Legal
Privacy Policy
Last updated: 19 June 2026
Who we are
Postynd is operated by Code Melodies Ltd, a company registered in England and Wales. Our registered address is available on request at hello@postynd.com. We are the data controller for all personal data processed through postynd.com.
We take UK GDPR seriously and have designed the service around minimal data collection. We only hold what we actually need to run Postynd, and we do not sell or rent your data to anyone.
What we collect and why
Account information
When you register, we collect your name and email address. We use these to identify your account, send you service notifications, and allow you to log in. Your password is hashed — we do not store it in readable form.
Site connection data
To publish to your WordPress site, we store your site URL and API credentials. These are encrypted at rest. We access them only when sending content to your site on your instruction.
Business knowledge data
When you connect a site, we scan it to extract information about your services, location, and industry. This forms your knowledge base inside Postynd and is used to generate content. You can delete this at any time from your dashboard.
Reference photos
If you upload reference photos (available on the Pro plan), these are stored on our servers and used to generate reel images in your visual style. You own these images and can delete them at any time.
Generated content
Articles, reel scripts, images, and videos generated by Postynd are stored so you can view, edit, approve, or delete them in your dashboard. Content you publish to your own site is under your ownership and responsibility.
Google Search Console
If you connect Google Search Console, we receive read-only access to your search performance data (impressions, clicks, average position). We use this to suggest better topics. We do not share it, and you can disconnect at any time.
Usage and analytics
We log which features you use, which articles are published, and how the service performs. This helps us improve Postynd. We use Google Analytics 4 on our marketing pages with anonymised IP addresses.
Payment data
Payments are handled by Stripe. We never see or store your card details — Stripe processes them directly and holds your billing information under their own privacy policy and PCI-DSS compliance.
Legal basis for processing
Under UK GDPR, we process your data on the following bases:
- Contract — processing your account data and site credentials to deliver the service you signed up for.
- Legitimate interest — usage analytics and service improvement, where this does not override your rights.
- Consent — marketing emails, if you opt in. You can withdraw consent at any time.
- Legal obligation — retaining records required by UK law (e.g. financial records for HMRC purposes).
Third-party processors
We share data with the following processors to operate the service. All are subject to data processing agreements.
| Processor | Purpose | Location |
|---|---|---|
| Google (Gemini API) | AI content generation | USA (SCCs applied) |
| Google Analytics | Website analytics | USA (SCCs applied) |
| Stripe | Payment processing | USA/EU (SCCs applied) |
| RunPod | Reel image generation | USA (SCCs applied) |
| OVH / Hosting provider | Infrastructure and storage | EU |
| Redis / PostgreSQL | Data storage and queues | EU (same server) |
SCCs = Standard Contractual Clauses. Where data is transferred outside the UK, we rely on SCCs or adequacy decisions as the transfer mechanism.
How long we keep your data
We keep your account data for as long as you have an active account. If you cancel and delete your account, we delete your personal data within 30 days — except where we are legally required to retain records (for example, financial records for 6 years under UK law).
Generated content and knowledge base data are deleted immediately on account deletion. Backups are purged within 90 days.
Your rights under UK GDPR
As a UK data subject, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (subject to legal retention obligations).
- Restriction — ask us to pause processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, email hello@postynd.com. We will respond within one calendar month. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Cookies
We use a small number of cookies that are strictly necessary to keep you logged in and maintain your session. We do not use advertising cookies or tracking pixels. Google Analytics uses a first-party cookie (_ga) to distinguish unique visitors — this can be blocked via your browser settings without affecting the Postynd service.
Security
We use encrypted connections (TLS) for all data in transit. Sensitive credentials are encrypted at rest. Access to production data is restricted to authorised personnel only. We do not store payment card data.
If you suspect unauthorised access to your account, email us immediately at hello@postynd.com.
Changes to this policy
If we make material changes to how we handle personal data, we will email registered users and update the date at the top of this page. Continued use of Postynd after a change constitutes acceptance of the updated policy.
Contact
For privacy questions or to exercise your rights, contact us at: