Privacy Policy

Last updated: 10/16/2025

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Overview

How we handle your personal information

Postune ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our career-aware content publishing assistant service.

By using Postune, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our service.

You Are In Complete Control

Understanding your control over content

Postune is a content drafting tool that helps you create LinkedIn posts. Here's what this means for you:

What Postune Does

  • • Drafts LinkedIn post content based on articles and your input
  • • Stores drafts in your private account
  • • Allows you to review, edit, and regenerate content unlimited times
  • • Provides a "Copy" button to copy content to your clipboard
  • • Provides a "Share on LinkedIn" button that opens LinkedIn for you to post

What Postune Does NOT Do

  • • Automatically post content to LinkedIn or any social media on your behalf
  • • Access your LinkedIn account or credentials
  • • Publish content without your explicit action
  • • Monitor or track what you do with generated content after copying

Your Responsibility

When you use Postune, you acknowledge that:

  1. You Control Publication: You decide whether, when, and where to publish content
  2. You Review Content: You are responsible for reviewing and fact-checking all AI-generated content before publishing
  3. You Can Edit: You can regenerate, manually edit, or completely rewrite any drafted content
  4. You Own Your Actions: You are solely responsible for content you publish on LinkedIn or any other platform
  5. No Liability Transfer: Postune is not liable for content you choose to publish based on AI-generated drafts

How Publishing Works

  1. Postune generates a draft post for you
  2. You review the draft in your account
  3. If you like it: Click "Copy" or "Share on LinkedIn"
  4. If you don't like it: Click "Regenerate" for a new version or manually edit
  5. You paste the content into LinkedIn (or any platform) yourself, OR
  6. You click "Share on LinkedIn" which opens LinkedIn where you manually post
  7. You are in full control at every step

Information We Collect

Types of data we gather from you

Personal Information

  • Email address (for account creation and authentication)
  • Name (optional, for personalization)
  • Career information (current role, target role, skills, timeline)
  • Content preferences and writing style

Usage Information

  • Articles and URLs you submit for processing
  • Generated content and drafts
  • User notes and insights
  • Content themes and calendar preferences
  • Interaction patterns and feature usage

Technical Information

  • IP address and device information
  • Browser type and version
  • Operating system
  • Usage analytics and performance data (if you consent)

How Content Processing Works

Understanding our content processing flow

Here's exactly how we process article URLs and generate content:

Step 1: URL Submission

  • • You provide a publicly accessible article URL
  • We do NOT access your browser cookies or login sessions
  • We cannot access paywalled or login-required content

Step 2: Content Fetching (Our Servers)

  • • Our servers independently fetch the URL (anonymous request)
  • • We extract: title, description, site name, image, article text
  • We store: metadata only (title, URL, description - not full article)
  • We do NOT store: full HTML or raw article text

Step 3: AI Summarization (Our Servers)

  • • We generate a concise summary (5-8 sentences) from extracted content
  • • This summary is temporarily created for processing
  • • This helps reduce costs and improves AI response quality

Step 4: AI Post Generation (AI Provider)

  • • We send to our AI provider:
  • - Article summary (our generated summary, not full article)
  • - Article title and URL (as text reference for the post)
  • - Your notes and insights (if you provided any)
  • - Your career context (role, industry, target skills)
  • We do NOT send:
  • - Your email or personal identifiers
  • - Full article text
  • - Your IP address or device information

Step 5: Draft Storage (Your Account)

  • • AI provider returns a drafted LinkedIn post
  • • We store the draft in your private account
  • • You can view, edit, regenerate, or delete anytime
  • Only you can access your drafts

Step 6: Your Decision (Your Control)

  • • You review the draft
  • • You can regenerate for a new version
  • • You can manually edit the content
  • • You decide whether to copy and publish it
  • We never publish on your behalf

How We Use Your Information

Purposes for which we process your data

Service Delivery

  • • Generate personalized content
  • • Create career-aligned themes
  • • Provide content calendar planning
  • • Send weekly nudge emails

Personalization

  • • Tailor content to your career goals
  • • Customize AI suggestions
  • • Improve user experience
  • • Remember your preferences

Communication

  • • Send service updates
  • • Provide customer support
  • • Share product improvements
  • • Send weekly content nudges

Improvement

  • • Analyze usage patterns
  • • Improve AI algorithms
  • • Enhance service features
  • • Ensure security and reliability

Legal Basis for Processing (GDPR)

Legal grounds for processing your data

For EU/EEA users, we process your personal data under the following legal bases:

PurposeLegal BasisYour Rights
Account Creation & AuthenticationContract Performance (GDPR Art. 6(1)(b))Access, correction, deletion
Content Generation & StorageContract Performance (GDPR Art. 6(1)(b))Access, portability, deletion
Email Communications (service-related)Contract Performance (GDPR Art. 6(1)(b))Access, objection
Email Communications (marketing)Consent (GDPR Art. 6(1)(a))Withdraw consent anytime
Analytics & ImprovementLegitimate Interest (GDPR Art. 6(1)(f))Object, restrict processing
Security & Fraud PreventionLegitimate Interest (GDPR Art. 6(1)(f))Object (if not essential)
Legal ComplianceLegal Obligation (GDPR Art. 6(1)(c))Limited rights

Right to Object

You can object to processing based on legitimate interest at any time by contacting privacy@postune.app. We will stop processing unless we have compelling legitimate grounds.

