PostDog Inc. ("PostDog," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our unified marketing platform that integrates WhatsApp Business API, social media management, and email marketing services (collectively, the "Service").
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
We collect information in several ways when you use our Service:
1.1 Information You Provide Directly
- Account Information: When you register for an account, we collect your name, email address, phone number, company name, and billing information.
- Profile Information: Information you add to your profile, including profile photos, job title, and business details.
- Payment Information: Credit card numbers, billing addresses, and other payment details processed through our secure payment processors (Stripe, PayPal).
- Communications: Information you provide when you contact us for support, submit feedback, or participate in surveys.
- Content: Messages, templates, campaigns, and other content you create using our Service.
1.2 Information from Connected Accounts
When you connect third-party accounts to our Service, we collect:
- WhatsApp Business API: Business phone numbers, WhatsApp Business Account ID, message templates, conversation data, contact information, message delivery status, and media files shared through WhatsApp.
- Facebook/Instagram: Page information, post content, comments, messages, follower data, engagement metrics, and advertising account information.
- Twitter/X: Profile information, tweets, direct messages, follower data, and engagement metrics.
- LinkedIn: Profile information, company pages, posts, and connection data.
- Email Providers: Email addresses, contact lists, email content, delivery metrics, and engagement data.
1.3 Information Collected Automatically
- Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.
- Usage Data: Pages visited, features used, actions taken, time spent, click patterns, and error logs.
- Cookies and Tracking: We use cookies, pixels, and similar technologies to collect information about your browsing behavior. See our Cookie Policy for details.
- Log Data: Server logs that record your interactions with our Service, including access times, pages viewed, and referring URLs.
1.4 Information from Third Parties
- Business Partners: We may receive information from our partners who integrate with PostDog.
- Public Sources: We may collect publicly available information to enhance our services.
- Meta Platforms: When you use our WhatsApp Business API integration, we receive data from Meta as necessary to provide the messaging service.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 To Provide and Maintain the Service
- Process and deliver WhatsApp messages, social media posts, and email campaigns on your behalf
- Manage your account and provide customer support
- Process payments and prevent fraud
- Send service-related notifications and updates
2.2 To Improve and Personalize the Service
- Analyze usage patterns to improve features and user experience
- Develop new products and services
- Personalize content and recommendations
- Conduct research and analytics
2.3 For Communication
- Respond to your inquiries and support requests
- Send administrative information about your account
- Send marketing communications (with your consent)
- Notify you about changes to our Service or policies
2.4 For Legal and Safety Purposes
- Comply with legal obligations and respond to legal requests
- Enforce our Terms of Service and other agreements
- Protect the rights, safety, and property of PostDog, our users, and the public
- Detect, prevent, and address fraud, security issues, and technical problems
3. WhatsApp Business API Data
PostDog is a WhatsApp Business Solution Provider. When you use our WhatsApp Business API integration, we process data in accordance with Meta's Platform Terms and WhatsApp Business Policy.
3.1 Data We Process
- Business Information: Your WhatsApp Business Account details, business profile, and verification status.
- Phone Numbers: Business phone numbers registered for WhatsApp Business API.
- Message Content: Text messages, media files (images, videos, documents, audio), location data, and contact cards sent and received through our platform.
- Message Templates: Pre-approved message templates submitted to Meta for approval.
- Contact Information: Phone numbers and names of your customers who you communicate with via WhatsApp.
- Conversation Data: Message delivery status, read receipts, timestamps, and conversation metadata.
- Opt-in Records: Records of user consent for receiving WhatsApp messages from your business.
3.2 How We Use WhatsApp Data
- To send and receive WhatsApp messages on your behalf
- To manage your message templates and submit them for Meta approval
- To provide analytics on message delivery, read rates, and engagement
- To enable chatbot automation and flow builder functionality
- To facilitate broadcast messaging to opted-in contacts
- To provide customer support for WhatsApp-related issues
3.3 WhatsApp Data Retention
We retain WhatsApp message content and conversation data for the duration of your subscription plus 90 days, unless you request earlier deletion. Message metadata and analytics may be retained in anonymized form for longer periods.
3.4 WhatsApp User Privacy
When your customers message your business on WhatsApp:
- They are subject to WhatsApp's Privacy Policy for their use of WhatsApp
- You are responsible for informing them about how you will use their data
- You must obtain appropriate consent before sending marketing messages
- You must honor opt-out requests promptly
When you connect social media accounts (Facebook, Instagram, Twitter/X, LinkedIn, Pinterest), we access and process data in accordance with each platform's terms and policies.
4.1 Data We Access
- Profile Information: Account names, profile pictures, bios, and account settings.
- Content: Posts, stories, reels, tweets, and other content you create or schedule.
- Engagement Data: Likes, comments, shares, retweets, impressions, reach, and other metrics.
