Postgres with encryption at rest)
  • Token security — OAuth tokens for LinkedIn and X are stored in a dedicated, access-controlled table separate from general user data
  • HTTPS everywhere — All data in transit is encrypted via TLS
  • Minimal access — We request only the OAuth scopes necessary for Postalyst features

No method of internet transmission or electronic storage is 100% secure. While we strive to protect your data using commercially reasonable means, we cannot guarantee absolute security.

09

Children's Privacy

Postalyst is not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at connect@postalyst.com and we will promptly delete it.

10

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you by email or a prominent notice in the Service before changes take effect.

Questions about your privacy?

We're a solo-founder company and take every privacy inquiry personally.
Reach out directly — you'll hear back from the founder.

connect@postalyst.com