Posty
Русский
Contents
updated June 7, 2026 · version 1.3

Privacy Policy

ⓘ Summary
Operator
Vladimir Pavlovich Petrov
INN (taxpayer ID)
504410954883 (self-employed, NPD taxpayer)
Contact
support@postyapp.ru
Storage
servers in Russia (Federal Law No. 152-FZ)
Personal-data operators register
registry entry number to be added after registration

Posty is a service for automating publications to social networks. By using the service, you agree to this personal data processing policy. Effective date: May 18, 2026.

1. What data we collect

When you register and use Posty, we collect:

  • Contact data: email, name, avatar (optional)
  • Authorization tokens of connected platforms. Posty currently has working integrations with Telegram (bot token and webhook secret for verifying incoming messages) and Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation. (username, password, and private-API session data). The list of integrated platforms is expanding — the current list is available on the /connections page in your account. Data is transferred to new platforms only after you explicitly connect them.
  • User content: text, images, video — temporarily (until publication completes) for automatic adaptation to each platform's format. Publication metadata (titles, descriptions, tags, links to published posts) is retained to display history and analytics.
  • Technical data: IP address, user-agent, session identifiers, and an action log (audit log) — for security and incident investigation.

We do not store the passwords of your accounts on third-party services in plain text. If a platform's private API (for example, Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation.) requires storing credentials for subsequent publications, they are stored exclusively in encrypted form (see Section 4).

2. Processing purposes

  • User authorization and identification
  • Publishing content to the social networks chosen by the user
  • Collecting and displaying publication analytics
  • Notifications about publication statuses
  • Service security (anti-fraud, rate-limiting, account-takeover prevention)

3. Legal basis

Processing is carried out on the basis of the user's consent (Federal Law No. 152-FZ, Art. 6(1)(1)) and performance of the offer agreement (Federal Law No. 152-FZ, Art. 6(1)(5)).

4. Storage and protection

All personal data of users who are citizens of the Russian Federation is stored on servers in the Russian Federation, in accordance with the requirements of Federal Law No. 152-FZ (Art. 18(5)).

  • Hosting: TimeWeb Cloud (Russia), without CDN proxying
  • Backups — also in Russia
  • Communication-channel protection: TLS (HTTPS), Let's Encrypt certificates with automatic renewal

Encryption of sensitive data. Authorization tokens of third-party platforms and private-API session data (for example, Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation.) are stored encrypted using the AES-128-CBC + HMAC-SHA256 algorithm (the Fernet standard of the cryptography library). Encryption keys are stored separately from the database in a protected server environment variable and are not accessible via the API.

5. Cross-border transfer of personal data

When using integrations with foreign platforms, part of your data is transferred to the servers of the respective services located outside Russia. Below is the full list and the purposes of transfer:

  • Google LLC (USA) — email address when signing in via Google. Purpose: identity verification during OAuth authorization. Transfer occurs when you use the “Sign in with Google” button.
  • Meta Platforms Inc. / Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation. (USA) — username, password (transmitted over a TLS channel, stored on our side in encrypted form), publication content (text, photos, video), and metadata. Purpose: publishing on your behalf to Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation.. Transfer occurs only if you have explicitly connected an Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation. account on the /connections page.
  • Telegram FZ-LLC (UAE) — bot token, publication content, channel identifiers. Purpose: publishing to Telegram channels and groups. Transfer occurs only if you have explicitly connected a Telegram bot.
  • DataImpulse (Lithuania) / iProxy.online (Kazakhstan) — HTTPS traffic to Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation., proxied through residential IP addresses. Purpose: the technical ability to connect to Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation., access to which is restricted in the territory of Russia. Traffic content is TLS-encrypted — the proxy provider sees only connection metadata (source IP, time, packet sizes), not the content itself.

By using the Posty service and connecting integrations with the platforms listed above, you consent to the cross-border transfer of personal data necessary for the service to function. The states in which these services are located are not on the list of countries that provide adequate protection of personal data (per the list approved by Roskomnadzor). The transfer is carried out solely for the purpose of performing the agreement with you (Federal Law No. 152-FZ, Art. 12(4)(1)) and is impossible without it for integrations with the respective platforms.

