Privacy Policy

Last updated: April 8, 2026

1. Data Controller

33coders Damian Krawcewicz
Zaruskiego 12B/12, 81-577 Gdynia, Poland
VAT: PL5862031923
Contact: privacy@postbear.app

2. What Data We Collect

PostBear processes the following data in connection with social media scheduling:

• Facebook Page ID and Instagram Business Account ID — to identify which accounts to publish to
• Access tokens — used transiently during API calls; never stored permanently
• Post content — captions, hashtags, and image files you provide for scheduling
• Scheduling metadata — dates, times, and platform targets for each post

3. How We Use Your Data

Data is used solely for the purpose of scheduling and publishing social media content to Facebook and Instagram on your behalf via the Meta Graph API. We do not use your data for advertising, profiling, or any other purpose.

4. Data Storage

• Scheduling manifests are stored locally on your machine as JSON files. They never leave your device except when you explicitly run the scheduling command.
• Images are temporarily uploaded to Cloudflare R2 (EU jurisdiction) so that the Meta API can ingest them. Images are deleted after successful scheduling.
• Access tokens are provided via environment variables and are never written to configuration files or persistent storage.

5. Third-Party Services

PostBear transmits data to the following third-party services as part of its core functionality:

• Meta Platforms, Inc. (Facebook/Instagram Graph API) — for publishing and scheduling content
• Cloudflare, Inc. (R2 object storage, EU jurisdiction) — for temporary image hosting during the scheduling process

No data is shared with any other third parties.

6. Data Retention

• Access tokens are used transiently and discarded at the end of each session.
• Images uploaded to R2 are removed after successful scheduling or during cleanup operations.
• Local manifest files persist on your device until you delete them.

7. Your Rights (GDPR)

As a data subject under the General Data Protection Regulation (GDPR), you have the right to:

• Access the personal data we process about you
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to processing
• Data portability
• Lodge a complaint with a supervisory authority (UODO in Poland)

To exercise these rights, contact us at privacy@postbear.app.

8. Legal Basis

We process your data based on your explicit consent when you configure and run the scheduling tool, and on legitimate interest for maintaining service reliability and security.

9. Children's Data

PostBear is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.

10. Security

We employ the following security measures:

• All API communication uses HTTPS/TLS encryption
• Access tokens are passed via environment variables, never stored in configuration files
• R2 storage uses EU jurisdiction with access-key authentication
• No server-side storage of credentials or user data

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of PostBear after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries:
privacy@postbear.app