Effective Date: May 16th, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between Postly Technologies, Inc. ("Postly," "we," "us," or "our") and each customer or organization using Postly's services ("Customer," "you," or "your").
This DPA describes how Postly processes personal data on behalf of Customers when providing the Postly platform, including social media scheduling, publishing, analytics, content management, integrations, and related services.
Customer Data means data, content, files, posts, media, account information, analytics, credentials, configuration data, and other information submitted to or processed by Postly on behalf of a Customer.
Personal Data means information relating to an identified or identifiable natural person.
Controller, Processor, Data Subject, Processing, and Subprocessor have the meanings given to them under applicable data protection laws, including the GDPR where applicable.
For Customer Data processed through the Postly services, Customer is generally the Controller or Business, and Postly acts as the Processor or Service Provider.
Customer is responsible for determining the purposes and lawful basis for processing Customer Data. Postly processes Customer Data only to provide, secure, maintain, support, and improve the services, or as otherwise instructed by Customer.
Postly processes Customer Data to provide social media and email publishing workflows, including account connection, workspace management, content creation, scheduling, publishing, analytics, campaign management, media uploads, support, security, and service administration.
The categories of data processed may include names, email addresses, organization and workspace metadata, social account metadata, post content, media files, scheduling data, publishing activity, analytics data, labels, platform-specific settings, API tokens, and related technical logs.
Postly will process Customer Data only in accordance with Customer's documented instructions, including instructions provided through use of the services, account settings, connected integrations, support requests, and the applicable agreement.
If Postly believes an instruction violates applicable data protection law, Postly may notify Customer and suspend the relevant processing until the issue is resolved.
Postly will ensure that personnel authorized to process Customer Data are subject to appropriate confidentiality obligations and only access Customer Data as necessary to provide and support the services.
Postly implements reasonable technical and organizational measures designed to protect Customer Data against unauthorized access, disclosure, alteration, destruction, or loss.
Customer authorizes Postly to engage subprocessors to provide hosting, infrastructure, analytics, support, payment, email, storage, communications, and integration services necessary to operate Postly.
Postly remains responsible for its subprocessors' processing of Customer Data to the extent required by applicable law and will use subprocessors under appropriate contractual obligations.
Postly connects with third-party social media platforms, email providers, newsletter services, analytics providers, and related publishing destinations selected by Customer.
Customer is responsible for reviewing and complying with the terms, privacy policies, permissions, and data practices of each third-party service connected to Postly.
Customer Data may be processed in countries where Postly, its affiliates, service providers, or subprocessors operate. Where required by applicable law, Postly will use appropriate safeguards for international transfers of personal data.
To the extent Customer cannot independently access, correct, export, or delete Customer Data through the services, Postly will provide reasonable assistance with data subject requests as required by applicable data protection law.
Customers can contact Postly support for assistance with access, deletion, correction, portability, or restriction requests.
Upon termination of the services or upon Customer's request, Postly will delete or return Customer Data in accordance with the applicable agreement, product functionality, legal obligations, and backup retention practices.
Postly may retain limited information where required for legal, security, fraud prevention, accounting, dispute resolution, or compliance purposes.
If Postly becomes aware of a confirmed security incident involving Customer Data, Postly will notify affected Customers without undue delay where required by applicable law.
Postly will take reasonable steps to investigate, mitigate, and remediate confirmed security incidents.
Postly will make reasonable information available to demonstrate compliance with this DPA. Audits, where required by applicable law, must be reasonable, limited in scope, and conducted in a manner that protects the security and confidentiality of Postly systems and other customers' data.
Postly may update this DPA from time to time to reflect changes in law, product functionality, security practices, subprocessors, or business operations. The updated version will be posted on this page with a revised effective date.
For privacy, security, or data processing questions, contact Postly.
Email: mailto:support@postly.ai