- Audience Data: Follower counts, demographics, and audience insights.
- Messages: Direct messages and comments that you manage through our platform.
4.2 How We Use Social Media Data
- To schedule and publish content to your connected accounts
- To display and respond to comments, messages, and mentions
- To provide analytics and reporting on your social media performance
- To enable cross-posting and content management
4.3 Platform Permissions
We only request the permissions necessary to provide our services. You can review and revoke permissions at any time through your account settings or directly through each platform.
5. Email Marketing Data
Our email marketing service processes data to help you create, send, and track email campaigns.
5.1 Data We Process
- Contact Lists: Email addresses, names, and other subscriber information you upload or collect.
- Email Content: Subject lines, body content, images, and attachments in your campaigns.
- Engagement Data: Open rates, click-through rates, bounces, unsubscribes, and complaint data.
- Consent Records: Opt-in timestamps, sources, and consent language.
5.2 Email Compliance
We are committed to email compliance and provide tools to help you comply with:
- CAN-SPAM Act (United States)
- GDPR (European Union)
- CASL (Canada)
- Other applicable anti-spam and privacy laws
5.3 Authentication
We implement email authentication standards (SPF, DKIM, DMARC) to protect your sending reputation and prevent email spoofing.
6. Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
6.1 Service Providers
We share data with third-party service providers who perform services on our behalf, including:
- Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
- Payment Processing: Stripe and PayPal for payment transactions
- Email Delivery: Third-party SMTP providers for email sending
- Analytics: Services that help us understand usage patterns
- Customer Support: Tools that help us provide support services
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
6.2 Platform Partners
To provide our services, we share necessary data with:
- Meta Platforms: For WhatsApp Business API and Facebook/Instagram integrations
- Twitter/X: For Twitter integration features
- LinkedIn: For LinkedIn integration features
- Other connected platforms as authorized by you
6.3 Legal Requirements
We may disclose your information if required by law or in response to:
- Court orders, subpoenas, or legal process
- Government or regulatory requests
- Law enforcement requests
- To protect our legal rights or defend against claims
6.4 Business Transfers
If PostDog is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.
6.5 With Your Consent
We may share your information for other purposes with your explicit consent.
7. Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy.
7.1 Retention Periods
- Account Data: Retained while your account is active and for 2 years after account closure
- Message Content: Retained during your subscription plus 90 days
- Analytics Data: Retained for up to 3 years in anonymized form
- Billing Records: Retained for 7 years for tax and legal compliance
- Support Tickets: Retained for 3 years after resolution
7.2 Deletion
You may request deletion of your personal data at any time. Upon receiving a valid deletion request, we will delete or anonymize your data within 30 days, except where we are legally required to retain it.
8. Data Security
We implement comprehensive security measures to protect your data:
8.1 Technical Safeguards
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access controls and multi-factor authentication
- Infrastructure Security: Hosted on SOC 2 Type II compliant cloud infrastructure
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Monitoring: 24/7 security monitoring and alerting
8.2 Organizational Safeguards
- Regular security training for all employees
- Background checks for employees with data access
- Vendor security assessments
- Incident response procedures
- Regular security audits and penetration testing
8.3 Your Security Responsibilities
You are responsible for:
- Maintaining the confidentiality of your account credentials
- Enabling two-factor authentication on your account
- Promptly reporting any suspected security incidents
- Ensuring your team members follow security best practices
9. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
9.1 Access and Portability
You have the right to request a copy of the personal data we hold about you. We will provide this data in a commonly used, machine-readable format.
9.2 Correction
You have the right to request that we correct inaccurate or incomplete personal data.
9.3 Deletion
You have the right to request deletion of your personal data, subject to certain exceptions (such as legal retention requirements).
9.4 Objection and Restriction
You have the right to object to or request restriction of certain processing activities.
9.5 Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time.
9.6 GDPR Rights (European Users)
If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:
- Right to lodge a complaint with your local data protection authority
- Right to data portability
- Right not to be subject to automated decision-making
9.7 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:
- Right to know what personal information we collect
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your rights
9.8 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@postdog.io or through your account settings. We will respond to your request within 30 days.
10. International Data Transfers
PostDog is based in the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate.
10.1 Transfer Mechanisms
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with appropriate safeguards
- Other legally recognized transfer mechanisms
10.2 Data Residency
Enterprise customers may request data residency in specific regions (US, EU). Contact our sales team for more information.
11. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.
If you believe we have collected information from a child, please contact us immediately at privacy@postdog.io.
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the updated policy on this page with a new "Last Updated" date
- Notify you by email or through the Service
- Obtain your consent where required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Meta Platform Compliance
As a WhatsApp Business Solution Provider and Meta Business Partner, we comply with:
We process WhatsApp and Meta platform data only as necessary to provide our services and in accordance with the permissions granted by you and your end users.