Privacy Policy

Postova ("we", "us", "our") is an independent LinkedIn content creation and strategy platform. We are not affiliated with, endorsed by, or sponsored by LinkedIn Corporation.

If you have questions about this policy, contact us at privacy@prosestudio.app.

We collect only what is necessary to provide the service:

• Account data: Your name, email address, and LinkedIn profile information (name, photo) when you sign in via LinkedIn OAuth or email magic link.
• Onboarding answers: Your professional background, LinkedIn goals, content topics, and career context — used solely to generate your personalised LinkedIn strategy.
• Resume text: If you upload a resume, we extract and store its text (up to 8,000 characters) to pre-fill your onboarding answers and inform your strategy. The original file is never stored after processing.
• Content you write: Draft posts, titles, and scheduled dates saved to your account.
• LinkedIn access token: If you sign in via LinkedIn OAuth, we store your OAuth access token to enable posting to LinkedIn on your behalf (when you explicitly request it). This token is stored encrypted.
• Usage data: Standard server logs (IP address, browser type, pages visited) for security and performance monitoring. We do not use these for advertising.

• To create and manage your Postova account
• To generate your personalised 90-day LinkedIn strategy using AI
• To save and sync your drafts, snippets, and scheduling calendar
• To post to LinkedIn on your behalf when you explicitly click "Post" (requires your permission)
• To improve the product (aggregated, anonymised analytics only)
• To send transactional emails (magic link, account notices) — no marketing emails without consent

We do not sell your data. We do not use your content to train AI models. We do not share your data with third parties for advertising.

We use the following sub-processors:

• Supabase — database and authentication (EU/US data centres)
• Anthropic — AI strategy generation (your profile data is sent to Claude; Anthropic does not train on API inputs)
• Vercel — hosting and serverless functions
• LinkedIn Corporation — OAuth sign-in and (optionally) post publishing
• NewsAPI — fetching trending news headlines for topic suggestions (only your topic keywords are sent, never personal data)

• Your account data is retained for as long as your account is active.
• Drafts and strategy data are retained indefinitely until you delete them or close your account.
• Resume text is retained to support your strategy; you can delete it at any time from your profile settings.
• LinkedIn access tokens are stored for the duration of the token's validity and refreshed as needed.
• On account deletion, all personal data is permanently deleted within 30 days.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Object to or restrict processing of your data
• Data portability (export your drafts and strategy)

To exercise any of these rights, email us at privacy@prosestudio.app. We respond within 30 days.

We use industry-standard security practices: HTTPS everywhere, encrypted storage for sensitive tokens via Supabase Vault, row-level security on all database tables (each user can only access their own data), and server-side-only access to API keys.

No method of transmission over the internet is 100% secure. If you discover a security issue, please report it responsibly to privacy@prosestudio.app.

We use only functional cookies required for authentication (Supabase session cookies). We do not use advertising, tracking, or analytics cookies. No third-party cookie consent banner is required.

Postova is not affiliated with LinkedIn Corporation. We use LinkedIn's OAuth API solely to authenticate you and, with your explicit permission, to publish posts on your behalf. We do not scrape LinkedIn, store your LinkedIn connections, or access any LinkedIn data beyond what is explicitly requested and consented to.

Your use of LinkedIn through Postova is also subject to LinkedIn's Privacy Policy.

We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.