Privacy Policy

Last updated: May 17, 2026. This policy explains what data PostBreeze collects, why, how long we keep it, and the rights you have over it.

1. Who we are

PostBreeze("we", "us") is operated as a sole proprietorship based in Sweden. The service is accessible at postbreeze.io. The data controller under the EU General Data Protection Regulation (GDPR) is the sole proprietor, Pontus Abrahamsson. For any privacy question, write to [email protected].

2. The service in brief

PostBreeze is a scheduling platform for social media. Users connect accounts on third-party networks (currently Instagram, Facebook Pages, TikTok, YouTube, Pinterest, LinkedIn — including LinkedIn personal profiles and the company pages a user administers — and X), compose posts, and our system publishes those posts on the scheduled date. To operate the service we store your account credentials, the OAuth access tokens you grant us for connected networks, the content you schedule, and operational logs.

3. The data we collect

Account data

Email address and display name (from sign-up or sign-in).
Hashed password (we never store plaintext passwords).
Authentication session tokens stored in secure, HTTP-only cookies.

Workspace and team data

Workspace name, slug, optional brand colour and logo URL.
Workspace memberships (user ↔ workspace ↔ role).
Pending invitations (email address of invitee, hashed invite token).

Connected social-account data

The public identifier, username, display name, and avatar URL of the connected account as returned by the network's API.
The OAuth access token (and refresh token where the network issues one) granted to us by you. Tokens are encrypted at rest using AES-256-GCM with a server-held key; they are never returned to the client.
The scopes you granted, the token expiry timestamp, and limited provider-specific metadata (e.g. Instagram account_type).

Content you upload or schedule

Media (images, videos, GIFs) you upload, stored in Cloudflare R2 object storage.
Post captions, scheduled times, and per-platform options.
Publish results returned by the network: external post ID, URL, and error messages when a publish fails.

Billing data

Subscription state, plan, billing interval, and current period end. We do not store payment card details — those are held by our payment processor, Stripe.
A Stripe customer ID we use to look up your subscription and issue customer-portal sessions.

Operational data

Server and application logs, including IP address, user agent, request path, and timestamps.
Publish attempts (timestamps, HTTP status, provider error codes) for the posts you schedule.

4. How we use your data and legal bases

Under the GDPR, we rely on the following legal bases:

Contract (Art. 6(1)(b)) — to operate the service you signed up for: authenticate you, publish scheduled posts, enforce plan limits, deliver billing.
Legitimate interests (Art. 6(1)(f)) — to secure our infrastructure, prevent abuse, debug errors, and improve reliability.
Legal obligation (Art. 6(1)(c)) — to retain billing records for tax and accounting purposes.
Consent (Art. 6(1)(a)) — for any optional feature clearly marked as opt-in (e.g. marketing emails).

5. Controller vs processor

For your own account data (email, password hash, session), we are the controller. For the content you upload and schedule — captions, media, posts targeted at your Instagram and other connected accounts — we act as a processor on your behalf. You remain the controller of that content and are responsible for complying with the policies of each connected network.

6. Who we share data with

Sub-processors that host and operate PostBreeze: our database host (PostgreSQL), Redis provider, object storage (Cloudflare R2), durable-workflow service (Temporal), payment processor (Stripe), and transactional email provider.
Connected social networks(Instagram / Meta and future platforms you opt in to) — when we publish on your behalf, we necessarily send the post content and access token to the network's API.
Workspace members you invite — they can see the posts and media you add to a shared workspace, per the role you assigned them.
Authorities when required by law, a valid court order, or to protect the rights, property, or safety of PostBreeze or its users.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

7. International data transfers

PostBreeze is operated from the EU (Sweden). Some sub-processors (e.g. Stripe, Cloudflare) operate globally. Where data leaves the European Economic Area, transfers are governed by the European Commission's Standard Contractual Clauses and the provider's own certifications.

