Legal
Privacy Policy
This policy explains what information Postmind receives, why we use it, and the choices available to you.
Effective July 9, 2026
1. Scope
This Privacy Policy describes how Postmind, Inc. (“Postmind,” “we,” “us,” or “our”) handles personal information when you use postmind.ai, the Postmind application, client review pages, and related services (together, the “Service”).
If an organization provides your account, that organization may manage your access and the content in its workspaces. Its own policies may also apply to its use of your information.
2. Information we receive
- Account and profile information. Your name, email address, profile details, organization, role, preferences, and account authentication records.
- Workspace content. Brand information, calendars, drafts, captions, media, comments, approvals, tasks, schedules, and other material that you or your collaborators add to the Service.
- Connected social information. Account identifiers, profile and channel details, connection status, publishing permissions, scheduled posts, delivery results, and available performance data from networks you connect. Social credentials and access tokens are handled as needed by Bundle.social and the connected network.
- AI interactions. Prompts, instructions, selected workspace context, files, generated text, images and video, tool calls, and feedback related to AI features.
- Billing information. Plan, subscription, transaction, credit balance, and invoice details. Payment-card information is submitted to Polar and its payment processors; Postmind does not receive complete card numbers.
- Service and device information. IP address, browser and device details, session activity, requested pages, diagnostic events, security logs, and cookie or local-storage data needed to run the Service.
- Communications. Messages and attachments you send when requesting support, responding to an invitation, or otherwise contacting us.
We receive this information from you, other members of your organization, connected services, and automatically when the Service is used.
3. How we use information
We use information to:
- create accounts, authenticate users, and keep organizations separate;
- provide planning, collaboration, approval, AI generation, scheduling, publishing, analytics, and billing features;
- carry out instructions from authorized workspace members, including sending scheduled content to connected social networks;
- send invitations, review notices, receipts, and other service messages;
- respond to support requests and maintain the Service;
- detect fraud, abuse, security incidents, and violations of our Terms;
- understand reliability and improve product functionality, including through aggregated or de-identified information; and
- comply with law and protect users, Postmind, and others.
4. AI features
AI features need context to do the work you request. Depending on the feature and current provider configuration, Postmind may send prompts, selected workspace content, files, or output to Anthropic, Vercel AI Gateway and model providers reached through it, Google, or Krea.
Postmind does not use customer content to train models of its own. A provider's retention and model-training practices depend on that provider, the service configuration, and the terms that apply to its API. Do not submit sensitive information that is not needed for the task.
5. When we disclose information
We disclose information only as needed to operate the Service, follow your instructions, protect the Service, or meet legal obligations. The services involved in the current product include:
- Vercel for application hosting and delivery, and Supabase for database, authentication, and storage;
- Bundle.social and the social networks you connect for account linking, publishing, and available network data;
- Anthropic, Vercel AI Gateway, routed model providers, Google, and Krea for requested AI text, image, or video processing;
- Resend for transactional email and Polarfor subscriptions, invoices, and payments; and
- advisers, authorities, or a successor to the business when reasonably necessary for legal compliance, safety, a financing, reorganization, merger, or sale.
We do not sell personal information. We also do not share personal information for cross-context behavioral advertising as those terms are defined under California law.
7. Retention
We retain account and workspace information while an account is active and for as long afterward as reasonably necessary to complete requested services, maintain backups, prevent abuse, resolve disputes, and meet tax, accounting, or legal obligations. Retention by connected social networks and AI, payment, or other service providers is governed by their own terms and configurations.
You may request deletion of your account information. Some records may remain where retention is required by law or is reasonably necessary for security, billing, or dispute records.
8. Your choices and privacy rights
You can update much of your account and workspace information in the Service and disconnect social accounts from workspace settings. You may also ask us to access, correct, export, or delete personal information by emailing privacy@postmind.ai. We may need to verify your identity and authority before completing a request.
Depending on where you live, applicable law may provide additional rights, including the right to know, correct, delete, or receive a portable copy of personal information; to limit or object to certain processing; to appeal a denied request; and to use an authorized agent. We will not discriminate against you for exercising a privacy right. California residents may also ask about the categories of information collected, used, and disclosed.
9. International transfers
Postmind and its providers may process information in the United States and other countries. Those countries may have different data-protection laws. Where required, we use recognized safeguards for international transfers.
10. Security
We use administrative, technical, and organizational measures designed to protect information, including access controls and separation between customer organizations. No internet service can guarantee absolute security. Please use a strong account password, protect review links, and tell us promptly if you believe an account has been compromised.
11. Children
The Service is intended for business and professional use and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, contact us so we can review and delete it as appropriate.
12. Changes and contact
We may update this policy as the Service or law changes. We will post the revised policy with a new effective date and provide additional notice when required.
Questions or privacy requests may be sent to privacy@postmind.ai. Legal notices may be sent to legal@postmind.ai.