Data Security

How we protect your information

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

  • • End-to-end encryption for data transmission (TLS 1.3)
  • • Secure cloud infrastructure (Supabase)
  • • Regular security audits and updates
  • • Access controls and authentication
  • • Data encryption at rest (AES-256)

Operational Safeguards

  • • Limited access to personal data
  • • Employee training on data protection
  • • Incident response procedures
  • • Regular backup and recovery testing

Data Breach Notification

How we handle data breaches

Breach Response

In the unlikely event of a data breach affecting your personal information, we will:

  1. Notify You: Within 72 hours of discovering the breach (GDPR requirement)
  2. Provide Details: Nature of breach, data affected, potential consequences
  3. Mitigation Steps: Actions we're taking and recommendations for you
  4. Authority Notification: Report to relevant Data Protection Authorities

Prevention

We implement industry-standard security measures to prevent breaches:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication (MFA for admin access)
  • Incident response plan and procedures
  • Employee training on data protection

Contact

If you suspect a security issue or unauthorized access:

  • Email: security@postune.app
  • We will respond within 24 hours
  • We take all security reports seriously

Data Sharing and Disclosure

When and how we share your information

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

Our AI Provider

We currently use OpenAI as our AI service provider for content generation. This may change as technology evolves, but we will always:

  • Maintain equivalent or better privacy standards
  • Update this policy to reflect any changes
  • Notify users of significant changes

Third-Party Services

ServicePurposeData SharedData NOT SharedLocation
SupabaseDatabase & AuthenticationEmail, name, career info, drafts, article metadataPayment info, passwords (hashed only)EU (Frankfurt)
AI Provider (OpenAI)AI Content GenerationArticle summaries, titles, URLs (as text), user notes, career contextEmail, full articles, personal identifiers, IP addressesUSA
ResendTransactional EmailsEmail address, nameContent, career info, usage dataUSA
StripePayment ProcessingEmail, name, payment infoContent, career info, article dataUSA/EU
VercelHosting & AnalyticsIP address, device info, page views (if consent given)Personal data, contentUSA/EU

Additional Details

  • AI Provider Data Usage: Our AI provider may use data for API abuse monitoring but does NOT train models on your data (per provider API terms)
  • Provider Changes: We reserve the right to change AI providers to improve service quality, cost-effectiveness, or performance. Any changes will maintain equivalent or better privacy standards
  • Data Processing Agreements: We have Data Processing Agreements (DPAs) with all service providers
  • Standard Contractual Clauses: For international transfers (EU → USA), we use Standard Contractual Clauses (SCCs)
  • No Direct Social Media Access: We do NOT integrate with or send data to LinkedIn, Facebook, Twitter, or any social media platforms

Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, property, or safety, or that of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction.

What We DO and DON'T Do

Crystal clear about our practices

Crystal Clear: What We DO

  • • Process publicly accessible article content
  • • Store article metadata (title, URL, description)
  • • Generate AI summaries for content processing
  • • Send summarized content to our AI provider for post generation
  • • Store your generated drafts securely in your private account
  • • Encrypt data in transit (TLS 1.3) and at rest (AES-256)
  • • Respect your cookie preferences
  • • Delete your data upon account deletion
  • • Allow you to regenerate, edit, and control all content

Crystal Clear: What We DON'T Do

  • • Sell your personal information to third parties
  • • Access your browser cookies or login sessions
  • • Fetch paywalled or login-required content
  • • Send full article text to our AI provider
  • • Share your email or personal identifiers with our AI provider
  • • Post content on your behalf to LinkedIn or any social media
  • • Access your LinkedIn account or credentials
  • • Monitor what you do with content after copying it
  • • Use your data for advertising or marketing to third parties
  • • Train AI models on your content (per AI provider terms)
  • • Share data with social media platforms (you control publishing)

International Data Transfers

How we handle cross-border data transfers

Data Location

  • Primary Storage: EU (Frankfurt, Germany) via Supabase
  • AI Processing: USA (AI provider)
  • Email Delivery: USA (Resend)
  • Payment Processing: USA/EU (Stripe)
  • Hosting: USA/EU (Vercel)

Transfer Safeguards

If you are located in the EU/EEA, your data may be transferred to the United States for AI processing, email delivery, and payment processing. We protect these transfers using:

  1. Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring adequate data protection
  2. Data Processing Agreements (DPAs): Binding agreements with all US service providers
  3. Data Minimization: We only send necessary data (summaries, not full content)
  4. Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  5. Anonymization: We do not send personal identifiers to AI provider

Your Rights

You have the right to object to international data transfers. Contact privacy@postune.app to exercise this right.