8. Government and law enforcement data requests

PostBreeze has not received any government or law enforcement request for user data to date. Should we receive such a request in the future, we apply the following process:

Legal review. We require any request to be a valid legal instrument under Swedish or applicable EU law (e.g. a court order or formal warrant). We do not disclose user data on the basis of informal requests.
Right to challenge. We reserve the right to challenge or refuse requests that are unlawful, overly broad, or that lack a proper legal basis under the GDPR or Swedish law.
Data minimization. When required to disclose data, we provide only the minimum information specifically named in the legal request. We do not voluntarily provide additional context, historical data, or data about other users.
Documentation. We keep a private internal record of every received request, including the date, requesting authority, scope, our legal review notes, and our response.
User notification. Where legally permitted, we notify the affected user before disclosing their data.

Requests should be sent in writing to [email protected].

9. Data retention

Active account data: retained while your account is active.
After account closure: deleted within 30 days of the close request, except where we are required to keep it longer (e.g. invoices).
OAuth tokens: revoked immediately when you disconnect the account or close your account. Encrypted records are purged alongside the account.
Backups: encrypted database backups are kept for 30 days before rotation.
Logs: server and application logs are kept for 12 months.
Billing records: invoices and related records are kept for 7 years to comply with Swedish bookkeeping law.

10. Security

TLS 1.2+ in transit for all requests.
OAuth access tokens and refresh tokens encrypted at rest with AES-256-GCM and a server-held key.
Passwords hashed using a modern algorithm (no plaintext).
Role-based access control inside each workspace.
Webhook signatures (Stripe, Meta) verified against our shared secrets before any side effect.

No system is fully secure. If you believe your account has been compromised, contact us immediately at [email protected].

11. Your rights (GDPR and similar laws)

You have the right to:

Access the personal data we hold about you.
Correct data that is inaccurate or incomplete.
Erase your data (see Data Deletion).
Restrict or object to certain processing.
Receive a copy of your data in a portable format.
Withdraw consent at any time for consent-based processing.
File a complaint with your supervisory authority. In Sweden that's Integritetsskyddsmyndigheten (IMY).

To exercise any of these rights, email [email protected] from the email address tied to your account. We respond within 30 days.

12. California privacy rights

If you are a California resident, you may request access, deletion, or correction of your personal information under the CCPA/CPRA. We do not sell personal information and do not share it for cross-context behavioural advertising. To exercise your rights, contact [email protected].

13. Children

PostBreeze is a business tool not targeted at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

14. Cookies

We use a small number of strictly necessary cookies to keep you signed in (session cookie from our authentication provider) and a cookie that remembers whether the sidebar is collapsed. We do not use advertising or tracking cookies.

15. Third-party sites and services

When you connect Instagram, Facebook Pages, TikTok, YouTube, Pinterest, LinkedIn, X, or another network, that network's own privacy policy and terms govern how they handle your data on their side. We encourage you to review them:

16. YouTube API Services

When you connect a YouTube channel to PostBreeze, our use of information received from YouTube APIs is bound by the YouTube Terms of Service and the Google Privacy Policy. We act as an API client of YouTube API Services and only access data on your behalf, with the scopes you explicitly granted during the Google OAuth consent flow.

Scopes we request

youtube.upload — to publish video files you have scheduled in PostBreeze to your own YouTube channel via videos.insert.
youtube.readonly — to identify the channel you authorised (channel ID, custom URL, display name, avatar) so we can route uploads to the correct destination via channels.list?mine=true. Called once per OAuth connection.

What we store from YouTube

Your channel's public identifier (channel ID), custom URL, display name, and avatar URL.
The Google OAuth access token and refresh token. Both are encrypted at rest using AES-256-GCM with a server-held key and never returned to the browser.
The granted scopes, the access-token expiry timestamp, and the uploads-playlist ID.
References to videos you publish through PostBreeze (video ID and resulting URL) for our own scheduling history. We do not store the video bytes after upload — those live on YouTube.

