Preview

You're visiting Postuur in sandbox mode. Posts land on the Timeline, but we won't publish until you sign up.

Sign up
Postuur

Privacy.

Last updated · 13 May 2026

Postuur is a small scheduling tool for Instagram publishing. This page explains what data we collect, why we collect it, who we share it with, and how you can request deletion or access to your data.

What we collect

When you create an account, we collect the information needed to run the service: your name, email address, password hash, timezone, account creation date, and basic authentication data such as session identifiers and recovery tokens.

We also store the content you actively use inside Postuur. That includes uploaded photos, imported Dropbox media, your per-project instructions.md documents, generated captions, edited captions, scheduling metadata, and publishing status information.

If you connect external services, we store the OAuth credentials needed to keep those connections working. This includes Instagram access and refresh tokens, and Dropbox tokens. These credentials are stored encrypted at rest.

For subscriptions, we store Stripe-related billing metadata such as your Stripe customer ID, subscription ID, status, billing period end date, and cancellation status. Card and bank details never pass through or live on Postuur servers.

We also keep an internal AI generation log for caption requests. This includes the prompt sent to OpenAI, the generated response, token usage, latency, parsed caption fields, and whether you approved, edited, regenerated, or skipped the result.

Like most web applications, our server infrastructure also generates short-lived webserver logs containing IP addresses and request metadata. These logs are managed on a rolling retention window.

How we use it

We use account data, uploaded media, project content, connector tokens, and scheduling metadata to provide the core Postuur service: generating captions and publishing Instagram posts on your behalf.

Subscription data is used to manage billing, trial access, and account status.

AI generation logs are used to review caption quality, debug generation issues, and improve the reliability of the caption workflow inside Postuur. These logs are not sold, publicly shared, or used for advertising.

We do not run advertising trackers, third-party analytics, behavioral profiling, or marketing automation.

The legal basis for processing depends on the type of data involved:

  • Contract performance (GDPR Art. 6(1)(b)) for account management, uploads, scheduling, publishing, connector tokens, and subscriptions.
  • Legitimate interest (GDPR Art. 6(1)(f)) for AI generation logging and service quality review.
  • Consent (GDPR Art. 6(1)(a)) for optional Dropbox connections and any future opt-in marketing communication.
  • Legal obligation (GDPR Art. 6(1)(c)) for invoice and tax record retention required under Belgian law.

Third parties

Postuur relies on a small number of third-party services to function.

OpenAI

Caption generation uses the OpenAI Chat Completions API. Postuur sends a public image URL hosted on postuur.app, together with the project's instructions and generation context, to OpenAI. OpenAI returns generated caption text and related metadata.

Privacy policy: openai.com/policies/privacy-policy

Meta Platforms (Instagram Graph API)

Instagram publishing uses the Instagram Graph API. Postuur sends a public image URL and caption text to Meta in order to publish content to your connected Instagram Business account. Meta returns the published post ID and related publishing metadata.

Stored Instagram access tokens are encrypted at rest.

Scopes used:

  • instagram_business_basic
  • instagram_business_content_publish

Privacy policy: facebook.com/privacy/policy

Stripe

Stripe handles subscription billing, checkout, and customer billing management. Payment details are processed directly by Stripe and never reach Postuur servers.

Postuur stores only the Stripe customer ID, subscription ID, status, and billing period metadata needed to manage access.

Privacy policy: stripe.com/privacy

Dropbox

Dropbox is an optional integration initiated by the user. If connected, Postuur reads file metadata and image files from the selected Dropbox folder in order to import media into projects. Postuur does not request write access by default.

Privacy policy: dropbox.com/privacy

AI caption logging

Caption generation requests are logged internally inside Postuur.

For each generation request, we store the prompt, instructions, image reference, raw response, parsed caption fields, token usage, latency, and the outcome of your review flow. That includes whether you approved the caption directly, edited it before approval, regenerated it, or skipped it entirely.

These logs help improve caption quality and make generation failures easier to diagnose. The logs are only accessible within Postuur's own administration environment and are not shared with advertisers or analytics providers.

The logging exists because AI-generated captions are a core part of the product rather than a background utility.

Retention

Account data and project content are kept while your account remains active.

If a trial account expires without upgrading, dormant account data is not intended to live indefinitely. Postuur is moving toward automated archive and deletion sweeps for inactive accounts.

AI generation logs remain attached to the account while the account exists and are deleted when the account is deleted. Existing logs are not retroactively scrubbed before deletion.

Subscription and invoice records are retained for 7 years where required under Belgian tax and commercial law.

Webserver logs are retained on a rolling basis for approximately 30 days.

Data deletion

You can delete your account from Settings → Account after signing in at postuur.app/settings.

Account deletion removes the associated data tree, including projects, uploaded photos, captions, scheduling records, OAuth tokens, and related media stored on disk. Uploaded files are removed from the server filesystem as part of the deletion process.

If you have an active Stripe subscription, cancel it through the Stripe billing portal first to stop future charges. Deleting your Postuur account does not automatically cancel your Stripe subscription.

If you cannot access your account, email hello@postuur.app from the address associated with the account and we'll process the deletion request within 30 days.

Cookies

Postuur uses two first-party cookies.

PHPSESSID is the session cookie required to keep you signed in securely. It is HttpOnly, SameSite=Lax, and marked secure in production environments.

postuur-project-view stores your preferred project layout inside the interface. It is used only as a local interface preference and not for tracking.

Postuur does not use advertising cookies, third-party analytics cookies, or tracking pixels.

International transfers

Some of Postuur's service providers are based in the United States, including OpenAI, Meta, Stripe, and Dropbox.

Data transferred to these providers is handled under their published contractual and privacy frameworks, including Standard Contractual Clauses (SCCs) where applicable.

Your rights

If you are located in the European Economic Area, you have rights under the GDPR.

You can request access to the data we hold about you, ask for corrections, request deletion, object to certain processing activities, or request a portable export of your data.

Most profile changes can already be made directly inside the app. Data exports and formal GDPR requests are currently handled by email rather than through a self-serve dashboard.

For access, portability, restriction, objection, or deletion requests, contact hello@postuur.app.

You also have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit / Autorité de protection des données
gegevensbeschermingsautoriteit.be

Contact

Postuur is operated by Kristoff Bertram, Antwerp, Belgium.

Questions about privacy or data processing can be sent to hello@postuur.app.