Note: Objecting to international transfers may limit service functionality, as our AI provider is based in the USA.

Your Rights and Choices

How you can control your information

Access and Portability

You can request access to your personal information and receive a copy in a portable format (JSON).

Correction and Updates

You can update or correct your personal information through your account settings or by contacting us.

Deletion

You can request deletion of your account and associated personal information, subject to legal and operational requirements.

Communication Preferences

You can opt out of marketing communications and adjust your email preferences at any time.

Additional Rights for EU Users (GDPR)

  • Right to Access: Request a copy of your personal data (JSON format)
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Object: Object to processing based on legitimate interest
  • Right to Restrict Processing: Temporarily limit how we process your data
  • Right to Data Portability: Receive your data in machine-readable format (JSON)
  • Right to Lodge a Complaint: File complaint with your Data Protection Authority
  • Right to Withdraw Consent: For marketing emails (click unsubscribe anytime)

Additional Rights for California Users (CCPA)

  • Right to Know: Request details on data collection (past 12 months)
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of "sale" of personal information (we don't sell, but right exists)
  • Right to Non-Discrimination: We won't discriminate for exercising rights
  • Right to Correct: Request correction of inaccurate information

How to Exercise Your Rights

  1. Email privacy@postune.app with your request (specify which right you're exercising)
  2. We'll respond within 30 days (GDPR/CCPA requirement)
  3. We may request identity verification for security purposes
  4. No charge for first request per year
  5. For subsequent requests, we may charge a reasonable fee

Data Deletion

When you request account deletion:

  • We delete all personal data within 30 days
  • We may retain anonymized analytics for legal compliance (no personal identifiers)
  • We delete: email, name, career info, drafts, article metadata
  • Backups are purged within 90 days

Children's Privacy

Our policy regarding children

Age Requirement

Postune is intended for professional use and is not directed at children. You must be at least 16 years of age to use Postune.

Our Commitment

We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information:

  1. Contact privacy@postune.app immediately
  2. Provide your child's email address
  3. We will delete the information within 30 days
  4. We will notify you once deletion is complete

Data Retention

How long we keep your information

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account InformationUntil account deletion
Generated ContentUntil account deletion
Usage Analytics24 months
Support Communications3 years

AI-Generated Content Disclaimer

Important information about AI content

AI Content Generation Disclaimer

Postune uses AI technology (currently OpenAI) to generate LinkedIn post content. Important information:

AI Limitations

  • AI-generated content may contain factual errors, biases, or inaccuracies
  • AI cannot verify facts or check sources
  • AI may misinterpret article content or context
  • AI-generated content is a suggestion, not a verified fact

Your Responsibility

  • You are responsible for reviewing and editing all generated content before publishing
  • You must fact-check any claims, statistics, or statements before sharing publicly
  • You can regenerate content unlimited times if you're not satisfied
  • You can manually edit any part of the generated content
  • You decide whether to publish, modify, or discard generated content

No Liability

  • Postune is not liable for content you publish based on AI-generated drafts
  • You are solely responsible for any content you publish on LinkedIn or other platforms
  • We provide a tool; you control the final output and publication decision

Best Practices

  1. Always read generated content carefully
  2. Fact-check any statistics, claims, or quotes
  3. Ensure tone and messaging align with your personal brand
  4. Edit or regenerate if content doesn't meet your standards
  5. Never publish content you haven't personally reviewed

Data Used for AI

We send our AI provider:

  • Article summary (generated by us, 5-8 sentences)
  • Article title and URL (as text reference)
  • Your notes and insights (if provided)
  • Your career context (role, industry, target skills)

Data NOT Sent

  • Your email or personal identifiers
  • Full article text (only our summary)
  • IP address or device information

Cookies and Tracking

How we use cookies and similar technologies

We use cookies and similar technologies to provide essential functionality and optional analytics to improve our service.

Essential Cookies

These cookies are necessary for the website to function and cannot be switched off.

  • Authentication cookies (keep you signed in)
  • Session management cookies
  • Security cookies

Analytics Cookies

These cookies help us understand how you use our website to improve our service.

  • Anonymous usage statistics
  • Performance metrics
  • Error tracking

You can manage your cookie preferences anytime on our Cookie Policy page. Analytics cookies are optional and require your consent.

Contact Us

How to reach us about privacy matters

If you have any questions about this Privacy Policy or our data practices, please contact us:

Postune Privacy Team

Email: privacy@postune.app

Response time: Within 48 hours

We will respond to your privacy-related inquiries within 48 hours and work with you to resolve any concerns about your personal information.

Policy Updates

How we handle changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to your registered email address
  • Displaying a notice in our application

Your continued use of Postune after any changes to this Privacy Policy will constitute your acceptance of such changes.