6. Transfer to third parties

The following platforms currently have working integrations in Posty and may receive your data:

Telegram
Telegram FZ-LLC, UAE
Instagram*Meta Platforms Inc. (including Instagram, Facebook, and Threads) is an organization whose activities are recognized as extremist and banned in the territory of the Russian Federation.
Meta Platforms Inc., USA

Transfer occurs only at the user's initiative — upon explicitly connecting an integration and clicking “Publish”.

Planned for connection:

VKontakte
VK Tech, Russia
Dzen
VK Tech, Russia
YouTube
Google LLC, USA
TikTok
TikTok Pte. Ltd., Singapore
Odnoklassniki
VK Tech, Russia
Rutube
RUTUBE, Russia

Connection of Odnoklassniki (VK Tech, Russia) is also planned. Data is not transferred to these services until you explicitly connect the corresponding integration after it appears in Posty.

We do not transfer data to any third parties other than those listed. To analyze site traffic we use Yandex.Metrica (Yandex LLC, Russia) — it collects anonymized behavioral data: pages viewed, referral sources, device type, and on-site actions (e.g. button clicks). This data does not allow identifying you personally.

Payments. When you purchase a paid plan, payment data is processed by YooKassa(YooMoney LLC, Russia) — card details are entered on YooKassa's side; we never receive or store them. To issue a receipt under the professional-income tax (NPD, Federal Law No. 422-FZ), payment details (amount, service name, and the e-mail for receipt delivery) are sent to the Russian Federal Tax Service's «Мой налог» (My Tax) service (lknpd.nalog.ru).

7. Use of the Google and YouTube APIs

Posty uses the official Google and YouTube APIs — for signing in with Google and (as the integration rolls out) for publishing videos to YouTube on your behalf. Within these integrations:

  • We request access only to the Google / YouTube account data necessary for the specific feature: your email address and basic profile at sign-in; your channel data, video upload, and statistics of the videos you have published — when YouTube publishing is connected.
  • The data received is used solely to provide Posty's features (authorization, publishing, statuses, and analytics) and is not shared with third parties beyond what is described in this policy.
  • Posty's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • By using YouTube-related features, you agree to the YouTube Terms of Service and acknowledge the Google Privacy Policy.
  • You can revoke Posty's access to your Google account at any time on the Google security settings page, as well as by disconnecting the integration on the /connections page in your account.

8. Use of data for AI-based features

Posty is developing artificial-intelligence features (for example, suggestions for publication text and recommendations on posting time). When such features become available, the following rules apply:

  • An AI feature processes the content and metadata you yourself submit for that feature — in order to generate suggestions and recommendations specifically for you.
  • We do not sell your personal data and do not transfer your private content to third-party AI providers for training their models without your separate consent.
  • To improve the quality of the service, we may use depersonalized and aggregated data that cannot identify you.
  • If an AI feature requires transferring data to an external provider (including outside Russia), we will disclose this in advance in the “Cross-border transfer” section and request the necessary consent.
  • Using AI features is voluntary — you may choose not to use them.

9. Retention period

  • Active data (profile, tokens, publication metadata) — while the account is active.
  • User content (uploaded files) — until publication completes, then deleted from temporary storage.
  • The action log (audit log) is stored indefinitely — for information-security purposes, incident investigation, and compliance with Federal Law No. 152-FZ. Upon a justified user request, their personal data in the log may be depersonalized.
  • After account deletion, the main data is deleted within 30 days (a grace period for accidental deletion). After that, the log is depersonalized.

10. User rights

Pursuant to Federal Law No. 152-FZ, Art. 14, you have the right to:

  • Obtain information about the processing of your data
  • Demand clarification, blocking, or deletion of your data
  • Withdraw your consent to processing
  • Appeal actions to Roskomnadzor and in court

Requests — to support@postyapp.ru with the subject “Privacy:”. Response — within 10 business days.

11. Cookies

We use only functional cookies necessary for the service to operate:

  • posty_session — session identifier (httpOnly, Secure, 30 days)
  • posty_csrf — CSRF-protection token (Secure)

Yandex.Metrica also sets analytics cookies (_ym_uid, _ym_d, _ym_isad, etc.) to measure traffic. There are no advertising cookies.

12. Policy changes

In case of material changes to the policy, we notify you by email and through the interface at least 14 days before they take effect. The current version is 1.3 (June 7, 2026); previous versions are 1.2 (June 7, 2026), 1.1 (May 18, 2026), 1.0 (May 9, 2026).

13. Contacts