← Back to Postiz

Privacy Policy

Effective date: 12 May 2026  |  Last updated: 15 May 2026

This Privacy Policy explains how Postiz ("the App"), accessible at https://postiz-coolify-oracle.13101993.xyz ("the Service", "we", "us"), collects, uses, stores, and protects your personal data when you create an account and connect social-media accounts — including TikTok — to schedule and publish content on your behalf.

By registering an account or connecting a social platform you confirm that you have read and understood this policy and give your free, informed, unambiguous consent to the processing described herein (GDPR Art. 6(1)(a)).

1. Data Controller

The data controller for personal data processed through Postiz (accessible at https://postiz-coolify-oracle.13101993.xyz) is the operator of this application. For all data-related enquiries please contact:

2. Data We Collect

2.1 Account data

2.2 TikTok data TikTok-specific

When you connect a TikTok account via OAuth 2.0 we receive and store the following data, as returned by the TikTok API:

Data fieldPurposeTikTok API scope
Open ID (persistent user identifier) Uniquely link your TikTok account to your Postiz account user.info.basic
Display name Show which TikTok account is connected in the UI user.info.basic
Avatar / profile picture URL Display your profile picture in the connected-accounts panel user.info.basic
Profile link (TikTok URL) Provide a direct link to your public profile in the UI user.info.profile
Bio / description Display account context to the authenticated owner user.info.profile
Follower count, following count, like count, video view count Show account statistics to the authenticated owner only user.info.stats
List of existing videos (title, cover, share URL, duration, view/like/comment counts) Display a video library so you can reference or repost existing content video.list
OAuth access token + refresh token Publish / schedule posts to TikTok on your behalf without requiring repeated logins video.upload / video.publish

TikTok data is retrieved only on your explicit instruction (connecting the account) and when necessary to fulfil the scheduling service. No TikTok data is read, processed, or stored beyond what is listed above.

2.3 Other social-platform data

For each other social platform you connect (Twitter/X, LinkedIn, Facebook, Instagram, YouTube, Pinterest, Reddit, Mastodon, Threads, Discord, Slack, TikTok) we store the equivalent: platform user ID, display name, avatar, and OAuth tokens. The same principles apply as described for TikTok above.

2.4 Content you create

2.5 Technical / log data

3. Legal Basis for Processing (GDPR)

Processing activityLegal basisGDPR article
Connecting a social account (OAuth) and retrieving profile / stats / video data Your explicit consent given at the OAuth authorisation screen Art. 6(1)(a)
Storing tokens & publishing posts on your behalf Performance of the contract (the scheduling service you signed up for) Art. 6(1)(b)
Server log / security monitoring Legitimate interests in securing the platform Art. 6(1)(f)
Sending transactional emails (password reset, notifications) Performance of contract Art. 6(1)(b)

4. Where Your Data Is Stored

All data is stored exclusively on the server hosting this Postiz instance:

Data does not leave the server except when publishing a post to the connected social-media platform (in which case the post content is transmitted to that platform's API), or when sending transactional emails via the configured email provider.

5. Data Retention

To disconnect a TikTok account (and delete all associated tokens and cached data), go to Settings → Connected Accounts and click Disconnect. Your data will be removed from our database immediately.

To delete your account entirely, contact us at admin@13101993.xyz. We will permanently delete all personal data associated with your account within 30 days of your request.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. Data is shared only in the following limited circumstances:

No other third parties receive your data.

7. Cookies & Session Storage

We use only strictly necessary cookies:

We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.

8. Security Measures

9. Your Rights as a Data Subject (GDPR)

If you are located in the European Economic Area (EEA) or the UK, you have the following rights:

To exercise any of the above rights, contact us at admin@13101993.xyz. We will respond within 30 days.

10. Children's Privacy

This Service is not directed at children under 13 (or 16 where applicable under local law). We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the email address on your account. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact & Data Requests

For all privacy-related enquiries, data access/deletion requests, or questions about this policy, please contact:

← Back to Postiz