Privacy Policy

1. Introduction

Welcome to Posta AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered video ad creation platform.

By using Posta, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name, and authentication credentials. If you sign up using Google OAuth, we receive your basic profile information from Google.

2.2 Usage Data

We collect information about how you interact with our platform, including videos generated, prompts used, features accessed, and session duration.

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your complete credit card information. Stripe may collect and store payment details in accordance with their privacy policy.

2.4 Content You Create

We store the videos, scripts, and creative content you generate using our platform to provide our services and improve your experience.

3. How We Use Your Information

• To provide, maintain, and improve our AI video generation services
• To process transactions and manage your subscription
• To communicate with you about updates, features, and support
• To analyze usage patterns and optimize platform performance
• To detect and prevent fraud, abuse, or security issues
• To comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Third-party vendors who help us operate our platform (e.g., cloud hosting, payment processing, analytics)
• AI Partners: We use OpenAI's Sora API to generate videos. Your prompts are processed by their systems
• Legal Requirements: When required by law or to protect our rights

5. Use of Google User Data

When you connect a Google account to Posta — for example, signing in with Google OAuth or connecting your Google Ads, Gmail, Google Calendar, Google Drive, or Google Sheets account through our integration platform — we access certain Google user data to deliver the features you request.

5.1 What we access

• Basic profile information (name, email address, profile picture) from your Google account when you sign in with Google OAuth.
• Read-only Google Ads data (account structure, campaigns, ad groups, keywords, and performance metrics) when you connect a Google Ads account, so we can run audits and answer your questions about your campaigns.
• Data accessed under the OAuth scopes you explicitly grant when you connect a Google Workspace service (such as Gmail, Calendar, Drive, or Sheets) through our integration platform — only the data needed to perform the action you have asked an agent to take on your behalf.

We request the minimum OAuth scopes required for each feature, and only after you grant explicit consent through Google's authorization screen.

5.2 How we use Google user data

We use Google user data solely to provide and improve the user-facing features you have requested — for example, generating audits, answering questions about your campaigns, sending an email or creating a calendar event when you instruct an agent to do so, and similar in-product workflows. We do not use Google user data for any other purpose.

5.3 Limited Use disclosure

Posta's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, we do not:

• Sell Google user data, or transfer it to a data broker.
• Use or transfer Google user data to serve advertisements, including retargeted, interest-based, or personalized advertising.
• Use Google user data to determine credit-worthiness or for lending purposes.
• Use Google user data to train generalized or third-party AI/ML models. Google user data is processed only as needed to deliver the specific feature you have requested.
• Allow humans to read Google user data, unless we have your explicit consent for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or in aggregated and anonymized form for internal operations.

5.4 Sharing of Google user data

Google user data is only transferred to third parties when strictly necessary to provide the feature you have requested (for example, sending campaign data to a large-language-model provider so the model can generate the audit text you asked for). These providers act as data processors on our behalf and are contractually prohibited from using Google user data for any purpose other than delivering the requested feature, and from any of the prohibited uses listed in Section 5.3.

5.5 Revoking access and deletion

You can revoke Posta's access to your Google account at any time from your Google Account permissions page, or by disconnecting the relevant integration from within Posta. Revoking access stops any further data flow; cached Google user data is deleted from our systems in accordance with Section 8 (Data Retention).

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, secure authentication, and regular security audits. However, no method of transmission over the Internet is 100% secure.

7. Your Rights

Depending on your location, you may have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate personal data
• Request deletion of your personal data
• Object to or restrict processing of your data
• Data portability

To exercise these rights, contact us at hello@posta.ai.

8. Data Retention

We retain your account information and generated content for as long as your account is active. You may delete your account and associated data at any time through your account settings or by contacting us.

9. Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze platform usage. You can manage cookie preferences through your browser settings.

10. Children's Privacy

Posta is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform. Your continued use of Posta after changes constitutes acceptance of the updated policy.