Privacy Policy
How Pub Studio handles your data, what we collect, why we collect it, and the rights you have under the GDPR.
Last updated:
This Privacy Policy explains how Pub Studio (operated by [TODO: legal entity name], [TODO: registered address]) collects, uses, and shares information when you use our website and the Pub Studio service. We follow the EU General Data Protection Regulation (GDPR).
If anything below is unclear, write to us at [TODO: privacy contact email] and we'll explain it in plain language.
Who is responsible for your data
The data controller within the meaning of GDPR Art. 4(7) is:
[TODO: legal entity name] [TODO: postal address] [TODO: country] Email: [TODO: privacy contact email]
For questions specifically about data protection, you can reach our contact at [TODO: privacy contact email].
What we collect
We only collect data we actually need to run the service.
Account data. When you sign up we store your email address and (if you sign in via Google) the basic profile information Google sends us — name, email, profile picture URL. We use Better Auth to manage sessions; Better Auth keeps a row in our database recording when you signed in and from which device.
Organization data. Pub Studio is built around organizations (teams). When you create or join a team we store the team name, your role, and which other members belong to it.
Connected social accounts. When you connect a Bluesky, X, LinkedIn, Threads, Instagram, Facebook, YouTube, TikTok, or Pinterest account, we store the OAuth tokens, account ID, handle, and display name needed to publish on your behalf. Tokens are encrypted at rest. We never read messages, DMs, or content you didn't ask us to schedule or publish.
Content you create. Posts, drafts, scheduled jobs, uploaded media, and any AI prompts you send through Pub Studio. Media files are stored in our object storage (see "Sub-processors").
Billing data. If you're on a paid plan, our payment provider Polar processes your payment details. We receive a customer ID and subscription status — we never see your full card number.
Telemetry and product analytics. We use PostHog to understand which features get used and to find bugs. PostHog records page views, button clicks, and similar events with a pseudonymous user ID. You can opt out at any time (see "Your rights").
Server logs. Our servers log requests (IP address, user agent, URL, timestamp, response code) for security and debugging. Logs are kept for [TODO: retention window, e.g. 30 days] and then deleted.
Why we process your data (legal bases)
| Purpose | Legal basis |
|---|---|
| Operating the service you signed up for | Contract (GDPR Art. 6(1)(b)) |
| Logging in, session management | Contract (Art. 6(1)(b)) |
| Publishing posts to connected platforms | Contract (Art. 6(1)(b)) |
| Billing and invoicing | Contract & legal obligation (Art. 6(1)(b), (c)) |
| Server logs, abuse prevention, security | Legitimate interest (Art. 6(1)(f)) |
| Product analytics (PostHog) | Legitimate interest (Art. 6(1)(f)); you can opt out |
| Transactional email (e.g. login codes) | Contract (Art. 6(1)(b)) |
| Marketing email (only if you opt in) | Consent (Art. 6(1)(a)) |
Sub-processors
We use a small number of carefully chosen providers to run the service. They process data on our behalf under data processing agreements.
| Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Application hosting, PostgreSQL database, S3-compatible object storage | Germany / Finland (EU) |
| PostHog | Product analytics | [TODO: confirm region — EU or US] |
| Polar | Subscription billing & payments | United States |
| [TODO: email delivery provider, e.g. Resend / Postmark] | Transactional email | [TODO: provider region] |
| Google Ireland Ltd. | Google Sign-In (only if you choose to use it) | EU / United States |
The third-party social platforms you connect (Bluesky, X, Meta, LinkedIn, Google/YouTube, TikTok, Pinterest) receive whatever you ask Pub Studio to publish, on the basis of their own terms. We are not their data controller.
How long we keep your data
- Account & organization data: for as long as your account exists, plus [TODO: e.g. 30 days] after account deletion to allow recovery.
- Connected social account tokens: until you disconnect the account or delete your account.
- Content (posts, drafts, media): until you delete it, or [TODO: e.g. 30 days] after account deletion.
- Billing records: kept for the period required by tax law in [TODO: jurisdiction], typically up to 10 years.
- Server logs: [TODO: retention window].
- Product analytics: [TODO: PostHog retention setting, e.g. 12 months] from the event date.
International data transfers
Our primary infrastructure (database, storage, application servers) runs inside the EU on Hetzner. Some sub-processors (PostHog, Polar, Google) may process data in the United States. Where that's the case, transfers rely on the EU Standard Contractual Clauses and the relevant provider's supplementary safeguards.
Cookies and local storage
We keep cookie use minimal:
- A session cookie (set by Better Auth) so you stay signed in. Strictly necessary; no consent required.
- A locale cookie remembering whether you chose English or German.
- PostHog uses a first-party cookie / local-storage entry for analytics. You can disable analytics in [TODO: account settings path] or by blocking it in your browser.
We do not run third-party advertising or tracking cookies.
Your rights under the GDPR
You have the right to:
- Access the personal data we hold about you (Art. 15).
- Correct data that's wrong or incomplete (Art. 16).
- Delete your data (Art. 17). The fastest way is to delete your account from settings; for partial deletion, write to us.
- Restrict or object to processing (Art. 18, Art. 21), in particular for analytics.
- Receive your data in a portable format (Art. 20).
- Withdraw any consent you previously gave, at any time, without affecting the lawfulness of prior processing.
To exercise any of these, email [TODO: privacy contact email]. We respond within one month.
You also have the right to lodge a complaint with a supervisory authority. In Germany, that's the data protection authority of the state where you live; you can also contact [TODO: lead supervisory authority for our establishment].
Security
We take technical and organisational measures appropriate to the risk: TLS for all traffic, encryption of OAuth tokens at rest, principle of least privilege, regular dependency updates, and access logging. No system is 100% secure, but we treat security as part of the product.
Children
Pub Studio is not intended for people under 16. If we learn that we've collected data from someone under 16 without parental consent, we delete it.
Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top tells you when. Material changes will be announced in-app or via email before they take effect.
Contact
[TODO: legal entity name] [TODO: postal address] Email: [TODO: privacy contact email]