Effective date: May 1, 2026
The Service is a personal internal tool. The only personal data processed is OAuth access tokens issued by social media platforms (TikTok, YouTube, Instagram, etc.) to allow the Service to publish content on the operator's behalf.
OAuth access tokens are used solely to authenticate API calls to the respective social media platforms in order to schedule and publish content. We do not analyze, sell, share, or transfer this data to any third parties.
All data, including OAuth tokens and scheduled posts, is stored locally on the operator's infrastructure (self-hosted Postiz instance with PostgreSQL database). No data is sent to external analytics or marketing services.
We do not share, sell, or transfer your data to any third party. The Service communicates only with the official APIs of the social media platforms you have explicitly connected.
You may revoke OAuth authorization at any time via the social media platform's settings. Revoking authorization will immediately stop the Service from accessing your account.
The Service uses only essential session cookies for authentication. No advertising or analytics cookies are deployed.
If you connect a TikTok account, the Service may use the following scopes: user.info.basic, user.info.profile, user.info.stats, video.upload, video.publish, video.list. This data is used solely to facilitate content publishing on your behalf and is not retained beyond what is necessary to fulfill that operation.
OAuth tokens are stored encrypted in a local PostgreSQL database with restricted access. The application runs in a Docker container behind authenticated access.
This policy may be updated. Material changes will be reflected with an updated effective date.
Questions: kubamakarai@gmail.com