Products

Channels

Solutions

Resources

Pricing

Sign in

Try for free

Socials by PostPaddy

Ads by PostPaddy

Ads by PostPaddy

Ads by PostPaddy

PRIVACY POLICY

Last updated on July 5 2023.

This Privacy Policy explains how Postpaddy LLC (“Postpaddy”, “we”, “us”) collects, uses, discloses, and protects information in connection with Ads by PostPaddy.

Not offered to EU/UK. The Service is not offered to EU/UK residents. Do not use the Service if you are located in the EU/UK. If we unintentionally receive such data, we will delete it once identified.

1. Scope; Roles

  • For account, billing, fraud/security, analytics, and service improvement, Postpaddy is a data Controller.

  • For advertising data you process via the Service (and, when enabled, any customer lists), Postpaddy acts as a Processor on your documented instructions. Our Data Processing Addendum (DPA) applies to such processing.

2. Information we collect

Account & contact data. Name, email, phone, password hashes, subscription tier, invoices, communications, support tickets.

Ad platform data. Business/account IDs, pages/profiles, campaign/ad‑set/ad metadata, performance metrics (impressions, clicks, spend, conversions, CPA/ROAS), audience/targeting parameters, catalogs/pixels where applicable.

Telemetry & device data. IP address, device and browser information, app/web events, diagnostic and crash logs.

Payment data. Payments are processed by Stripe and Paystack. We do not store raw card numbers; processors provide us with tokenized references.

KYC (if requested). Government or business documents and related information you provide for verification.

Derived and aggregated data. We generate aggregated/anonymized analytics and benchmarks derived from Service operation. We own these aggregates and will not re‑identify individuals.

3. How we use information

  • Provide, operate, and support the Service;

  • Process payments; manage subscriptions and PCs;

  • Detect, investigate, and prevent fraud, abuse, and security incidents;

  • Analyze usage to maintain, secure, and improve the Service; develop new features;

  • Communicate with you about product updates, security alerts, and administrative messages;

  • Send product updates and promotions (you can opt out at any time);

  • Comply with legal obligations and enforce our Terms.

No sale/share (CPRA). We do not sell or share personal information for cross‑context behavioral advertising. If any future integration could be deemed “sharing,” we will provide an opt‑out.

4. Legal bases (Nigeria & U.S.)

We process data for contract performance, legitimate interests (e.g., securing and improving the Service), consent (where obtained), and compliance with law (NDPR and applicable U.S. laws).

5. Cookies/SDKs; Analytics; Session Replay

  • Web cookies/SDKs: We may use essential cookies/SDKs.

  • Analytics: Google Analytics 4, Mixpanel.

  • Session replay: Microsoft Clarity may record interactions (mouse movements, clicks, scrolls, and page performance). We configure masking of sensitive fields and use it to improve UX and diagnose issues.

  • Do Not Track: Our websites and apps do not respond to DNT signals.

  • Future marketing cookies: If we introduce marketing/advertising cookies, we will provide a consent banner and update this Policy.

6. Disclosures to third parties

We share information with service providers and sub‑processors strictly to operate the Service, including:

  • Payments: Stripe, Paystack

  • Infrastructure: AWS (primary, US), GCP, Azure

  • AI processing: OpenAI, Anthropic

  • Monitoring/Crash: Sentry

  • Realtime/Messaging: Pusher

  • Email/SMS: Amazon SES, Twilio, Brevo

  • Analytics/Replay: GA4, Mixpanel, Microsoft Clarity

We may also disclose information to comply with law, protect rights, or in connection with a merger or acquisition. We do not permit service providers to use your personal information for their own marketing.

7. Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. On verified request, we delete within 30–90 days, subject to lawful retention and backup rotation.

8. Security; Incidents

We use appropriate administrative, technical, and physical measures, including encryption in transit and at rest, role‑based access controls, logging and monitoring, and vendor due diligence. If a breach of personal information occurs, we will notify affected users without undue delay and target 72 hours for material incidents.

9. Your rights

Subject to applicable law (including NDPR and U.S. state laws like CPRA/CCPA), you may request to access, correct, delete, or port your personal information, or object to/limit certain processing.

To exercise rights, email [email protected] (or use any rights form we provide). We will verify your identity before acting on requests and respond within legally required periods.

10. Children

The Service is not for users under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we will delete it.

11. International transfers

The Service is not offered to EU/UK residents. If you nonetheless transfer data to us from other countries, you consent to processing in the United States and other locations where our service providers operate.

12. Changes

We may update this Policy. For material changes, we will provide at least 7 days’ notice via email and/or in‑app. Your continued use after the effective date means you accept the changes.

Contact: [email protected] | [email protected]

Address: 11900 Commerce Street, Apt 1307, Farmers Branch, Texas, 75234

DATA PROCESSING ADDENDUM (DPA)

Effective date: [fill on publish]
Parties: This DPA forms part of the agreement (the “Agreement”) between Postpaddy LLC (“Processor”) and the Customer (“Controller”) for use of the Service.

