Privacy Policy

Effective Date: May 22, 2025

Last Updated: May 22, 2025

1. Introduction

Welcome to PostPulse. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how DAO Education and Technologies FZE-LLC ("we," "our," "us") — a company registered under License No. 40292 in Ajman Free Zone, United Arab Emirates — collects, uses, and protects your information.

2. Information We Collect

Account Information: Your email address when you log in via magic link. For security purposes, magic link tokens are stored in our database with a 5-minute expiration period and are generated anew with each magic link request.

Social Media Data: Metadata from connected social media accounts (via OAuth 2.0 PKCE) such as account ID, name, profile picture, and permissions needed to schedule posts. For Telegram, we implement a Telegram login flow with OTP verification, and only users who have added our bot to their channel can schedule posts through that bot.

Access Tokens: We store access and refresh tokens for your connected social media accounts in our database using encryption to ensure their security.

Scheduled Content: Text and media you upload for scheduled posts.

Media Storage: Images you upload or generate are stored in our private S3 file storage. In specific cases, such as with the Threads API, we may temporarily move files to a public bucket with a 1-day time-to-live (TTL) to facilitate media sharing.

AI-Generated Content: When you use our AI features, we send your prompts to OpenAI's servers. Additionally, when using AI Assistant functions, we may share details of your enrolled social media accounts (specifically username and display name) with OpenAI to provide contextual assistance.

Payment Information: Collected and processed securely via Stripe. We do not store payment details on our servers.

Usage Data: Analytics such as feature usage, device/browser type, and IP address.

3. How We Use Your Data

  • To authenticate your login via magic link.
  • To manage connected social media accounts.
  • To schedule and publish content on your behalf.
  • To provide AI-assisted content generation and image creation.
  • To provide customer support and service updates.
  • To manage subscriptions and payments.
  • To improve our platform and personalize your experience.

4. Data Sharing

We do not sell your data. We share limited data with:

  • Stripe for payment processing.
  • Social media platforms for publishing content via authorized APIs.
  • OpenAI for AI-assisted content generation and image creation.
  • Analytics services for product improvement.

5. Data Storage and Location

Our database is located in Germany (Frankfurt). By using our service, you consent to the transfer of your data to this location, which may have different data protection laws than your country of residence. We implement appropriate safeguards to protect your information regardless of where it is processed or stored.

6. Data Retention

We retain your data as long as your account is active or as needed to provide you services. You can delete your account at any time, which will permanently remove all your data including connected accounts, scheduled posts, posting history, and media files. For more information on how to delete your data, please visit our Data Deletion page.

When you disconnect a social media account from PostPulse, we permanently delete all associated scheduled posts, posting history, and account data.

7. Your Rights

You have the right to:

  • Access and correct your data.
  • Request deletion of your data (see our Data Deletion page).
  • Withdraw consent for processing (e.g., disconnect social media accounts).
  • Opt out of AI-assisted features that share data with OpenAI.

8. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of sensitive data such as access and refresh tokens.
  • Short-lived authentication tokens (5-minute expiration) for magic links.
  • Secure storage of media files in private S3 buckets.
  • Regular security audits and updates.

9. Contact

For any privacy-related inquiries, contact us at:

DAO Education and Technologies FZE-LLC

License No.: 40292

Ajman Free Zone C1 Building, Ajman Free Zone, Ajman, United Arab Emirates

Premises Number: B.C. 1305067

Email: [email protected]

10. GDPR Compliance (For Users in the European Union)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). These include the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to our processing or request data portability.
  • Withdraw consent at any time where consent was previously given.

We process your personal data based on the following lawful bases:

  • Your consent
  • The performance of a contract (e.g., to deliver scheduled posting services)
  • Our legal obligations
  • Legitimate interests (e.g., fraud prevention, service improvements)

Please note that your data is stored in Germany (Frankfurt), which is part of the EEA. By using our service, you consent to this transfer. We implement appropriate safeguards to ensure your data receives protection consistent with GDPR requirements.

To exercise your rights, contact us at [email protected]. We respond to all requests within 30 days.

11. CCPA Compliance (For California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to:

  • Know what personal data we collect and how it is used.
  • Request access to or deletion of your personal data.
  • Opt out of the sale of personal data (we do not sell your data).

To submit a request, email us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

We do not discriminate against users for exercising their rights under the CCPA.