Privacy Policy

www.postbadger.app

Last Updated: January 2025

Michał Włosik EFC ("we," "us," or "our") operates the Postbadger website (www.postbadger.app) and the Postbadger browser extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

1. Data Controller

The data controller responsible for your personal data is:

2. Information We Collect

2.1 Information You Provide to Us

When you register for an account or use our Service, we may collect the following personal data:

• Account Information: Email address, name (or username), and password when you create an account through our authentication provider (Outseta)
• Payment Information: When you subscribe to a paid plan, payment details are collected and processed by our third-party payment processor (Stripe, via Outseta). We do not store your full credit card number or payment credentials on our servers
• Communication Data: Information you provide when you contact us for support or feedback

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

• Usage Data: Information about your use of the Service, including the number of posts downloaded, download history, and feature usage for billing and service improvement purposes
• Device Information: Browser type, browser version, and extension version
• Authentication Tokens: Temporary JWT (JSON Web Token) for session management, stored locally in your browser

2.3 Information Stored Locally on Your Device

The following data is stored locally in your browser:

• Downloaded post content and metadata
• Download history and preferences
• Filter settings (date ranges, post limits)
• Theme preferences (day/night mode)
• Authentication session data

2.4 Information We Do NOT Collect

We want to be clear about what we do not collect:

• We do not collect or access your X.com (Twitter) login credentials
• We do not store the content of downloaded posts on our servers
• We do not track your browsing activity outside of X.com profile pages
• We do not collect data from your X.com direct messages or private content
• We do not sell or share your personal data with third parties for advertising purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Legal Basis (GDPR)
To create and manage your account	Contract performance
To provide and maintain the Service	Contract performance
To process payments and manage subscriptions	Contract performance
To track usage against your subscription limits	Contract performance
To communicate with you about your account or the Service	Contract performance / Legitimate interest
To respond to your inquiries and support requests	Contract performance / Legitimate interest
To improve and optimize the Service	Legitimate interest
To detect, prevent, and address technical issues or fraud	Legitimate interest
To comply with legal obligations	Legal obligation

4. Third-Party Service Providers

We share your data with the following third-party service providers who assist us in operating the Service:

4.1 Outseta (Authentication & Billing)

We use Outseta for user authentication, subscription management, and billing. When you create an account or subscribe to a plan, your account information and payment details are processed by Outseta. Outseta is GDPR-compliant and PCI DSS compliant for handling payment information.

Data shared with Outseta:

• Email address and name
• Subscription plan and payment information
• Account status and usage metrics

Outseta's Privacy Policy: https://www.outseta.com/privacy-policy

4.2 Make.com (Automation)

We use Make.com (formerly Integromat) to process download requests and track usage. When you initiate a download, your request is processed through Make.com webhooks.

Data processed by Make.com:

• X.com handle being downloaded
• Your account identifier (for usage tracking)
• Download parameters (date filters, post limits)

4.3 Stripe (Payment Processing)

Payment processing is handled by Stripe (via Outseta). We do not have direct access to your full payment card details. Stripe is PCI DSS Level 1 certified.

Stripe's Privacy Policy: https://stripe.com/privacy

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained for as long as your account is active. Upon account deletion, your data will be removed within 30 days, except where retention is required by law
• Usage Data: Aggregated usage statistics may be retained for analytical purposes
• Payment Records: Retained for 7 years as required by tax and accounting regulations
• Local Data: Data stored locally in your browser remains until you clear it or uninstall the extension

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• All data transmission is encrypted using TLS/SSL
• Authentication uses secure JWT tokens with expiration
• Downloaded content is stored locally on your device, not on our servers
• We use secure, reputable third-party providers (Outseta, Stripe) for sensitive operations
• We regularly review and update our security practices

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Outseta, Make.com, Stripe) may store data.

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Transfers to countries with an EU adequacy decision
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers certified under recognized frameworks

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

Right	Description
Right of Access	You can request a copy of the personal data we hold about you
Right to Rectification	You can request correction of inaccurate or incomplete data
Right to Erasure	You can request deletion of your personal data ("right to be forgotten")
Right to Restriction	You can request restriction of processing of your personal data
Right to Data Portability	You can request your data in a structured, machine-readable format
Right to Object	You can object to processing based on legitimate interests
Right to Withdraw Consent	Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at contact@postbadger.app. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO): https://uodo.gov.pl

9. Cookies and Tracking Technologies

Our website and extension use limited cookies and local storage:

9.1 Essential Cookies

These are necessary for the Service to function:

• Authentication cookies for maintaining your login session
• Session cookies for security purposes

9.2 Browser Local Storage

The extension uses browser local storage to:

• Store your authentication token
• Save downloaded posts locally
• Remember your preferences (theme, filter settings)

9.3 Third-Party Cookies

Our authentication provider (Outseta) may set cookies for authentication purposes. These are governed by Outseta's privacy policy.

10. Children's Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

11. Third-Party Links

The Service may contain links to third-party websites or services, including X.com (Twitter). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Browser Extension Permissions

The Postbadger browser extension requests the following permissions:

Permission	Purpose
activeTab	To detect when you're on an X.com profile page
tabs	To read the current tab URL to identify X.com profiles
storage	To store downloaded posts and preferences locally
notifications	To notify you when downloads complete
alarms	To maintain background service worker activity
Host permissions (x.com, twitter.com)	To function on X.com/Twitter websites
Host permissions (outseta.com)	To handle authentication

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending an email notification for significant changes (if you have an account)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: