Privacy Policy

Effective date: March 31, 2026
Last updated: March 31, 2026
Operated at: https://postiz.bluelime.cloud
Contact: [email protected]

1. Introduction and Scope

This Privacy Policy explains how postiz.bluelime.cloud (“the Service”, “we”, “us”, or “our”) collects, processes, stores, and protects personal information in connection with your use of this Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and that you consent to the data practices described herein. If you do not agree with this Privacy Policy, please discontinue use of the Service immediately.

The Service is operated as a private, self-hosted deployment of the open-source Postiz software for strictly personal, non-commercial, and hobby purposes. It is not intended for public registration, broad third-party access, or commercial use of any kind. Access to this instance is limited to the individual administrator who deploys, maintains, and operates it.

2. Nature and Purpose of the Service

postiz.bluelime.cloud is a self-hosted social media scheduling and management tool deployed on privately managed server infrastructure. The purpose of this deployment is personal content management and the exploration of open-source software as a hobby activity — not the provision of a commercial or publicly accessible service. No subscription fees are charged, no advertisements are served within the application, and no user data is monetized, licensed, or sold in any form whatsoever.

Because this is a personal hobby project operated by a single private individual, only the administrator of this instance interacts with the Service on a regular basis. Any additional authorized users who may be granted access are known personally to the administrator and have been explicitly invited. This Service does not accept open public registrations.

3. Information We Collect

Depending on how you interact with the Service, the following categories of personal data may be collected and stored within the application’s database, which resides on the administrator’s private server:

• Account credentials: Your email address and a securely hashed version of your password are stored for the purpose of authentication and session management within the application. Passwords are never stored in plain text.
• OAuth access tokens: When you connect a third-party social media account (such as TikTok, Instagram, LinkedIn, Twitter/X, Facebook, or YouTube), the respective platform issues OAuth access tokens and, where applicable, refresh tokens. These are stored on the server to allow the Service to act on your behalf. These tokens are scoped and limited strictly to the permissions you explicitly grant when authorizing the connection.
• Scheduled and published content: Posts, captions, media files, links, and scheduling metadata that you create, draft, or queue within the application are stored to enable the scheduling and publishing functionality.
• Technical log data: IP addresses, browser user-agent strings, operating system identifiers, HTTP request paths, and timestamps may be recorded automatically in standard server-side access logs and error logs for the purpose of security monitoring, abuse prevention, and technical diagnostics. These logs are not used for behavioral profiling, advertising, or tracking.
• Session cookies: Strictly necessary HTTP session cookies are used to maintain your authenticated session state within the application. No persistent tracking cookies or cross-site identifiers are used.

We do not collect payment information, precise geolocation data, biometric data, government identifiers, or any other special categories of sensitive personal data. Data collection is limited strictly to what is technically necessary to operate the functionality of the Service.

4. Legal Basis for Processing

The processing of personal data carried out by this Service is based on the following legal grounds where applicable: (a) Performance of a service and execution of a task requested by the user — processing is necessary to deliver the core functionality of the application, including user authentication, content scheduling, and third-party API integrations that you have initiated; (b) Legitimate interests of the operator — server logging, security monitoring, and access controls represent a legitimate interest in protecting the integrity and security of the Service and its infrastructure; and (c) Explicit consent — when you connect a third-party social media platform to the Service, you provide explicit informed consent for the Service to access and interact with that platform’s API on your behalf, within the scope of permissions you authorize.

5. How We Use Your Information

All information collected by this Service is used solely and exclusively to operate the Service for the specific purposes for which it was gathered. No data collected through this Service is used for any commercial, marketing, advertising, or analytical purpose unrelated to the direct operation of the application. Specifically, your data is used to:

• Authenticate your identity and maintain your logged-in session securely across visits to the application.
• Publish and schedule social media content to the third-party platform accounts you have connected, strictly as instructed by you through the application interface.
• Store your drafts, scheduled posts, media files, and connected account configurations so that the application functions correctly and persistently across sessions.
• Refresh OAuth tokens issued by connected platforms as necessary to maintain uninterrupted publishing functionality.
• Generate server logs for the purpose of diagnosing technical issues, detecting unauthorized access attempts, and maintaining the operational security and integrity of the server infrastructure.

6. Third-Party API Integrations

The Service integrates with social media platforms — including but not limited to TikTok, Instagram, LinkedIn, Twitter/X, Facebook, and YouTube — through their official, publicly available developer APIs. When you authorize a connection to such a platform, data flows between the Service and that platform as required to fulfill your scheduling and publishing instructions. This may include transmitting content (text, images, video), retrieving account identifiers and profile metadata, validating permissions, and refreshing authorization tokens.