What we do NOT do

We do not access, aggregate, scrape, mirror, or display public YouTube content (videos, comments, channels, playlists) belonging to other users.
We do not use YouTube data for advertising, profiling, or training machine-learning models.
We do not transfer YouTube data to third parties except the infrastructure subprocessors listed in section 6 (Cloudflare R2 for media at rest, our database host for metadata).

Revoking access and deleting your YouTube data

You can revoke PostBreeze's access to your YouTube account at any time by visiting Google's security settings at myaccount.google.com/permissions. Revocation takes effect immediately on Google's side; on next refresh attempt the token is marked expired and we stop using it. To request deletion of YouTube-derived data we have stored about you, follow the data deletion process described at postbreeze.io/data-deletion or email [email protected]. We delete YouTube tokens and channel metadata within 30 days of a verified deletion request, or sooner upon disconnect within the app.

17. Pinterest API

When you connect a Pinterest Business account to PostBreeze, our use of information received from Pinterest's APIs is bound by the Pinterest API Terms of Service and the Pinterest Privacy Policy. We act as an API client of the Pinterest Content Publishing API and only access data on your behalf, with the scopes you explicitly granted during the OAuth consent flow.

Scopes we request

boards:read & boards:write — to list the boards you own and create pins on them.
pins:read & pins:write — to publish single-image and carousel pins to your own boards via POST /v5/pins.
user_accounts:read — to identify the account you authorised (user ID, username, avatar) so we can label the connected account in our UI.

What we store from Pinterest

Your account's public identifier (user ID), username, display name, and avatar URL.
The Pinterest OAuth access token and refresh token. Both are encrypted at rest using AES-256-GCM with a server-held key and never returned to the browser.
The granted scopes, the access-token expiry timestamp, and best- effort metadata such as account type and configured website URL.
References to pins you publish through PostBreeze (pin ID, board ID, and resulting URL) for our own scheduling history. We do not mirror, store, or display the pin's media bytes after publication — those live on Pinterest.

What we do NOT do

We do not access, aggregate, scrape, mirror, or display public Pinterest content (pins, boards, profiles, search results) belonging to other users.
We do not use Pinterest data for advertising, profiling, or training machine-learning models.
We do not transfer Pinterest data to third parties except the infrastructure subprocessors listed in section 6 (Cloudflare R2 for media at rest, our database host for metadata).

Revoking access and deleting your Pinterest data

You can revoke PostBreeze's access to your Pinterest account at any time by visiting pinterest.com/settings/apps. Revocation takes effect immediately on Pinterest's side; the next API call we make returns an authorization error and we stop using the token. To request deletion of Pinterest-derived data we have stored about you, follow the data deletion process described at postbreeze.io/data-deletion or email [email protected]. We delete Pinterest tokens and account metadata within 30 days of a verified deletion request, or sooner upon disconnect within the app.

18. LinkedIn API

When you connect a LinkedIn account to PostBreeze, our use of information received from LinkedIn's APIs is bound by the LinkedIn API Terms of Use, LinkedIn's Data Processing Agreement, and the LinkedIn Privacy Policy. We act as an API client of the LinkedIn Platform and only access data on your behalf, with the scopes you explicitly granted during the OAuth consent flow.

Scopes we request

openid, profile, email — Sign In with LinkedIn (OpenID Connect). Used to identify the authenticated member.
w_member_social— to publish posts on the authenticated member's personal profile via POST /rest/posts.
w_organization_social, r_organization_social — to publish on, and read the publishing state of, company pages the member administers.
rw_organization_admin — to enumerate the company pages the member administers via GET /v2/organizationAcls, so we can list them as publishing destinations.

What we store from LinkedIn

The authenticated member's LinkedIn ID (the OIDC sub claim), display name, profile picture URL, and email address.
For each company page you administer: the organization URN, numeric ID, vanity name, localized name, and logo URL.
The LinkedIn OAuth access token and refresh token. Both are encrypted at rest using AES-256-GCM with a server-held key and never returned to the browser. The same encrypted credentials back the personal profile and every company page row, since LinkedIn does not issue separate page tokens.
The granted scopes and the access-token expiry timestamp.
References to posts you publish through PostBreeze (post URN and resulting URL) for our own scheduling history. We do not mirror, store, or re-display the post body or media bytes after publication — those live on LinkedIn.

