Privacy Policy
Last updated: April 27, 2026
§ 1. Data controller
- The controller of personal data of Users of the GetMePost application (the "Application") is the entity identified in the "Operator details" section on the About page (the "Controller").
- Contact for matters related to personal data protection: support@getmepost.com.
§ 2. Scope of processed data
The Controller processes the following categories of data:
- Account data — email address, password (encrypted), name, interface language.
- Billing data — company name, address, tax ID, invoicing data, payment history (full payment card data is stored by the payment provider, not the Controller).
- User Content — materials uploaded to the knowledge base (documents, links, text samples) and topics submitted for generation.
- Integration data — OAuth access tokens for Third-Party Platforms (LinkedIn, X, Facebook, Instagram, Threads).
- Technical data — IP address, device identifier, browser type, language, session timestamps, system logs.
- Analytics data — User interactions with the Application, publication statistics fetched from Third-Party Platforms.
§ 3. Purposes and legal grounds
| Purpose | Legal ground (GDPR) |
|---|---|
| Conclusion and performance of the service contract | art. 6(1)(b) |
| Issuing invoices and tax settlements | art. 6(1)(c) (legal obligation) |
| Handling complaints | art. 6(1)(b) and (f) |
| Marketing of own services, newsletter | art. 6(1)(f) (legitimate interest) or (a) (consent) |
| Analytics and improvement of the Application | art. 6(1)(f) |
| AI content generation | art. 6(1)(b) |
| Security and abuse prevention | art. 6(1)(f) |
§ 4. Recipients of data
The Controller uses the following categories of processors:
- AI model providers (Anthropic, OpenAI or comparable) — for content generation. Data may be transferred outside the EEA (USA) under the European Commission's Standard Contractual Clauses.
- Cloud infrastructure and hosting providers — storage and processing of application data.
- Payment processors — handling subscription transactions.
- Email and transactional communication providers — sending confirmations, invoices, notifications.
- Third-Party Platforms (LinkedIn, X, Facebook, Instagram, Threads) — only data necessary to publish on behalf of the User.
- Analytics providers — for traffic and behavior analysis within the Application.
A full list of subprocessors is available on request at support@getmepost.com.
§ 5. Transfers outside the EEA
- Due to the use of AI model providers and certain cloud services, data may be transferred to third countries, in particular the United States.
- Transfers take place under the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and additional safeguards (encryption in transit and at rest, access control).
- The text of the clauses and information on the safeguards in place are available on request.
§ 6. Retention periods
- Account data and User Content — for the duration of the contract and 30 days after termination (period for potential account recovery), then deleted or anonymized.
- Billing data and invoices — for the period required by tax law (5 years counted from the end of the fiscal year).
- Technical logs — up to 12 months.
- Data processed on consent (e.g. newsletter) — until consent is withdrawn.
- Data for claims purposes — until limitation periods expire.
§ 7. User rights
Every data subject has the following rights:
- Access (art. 15 GDPR) — obtaining information about processed data.
- Rectification (art. 16) — correcting inaccurate data.
- Erasure (art. 17, "right to be forgotten").
- Restriction of processing (art. 18).
- Data portability (art. 20) — receiving data in a structured format (e.g. JSON).
- Objection (art. 21) — to processing based on legitimate interest.
- Withdrawal of consent at any time, without affecting the lawfulness of processing prior to withdrawal.
- Complaint to a supervisory authority — in Poland, the President of the Personal Data Protection Office (uodo.gov.pl); in other EU countries, the local DPA.
To exercise rights: support@getmepost.com. The Controller responds within 30 days.
§ 8. Cookies and similar technologies
- The Application uses cookies and similar browser storage technologies for: maintaining the login session, remembering preferences (language, light/dark theme), collecting traffic statistics.
- Cookies are categorized as: necessary (for the Application to function), functional (preferences), analytics, marketing (if used).
- The User can manage cookies in browser settings. Disabling necessary cookies may prevent use of the Application.
§ 9. User Content and AI models
- User Content (knowledge base, topics, samples) is sent to AI model providers solely for generating a response.
- The Controller works with AI providers who contractually undertake not to use API-submitted data for training their own models (zero-data-retention or no-train clauses).
- The list of currently used providers and their privacy policies is available on request.
§ 10. Automated decision-making
The Controller does not make decisions about Users based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect them.
§ 11. Security
- The Controller applies technical and organizational measures appropriate to the risk, including: connection encryption (TLS), encryption of data at rest, role-based access control, regular backups, and security monitoring.
- User passwords are stored as hashes (adaptive algorithms, e.g. bcrypt/argon2).
§ 12. Changes to the Privacy Policy
- The Controller may update the Privacy Policy in case of changes in law, Application features, or processing operations.
- Changes are announced in the Application and sent to Users by email, with at least 14 days' notice before material changes take effect.
§ 13. Contact
For matters related to personal data protection:
- Email: support@getmepost.com
This Privacy Policy is effective as of the date indicated in the header.