Each connected platform processes any data transmitted to it in accordance with its own Privacy Policy, Terms of Service, and developer platform policies, which you should review independently before connecting your accounts. We have no control over and accept no responsibility for the data handling practices of third-party platforms once data leaves this Service and is transmitted to them over their respective APIs.

We do not share, sell, license, rent, disclose, or otherwise transfer your personal data to any other third party beyond what is strictly necessary to operate the specific API integrations that you have individually authorized and initiated.

7. Data Storage, Security, and Retention

All personal data collected through the Service is stored on a privately managed server under the exclusive administrative control of the operator. Reasonable and appropriate technical security measures are implemented, including encrypted HTTPS/TLS connections for all data in transit, secure password hashing algorithms, restricted server access controls, and firewall protections. While we take security seriously and make every reasonable effort to protect your data, no system can guarantee absolute security, and we cannot warrant immunity from all possible security risks.

Data is retained for as long as the Service is actively operated, or until a user requests deletion of their account and associated data. Server access logs and error logs are retained for a limited operational period consistent with standard security and diagnostic practices — typically no longer than 90 days — after which they are purged. OAuth tokens for connected social media accounts are retained only for as long as the respective account remains actively connected within the application. Revoking a platform connection within the application, or revoking access directly through the third-party platform’s own account settings, will result in the deletion of the associated tokens from our system.

8. International Data Transfers

The server infrastructure supporting this Service may be physically located in data centers situated outside your country of residence. By using the Service, you acknowledge and accept that your personal data may be transferred to, stored in, and processed in countries whose data protection legislation may differ from the laws applicable in your jurisdiction. We take reasonable steps to ensure that any such international data transfers are conducted in a manner that respects the rights of data subjects and complies with applicable legal requirements.

9. Cookies and Tracking Technologies

The Service uses only strictly necessary HTTP session cookies required to authenticate and maintain your logged-in state within the application. These cookies are essential for the functioning of the Service and do not contain personally identifiable information beyond a randomly generated session identifier. No third-party tracking scripts, advertising tags, analytics pixels, behavioral profiling cookies, fingerprinting scripts, or any other non-essential tracking technologies are used on this Service. You may disable cookies in your browser settings, but doing so will prevent the application from functioning correctly, as session authentication will not be possible.

10. Your Rights as a Data Subject

Depending on the jurisdiction in which you reside, you may have certain legal rights with respect to your personal data that we process. These rights may include: the right to request access to a copy of the personal data we hold about you; the right to request correction or rectification of inaccurate or incomplete data; the right to request erasure of your personal data (“the right to be forgotten”), subject to applicable legal limitations; the right to withdraw consent for any processing that is based on consent, at any time and without detriment; the right to object to or request restriction of certain types of data processing; the right to lodge a complaint with a competent data protection supervisory authority in your country; and the right to data portability where technically feasible and legally applicable.

To exercise any of these rights, please submit your request by email to the contact address provided in Section 14 of this document. We will make every reasonable effort to respond to your request in a timely manner consistent with applicable law. Please note that, as a personal hobby project operated by a single private individual, requests will be handled by the administrator on a best-effort basis without the resources of a dedicated data protection team.

11. Children’s Privacy

This Service is not directed to, designed for, or intended to be used by individuals under the age of 13. We do not knowingly collect, solicit, or process personal data from children under the age of 13. If you have reason to believe that a child under 13 has provided personal information to this Service without appropriate parental or guardian consent, please contact us immediately at the email address provided below so that we may take appropriate steps to locate and delete such data.

12. Non-Commercial and Personal Use Declaration

For the avoidance of all doubt, this Service is operated entirely as a personal, non-commercial hobby project by a private individual. The administrator is a natural person operating this self-hosted application instance solely for personal content management purposes and for the enjoyment of working with open-source software. The Service is not offered to the general public as a product or commercial service; it generates no revenue; it is not supported by advertising income; it does not process the personal data of third parties for commercial gain; and it does not operate under any business or corporate entity. This declaration is made in the interest of transparency and is relevant for the purposes of compliance with applicable data protection regulations and with the developer platform policies of third-party API providers, including TikTok.

13. Changes to This Privacy Policy

We reserve the right to update, revise, or modify this Privacy Policy at any time, at our sole discretion. Any changes will be reflected on this page with a revised “Last updated” date prominently displayed at the top of the document. Your continued use of the Service following the posting of any changes to this Privacy Policy constitutes your acknowledgment of and acceptance of the modified terms. If material changes affecting your rights or the nature of our data processing are introduced, we will make reasonable efforts to notify any known authorized users of the Service.

14. Contact Information

If you have any questions, concerns, objections, or requests relating to this Privacy Policy or to the way in which this Service handles your personal data, please contact the operator directly at:

Email: [email protected]
Website: https://postiz.bluelime.cloud

We will do our best to respond to all legitimate privacy-related inquiries within a reasonable timeframe.