Postiv.io
Postiv.io

GDPR Information

Understanding your data protection rights under the General Data Protection Regulation

Last updated: January 2026

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the organization is located.

At Postiv.io, we are committed to protecting your privacy and ensuring that your personal data is handled in accordance with GDPR requirements. This page explains your rights under GDPR and how we fulfill our obligations as a data controller.

2. Your Rights Under GDPR

GDPR grants you several important rights regarding your personal data. We are committed to honoring all of these rights:

2.1 Right to Access (Article 15)

You have the right to request a copy of all personal data we hold about you. This includes:

  • Account information (email, name, profile data)
  • Usage data and activity logs
  • Social media connection data
  • Billing and subscription information
  • Any communications you've had with us

We will provide this information free of charge within 30 days of your request. For complex requests, we may extend this period by up to 60 days with prior notice.

2.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update most of your information directly in your account settings. For other corrections, contact us and we will make the necessary changes promptly.

2.3 Right to Erasure / Right to Be Forgotten (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including:

  • When the data is no longer necessary for its original purpose
  • When you withdraw consent (if consent was the legal basis)
  • When you object to processing and there are no overriding legitimate grounds
  • When the data was unlawfully processed

When you delete your account, we will remove your personal data within 30 days, except where we are legally required to retain certain information (e.g., for tax or fraud prevention purposes).

2.4 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV). You can also request that we transmit this data directly to another service provider where technically feasible.

This includes your account data, scheduled posts, media uploads, and analytics data.

2.5 Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in certain situations:

  • While we verify the accuracy of contested data
  • When processing is unlawful but you prefer restriction over deletion
  • When we no longer need the data but you need it for legal claims
  • While we consider your objection to processing

2.6 Right to Object (Article 21)

You have the right to object to processing of your personal data in certain circumstances, particularly when we process data based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop immediately.

2.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. Currently, Postiv.io does not make any automated decisions that would fall under this category. Our AI features assist with content creation but all publishing decisions are made by you.

3. Legal Bases for Processing

Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following bases:

3.1 Contract Performance (Article 6(1)(b))

We process data necessary to provide our services to you, including:

  • Account creation and management
  • Social media account connections and posting
  • Analytics and reporting
  • Billing and subscription management
  • Customer support

3.2 Legitimate Interests (Article 6(1)(f))

We process some data based on our legitimate business interests, balanced against your rights:

  • Improving and developing our services
  • Preventing fraud and abuse
  • Ensuring network and information security
  • Business analytics (using aggregated, anonymized data)

3.3 Consent (Article 6(1)(a))

For certain activities, we ask for your explicit consent:

  • Marketing communications
  • Analytics cookies (non-essential)
  • Participation in surveys or research

You can withdraw consent at any time through your account settings or by contacting us.

3.4 Legal Obligations (Article 6(1)(c))

We may process data to comply with legal requirements, such as:

  • Tax and accounting obligations
  • Responding to valid legal requests from authorities
  • Fraud prevention requirements

4. International Data Transfers

Postiv.io is based in the United States. When you use our services from the EU/EEA, your personal data is transferred to and processed in the United States.

We ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses (SCCs): We use EU-approved contractual clauses with our sub-processors to ensure equivalent protection for your data.
  • Data Processing Agreements: We maintain agreements with all third-party processors that include GDPR-compliant terms.
  • Security Measures: We implement robust technical and organizational measures to protect data regardless of where it is processed.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Scheduled posts and media: Retained until you delete them or close your account
  • Analytics data: Aggregated data retained for up to 2 years
  • Billing records: Retained for 7 years as required by tax law
  • Support communications: Retained for 3 years after resolution
  • Server logs: Retained for 90 days for security purposes

6. Data Processing Agreement

For business customers who need a formal Data Processing Agreement (DPA) that meets GDPR requirements, please contact us at [email protected]. Our DPA includes:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data and categories of data subjects
  • Obligations and rights of the controller
  • Sub-processor information and approval process
  • Security measures and audit rights

7. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

  • Use your account settings: Many actions like updating your information or downloading your data can be done directly in your account.
  • Email us: Send your request to [email protected]

When making a request, please include:

  • Your name and email address associated with your account
  • A clear description of what right you wish to exercise
  • Any specific details that help us locate the relevant data

We will verify your identity before processing your request and respond within 30 days.

8. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority. You can contact:

  • The data protection authority in your EU/EEA country of residence
  • The data protection authority where you believe the infringement occurred

A list of EU data protection authorities is available at: European Data Protection Board - Members

9. Contact Us

For any GDPR-related questions or requests:

We aim to respond to all inquiries within 48 hours and to resolve data subject requests within 30 days.

Explore More Resources

Continue with key product, support, and trust pages to get the most from Postiv.

Features Pricing Help Center Blog Contact