Privacy Policy
Last updated: July 1, 2026
This Privacy Policy explains how Magnus Software ("Magnus Software", "we", "us", or "our") collects, uses, stores, and protects information in connection with Postist ("Postist", the "Service"), a multi-platform social media management application available at postist.co and app.postist.co.
By creating an account or using the Service, you agree to the practices described in this Privacy Policy.
1. Who We Are
The Service is operated by Magnus Software. For any privacy-related questions or requests, you can contact us at info@magnusyazilim.com.
For users in the European Union, Magnus Software acts as a data controller in respect of your account information and as a data processor in respect of content you publish to third-party social media platforms through the Service.
2. Information We Collect
a. Account information. When you register, we collect your email address and a securely hashed version of your password. We never store your password in plain text.
b. Connected social media accounts. When you connect a third-party platform (such as X, Facebook, Instagram, Threads, YouTube, or TikTok), we receive and store the OAuth access and refresh tokens issued by that platform, together with basic account identifiers (such as your platform user ID, username, and profile picture URL) needed to display and operate the connection. We do not receive or store your passwords for these third-party platforms.
c. Content you create. We store the posts, captions, scheduling details, and media metadata you create in order to publish or schedule them. Media files (images and video) are stored in object storage; the database holds only references and metadata, never the media files themselves.
d. Technical information. We collect limited technical data required to operate and secure the Service, such as request logs, timestamps, and error information.
3. How We Use Your Information
We use the information we collect to:
- provide, operate, and maintain the Service;
- authenticate you and secure your account;
- publish and schedule content to the third-party platforms you connect, on your instruction;
- refresh expired platform tokens so scheduled publishing continues to work;
- diagnose problems, prevent abuse, and improve the Service;
- comply with legal obligations.
We do not sell your personal data. We do not use your content or connected account data for advertising, and we do not share it with third parties except as described in this Policy.
4. Third-Party Platforms
The Service integrates with third-party social media platforms through their official APIs. When you connect an account and instruct us to publish, we transmit your content to that platform on your behalf. Your use of each platform is also governed by that platform's own terms and privacy policy, including Meta's Platform Terms and Developer Policies for Facebook, Instagram, and Threads.
Data obtained from Meta platforms is used solely to provide the publishing and account-management features you request, and is handled in accordance with Meta's Platform Terms and Developer Policies.
5. How We Store and Protect Your Data
We take the security of your data seriously:
- OAuth access and refresh tokens are encrypted at rest using authenticated symmetric encryption (Fernet) before being written to our database.
- Passwords are stored only as secure one-way hashes.
- All traffic between you and the Service is encrypted in transit using HTTPS/TLS.
- Access to production data is restricted to authorized personnel.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Data Retention
We retain your account information and connected-account data for as long as your account remains active. When you delete your account, or a connected platform, we delete the associated data as described in Section 8. Certain records may be retained where required for legal, accounting, or security purposes.
7. Your Rights
Depending on your location, you may have rights under the EU General Data Protection Regulation (GDPR) or the Turkish Personal Data Protection Law (KVKK — Law No. 6698), including the rights to:
- access the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data;
- object to or restrict certain processing;
- request a copy of your data in a portable format;
- withdraw consent at any time (for example, by disconnecting a platform).
To exercise any of these rights, contact us at info@magnusyazilim.com. We will respond within the timeframes required by applicable law.
8. Deleting Your Data
You can disconnect any connected social media account at any time from within the Service; doing so deletes the stored tokens for that account.
You may request deletion of your entire account and all associated personal data by emailing info@magnusyazilim.com from your registered email address, or by using the account-deletion option within the Service where available. Upon a valid request, we will delete your account information, connected-account tokens, and stored content, subject to any retention required by law.
Instructions for requesting data deletion are also available at postist.co/data-deletion.
9. International Transfers
The Service and its infrastructure may process and store data on servers located in the European Union. Where data is transferred across borders, we rely on appropriate safeguards as required by applicable law.
10. Children's Privacy
The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal data from them. If you believe a minor has provided us with personal data, contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, where appropriate, notify you through the Service.
12. Contact
Magnus Software
Email: info@magnusyazilim.com