What we do NOT do

We do not access, aggregate, scrape, mirror, or display public LinkedIn content (members, companies, posts, comments, connections, search results) belonging to other users.
We do not request the Marketing Developer Platform scopes; we do not pull LinkedIn analytics, ad accounts, lead data, or audience insights.
We do not use LinkedIn data for advertising, profiling, building models, or training machine-learning systems.
We do not sell or rent LinkedIn data, and we do not transfer it to third parties except the infrastructure subprocessors listed in section 6 (Cloudflare R2 for media at rest, our database host for metadata).
We do not retain LinkedIn data once you disconnect — see below.

Revoking access and deleting your LinkedIn data

You can revoke PostBreeze's access to your LinkedIn account at any time by visiting linkedin.com/mypreferences/d/data-permissions. Revocation takes effect immediately on LinkedIn's side; the next API call we make returns an authorization error and we stop using the token. Disconnecting LinkedIn from inside PostBreeze also marks the token as expired and removes the account from your publishing destinations. To request deletion of LinkedIn-derived data we have stored about you, follow the data deletion process described at postbreeze.io/data-deletion or email [email protected]. We delete LinkedIn tokens and account metadata within 30 days of a verified deletion request, or sooner upon disconnect within the app.

19. X API

When you connect an X (formerly Twitter) account to PostBreeze, our use of information received from X's APIs is bound by the X Developer Agreement and Policy, X's Terms of Service, and the X Privacy Policy. We act as an API client of the X Platform under OAuth 2.0 with PKCE and only access data on your behalf, with the scopes you explicitly granted during the consent flow.

Scopes we request

tweet.read, tweet.write— to publish tweets and threads on the authenticated user's own account via POST /2/tweets.
users.read — to identify the authenticated account (X user ID, username, display name, avatar) so we can label the connected account in our UI.
media.write — to upload images, GIFs, and video files attached to scheduled posts via the v1.1 chunked media upload endpoint.
offline.access — required to receive a refresh token so we can keep the integration working without forcing you to reconnect every two hours.

What we store from X

The authenticated account's X user ID, username, display name, and profile image URL.
A flag derived from X's verified /verified_type field at connect time, used solely to surface the correct character cap in our composer (Premium accounts post up to 4,000 characters; non-Premium up to 280). We do not redistribute or expose this flag.
The X OAuth access token and refresh token. Both are encrypted at rest using AES-256-GCM with a server-held key and never returned to the browser.
The granted scopes and the access-token expiry timestamp.
References to tweets you publish through PostBreeze (tweet ID and resulting URL, plus the chain of tweet IDs when you publish a thread) for our own scheduling history. We do not mirror or re-host the tweet content after publication — those tweets live on X.

What we do NOT do

We do not access, aggregate, scrape, mirror, or display public X content (other users' tweets, profiles, follower lists, search results, or trends).
We do not use X data for advertising, profiling, building models, or training machine-learning systems.
We do not sell, rent, or share X data with third parties except the infrastructure subprocessors listed in section 6 (Cloudflare R2 for media at rest, our database host for metadata).
We do not perform analytics, audience research, sentiment analysis, or competitive intelligence on X content.
We do not retain X data once you disconnect — see below.

Revoking access and deleting your X data

You can revoke PostBreeze's access to your X account at any time by visiting x.com/settings/connected_apps. Revocation takes effect immediately on X's side; the next API call we make returns an authorization error and we stop using the token. Disconnecting X from inside PostBreeze also marks the token as expired and removes the account from your publishing destinations. To request deletion of X-derived data we have stored about you, follow the data deletion process described at postbreeze.io/data-deletion or email [email protected]. We delete X tokens and account metadata within 30 days of a verified deletion request, or sooner upon disconnect within the app.

