Privacy Policy

Last updated: February 10, 2026

PostBrain ("we", "us", or "our") operates the PostBrain website and the PostBrain application. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

The data controller responsible for your personal data is Martin Hughes, trading as PostBrain, contactable at privacy@postbrain.app.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. We use Clerk as our authentication provider, and your credentials are managed securely through their platform.

Brand and Content Data

To provide our service, we collect brand information you provide (such as brand name, website URLs, brand voice preferences, and visual identity), content you create or approve through the platform, and campaign configurations.

Social Media Connections

When you connect social media accounts (such as Twitter, LinkedIn, Facebook, Instagram, or TikTok), we store OAuth tokens that allow us to publish content on your behalf. These tokens are encrypted at rest using AWS Key Management Service (KMS). We only request the permissions necessary to publish and manage content.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe may collect payment information in accordance with their own privacy policy.

Usage Data

We collect information about how you use our service, including pages visited, features used, and actions taken. This helps us improve the product and diagnose issues.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our service, including generating content that matches your brand voice
  • Publish approved content to your connected social media accounts
  • Process payments and manage your subscription
  • Send transactional communications about your account and service
  • Improve and develop new features based on usage patterns
  • Detect, prevent, and address technical issues and security threats

3. Legal Basis for Processing (GDPR)

If you are located in the United Kingdom or the European Economic Area, we process your personal data under the UK GDPR and EU GDPR respectively. The legal bases we rely on are:

  • Contract performance — Processing necessary to provide the service you signed up for, including account management, content generation, and publishing to your connected social media accounts
  • Legitimate interests — Processing for purposes such as improving our service, diagnosing technical issues, and ensuring platform security, where these interests are not overridden by your rights
  • Consent — Processing that requires your explicit opt-in, such as analytics cookies. You can withdraw consent at any time via the Cookie Settings link in our footer
  • Legal obligation — Processing necessary to comply with applicable laws, such as responding to lawful requests from authorities

4. AI and Content Generation

PostBrain uses third-party AI providers (including Anthropic and OpenAI) to generate content suggestions. When generating content, we send your brand information and campaign details to these providers. We do not use your data to train AI models. The AI providers process data in accordance with their respective privacy policies and data processing agreements.

AI-generated content may contain inaccuracies, errors, or unsuitable material. All AI-generated content is presented to you for review and approval before publication. We do not publish content automatically without your explicit approval.

5. Data Sharing and Third Parties

We do not sell your personal information. We share data with third parties only as necessary to provide the service:

  • Clerk — Authentication and user management
  • Stripe — Payment processing and subscription management
  • Anthropic and OpenAI — AI content generation
  • AWS — Cloud infrastructure, data storage, and encryption
  • Social media platforms — Content publishing on your behalf
  • Neon — Database hosting
  • Resend — Transactional email delivery
  • Google Analytics — Website usage analytics (only with your consent)
  • Sentry — Error monitoring and performance tracking

We may also disclose information if required by law, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement industry-standard security measures to protect your data. Social media OAuth tokens are encrypted using AWS KMS. Data is transmitted over HTTPS and stored in encrypted databases. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes (such as resolving disputes or enforcing our agreements).

8. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States. Our third-party processors (including AWS, Clerk, Stripe, Anthropic, OpenAI, Neon, Resend, and Google) operate servers in various countries.

Where we transfer data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR. These include relying on the recipient country's adequacy decision where available, or ensuring our processors have entered into appropriate data transfer agreements incorporating the International Data Transfer Agreement (IDTA) or equivalent Standard Contractual Clauses approved by the ICO.

9. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@postbrain.app. We will respond to your request within one month as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

We use essential cookies for authentication and session management, and optional analytics cookies (with your consent) to understand how our service is used. We do not use advertising or marketing cookies. For full details, please see our Cookie Policy.

11. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on our website before the change takes effect. We will also update the "Last updated" date on this page. Where changes affect processing based on consent, we will seek fresh consent where required.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@postbrain.app.

We use cookies to improve your experience and analyse site usage. Learn more