Skip to main content

Privacy Policy

Last updated: January 21, 2026

1. Data Sovereignty & Collection

We operate on a principle of data minimization and sovereignty. Information collected is strictly limited to what is necessary for service provision:

  • Account Identifiers: Name, email, and authentication tokens.
  • Billing Data: Processed securely via Stripe (we do not store full card details).
  • Platform Usage Profiles: Telemetry regarding API usage, storage quotas, and feature interaction.
  • Content Metadata: Structural data required for SEO generation and content delivery.

2. Usage of Information

Data is utilized exclusively for:

  • Provisioning cloud infrastructure and CDN resources
  • Executing AI models for SEO and content optimization
  • Transactional communications (invoices, system alerts)
  • Fraud detection and abuse prevention

3. Data Retention & Deletion

Active Accounts: Data is retained indefinitely while the subscription is active to ensure service continuity.

Cancelled Accounts: Upon account cancellation, data is held in a "soft delete" state for 30 days to allow for recovery or export. After this period, all data is permanently cryptographically erased from our primary and backup systems.

4. Third-Party Subprocessors

We partner with industry-leading infrastructure providers. All subprocessors are vetted for SOC2 and GDPR compliance:

  • Vercel / AWS: Cloud hosting and Edge Network
  • Stripe: Payment processing
  • OpenAI / Anthropic: AI model inference (Data processing only, no training on user data)
  • Google Cloud: Analytics infrastructure

5. International Data Transfers

As a global CDNs provider, content may be cached in edge locations worldwide to ensure low-latency delivery. Personal data related to account management is processed primarily in the United States and EU, protected by Standard Contractual Clauses (SCCs).

6. User Rights (GDPR & CCPA)

  • Right to Erasure: "Right to be Forgotten" requests can be initiated via the dashboard.
  • Data Portability: You may export your content in standard formats (JSON/Markdown) at any time.
  • Access & Rectification: Full control over profile data is provided via account settings.

7. Cookie Policy

We use only essential cookies required for authentication and security (CSRF protection). We do not deploy third-party advertising tracking cookies on the dashboard. User-deployed blogs may include their own tracking configurations, for which the User is the data controller.

8. Contact Information

Data Protection Officer (DPO) inquiries: privacy@postlyo.com.