20. Facebook Pages API

When you connect a Facebook Page to PostBreeze, our use of information received from Meta's Graph API for Pages is bound by the Meta Platform Terms, the Meta Developer Policies, and the Meta Privacy Policy. We act as a Meta App via Facebook Login for Business, share the same App credentials as our Instagram integration, and only access data on your behalf for the Pages you administer with the scopes you explicitly granted during the OAuth consent flow.

Scopes we request

pages_show_list — to list the Pages you administer so you can pick which one(s) to connect.
pages_manage_posts — to publish text, photo, carousel, video, and Reel content to the Pages you connect via POST /{page-id}/feed, /photos, /videos, and /video_reels.
pages_manage_engagement — to reply to comments on your Page posts from the PostBreeze inbox via POST /{comment-id}/comments.
pages_read_engagement — to read post-level engagement data for the inbox and analytics dashboards via GET /{page-id}/posts and /{post-id}/insights.
pages_read_user_content — to read comments left by other users on your Page posts so you can respond to them.
pages_manage_metadata— to subscribe each connected Page to Meta's webhook system so the inbox receives new comments in real time.
read_insights — to display Page Insights metrics (impressions, engagements, video views, follower counts) on the analytics dashboard.

What we store from Facebook

For each connected Page: the Page ID, name, vanity username (if set), category, and picture URL.
Two encrypted OAuth tokens per connected Page: the long-lived user token (used to re-issue Page tokens during refresh) and the per-Page access token (used for all Page-scoped API calls). Both are encrypted at rest using AES-256-GCM with a server-held key and never returned to the browser.
The granted scopes, the access-token expiry timestamp, the Facebook user ID of the connecting user, and the Page's category.
References to posts you publish through PostBreeze (the combined pageId_postId identifier and the resulting permalink URL) for our own scheduling history. We do not mirror, store, or re-host the post body or media bytes after publication — those live on Facebook.
A short-lived cache of recent comments on your Page posts for the inbox view: comment id, post id, the comment text as authored, the commenter's public display name as Meta returns it, and timestamps. Cached rows are purged when you disconnect or when Meta sends a deauthorize / data-deletion webhook.
Page Insights snapshots written to our internal metrics tables every 14 days for the analytics dashboard. We use the 2026-onward metric names (page_follows, page_media_view, page_post_engagements, page_video_views, page_views_total); the deprecated page_impressions family is not requested.

What we do NOT do

We do not access, aggregate, scrape, mirror, or display public Facebook content (other Pages, profiles, groups, posts, ads, or search results) belonging to other users.
We do not request the Marketing API scopes; we do not pull ad accounts, audiences, lead data, or commerce data.
We do not request scopes for posting to personal Facebook profiles or Facebook Groups — Meta closed those APIs years ago and PostBreeze cannot publish there.
We do not use Facebook data for advertising, profiling, building models, or training machine-learning systems.
We do not sell or rent Facebook data, and we do not transfer it to third parties except the infrastructure subprocessors listed in section 6 (Cloudflare R2 for media at rest, our database host for metadata).
We do not retain Facebook data once you disconnect or revoke access — see below.

Revoking access and deleting your Facebook data

You can revoke PostBreeze's access to your Facebook account at any time from inside Facebook by visiting facebook.com/settings → Business Integrations and removing PostBreeze. Meta then sends our webhook a deauthorize signal, which immediately marks every Page row for your account as revoked, zeroes the stored access tokens, deletes cached comments, and deletes raw analytics snapshots. You can also disconnect from inside PostBreeze (Accounts → trash icon next to the Page) for the same effect plus a confirmation in our UI. Either way, no Facebook data persists on our side beyond the normal 30-day backup window described in section 9. To request deletion of Facebook-derived data we have stored about you, follow the data deletion process described at postbreeze.io/data-deletion or email [email protected].

21. Changes to this policy

We will update this page when the service, data practices, or applicable law change. For material changes, we will give reasonable notice by email or in-product before the new policy takes effect.

22. Contact

Email: [email protected]
Operator: Pontus Abrahamsson — sole proprietorship, Sweden.