1. Scope and roles

1.1 This DPA applies when Processor processes Customer Personal Data on behalf of Controller in connection with the Service (e.g., ad‑platform data and—when enabled—customer lists).

1.2 The parties’ roles are: Controller determines the purposes and means; Processor processes per Controller’s documented instructions.

2. Processing details

  • Subject matter: Advertising campaign management and optimization services.

  • Duration: Term of the Agreement plus deletion period.

  • Nature & purpose: Hosting, transmitting, analyzing, reporting, and optimizing ad‑related data.

  • Types of personal data: Contact data contained in ad platforms (e.g., account names/IDs), campaign metadata, performance metrics, targeting parameters; if enabled later, hashed customer lists.

  • Data subjects: Controller’s end users, prospects, or customers (as applicable).

3. Processor obligations

  • Process Customer Personal Data only on Controller’s documented instructions (including via the Agreement and features used).

  • Implement appropriate technical and organizational measures (encryption in transit/at rest, access controls, logging/monitoring, least privilege).

  • Ensure personnel confidentiality; train personnel with access.

  • Assist Controller with data subject requests and impact assessments (to the extent reasonable and technically feasible).

  • Notify without undue delay upon becoming aware of a personal‑data breach affecting Customer Personal Data (target 72 hours for material incidents), and provide details and cooperation.

  • Delete or return Customer Personal Data upon termination or expiration of the Agreement, subject to legal retention and backup rotation schedules.

  • Make available information necessary to demonstrate compliance, and allow audits by Controller or an independent auditor (with reasonable notice, scope, frequency, confidentiality, and cost allocation).

4. Sub‑processors

Controller authorizes Processor to engage Sub‑processors to provide the Service. Current list: Stripe, Paystack, AWS, GCP, Azure, OpenAI, Anthropic, Sentry, Pusher, Amazon SES, Twilio, Brevo, GA4, Mixpanel, Microsoft Clarity. Processor will:

  • Impose data protection obligations substantially similar to this DPA on Sub‑processors;

  • Remain responsible for Sub‑processors’ performance;

  • Publish a living list and provide notice of material additions or replacements. Where required by law, Controller may object on reasonable grounds; if unresolved, Controller may terminate the affected Service.

5. International transfers

The Service is not offered to EU/UK residents. If Customer later instructs Processor to process EU/UK personal data, the parties agree to implement appropriate transfer mechanisms (e.g., SCCs and, for the UK, the IDTA or Addendum) by written amendment.

6. Liability

Liability under this DPA is subject to the limitations of liability in the Agreement.

7. Order of precedence

If there is a conflict between this DPA and the Agreement, this DPA controls to the extent of the conflict regarding data protection matters.

SUB‑PROCESSOR APPENDIX (Living List)

Payments

  • Stripe, Inc. — Payment processing, tokenized card storage; USA/EU infrastructure.

  • Paystack Payments Ltd. — Payment processing (primarily Nigeria/West Africa); Nigeria/EU infrastructure.

Infrastructure & Hosting

  • Amazon Web Services (AWS) — Primary hosting (USA regions).

  • Google Cloud Platform (GCP) — Supplemental compute/storage.

  • Microsoft Azure — Supplemental compute/storage.

AI Processing

  • OpenAI — Text generation/suggestions.

  • Anthropic — Text generation/suggestions.

Monitoring/Crash & Realtime

  • Sentry — Error monitoring and performance tracing.

  • Pusher — Realtime messaging/channels.

Email & Messaging

  • Amazon SES — Transactional email.

  • Twilio — SMS/OTP (as used).

  • Brevo (Sendinblue) — Email/SMS (as used).

Analytics & Session Replay

  • Google Analytics 4 — Product/website analytics.

  • Mixpanel — Product analytics. Microsoft

  • Clarity — Session replay/UX diagnostics (with masking).

We will update this list as services evolve and provide notice of material changes where required.

COOKIE / SDK CONSENT (Ready‑to‑enable Copy)

Banner (when marketing cookies are enabled):

We use cookies and similar technologies to run our site, analyze usage, and improve your experience. We also use optional analytics and session‑replay tools to help us understand how the product is used. Click “Accept all” to consent, or “Manage settings” to choose which to allow. We do not sell or share your personal information for cross‑context advertising. See our Privacy Policy for details.

Buttons: Accept all | Reject non‑essential | Manage settings

Preferences text (modal):

  • Strictly necessary (always on): required for security, authentication, and core features.

  • Analytics (GA4, Mixpanel): help us understand product usage.

  • Session replay (Microsoft Clarity): helps diagnose issues; sensitive fields are masked.

  • Communications (SES/Twilio/Brevo): send transactional messages you request.

HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

PostPaddy LLC

11900 Commerce Street, Apt 1307

Farmers Branch

Texas, 75234

United States

Ads by PostPaddy

Ads by PostPaddy