Privacy Policy

Last updated: April 10, 2026

1. Introduction

PostQ, Inc. (“PostQ,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, APIs, and related services (collectively, the “Service”).

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google or GitHub OAuth, we receive your public profile information from those providers.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, scan targets, scan results, and timestamps. This data is used to improve the Service and provide support.

Scan Data

When you run scans, we process the targets you provide (URLs, repository names, cloud account identifiers). Scan results — including TLS certificate details, cryptographic algorithm findings, and risk scores — are stored within your organization’s workspace. We do not access or share scan results outside your organization.

Technical Data

We automatically collect device information, browser type, IP address, and operating system when you access the Service. This data is used for security, analytics, and troubleshooting.

3. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process and store scan results within your organization
  • Send transactional emails (account verification, password resets, scan notifications)
  • Improve the Service through aggregated, anonymized analytics
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • Service Providers: We use third-party infrastructure providers (hosting, databases, authentication) that process data on our behalf under strict contractual obligations.
  • Within Your Organization: Data is shared with members of your PostQ organization based on the roles and permissions you configure.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your account information for as long as your account is active. Scan results are retained within your organization’s workspace until you delete them or close your account. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

6. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3), encryption at rest (AES-256), and access controls. For details on our security practices, see our Security page.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You can manage most of these actions from your account settings. For requests we cannot fulfill through the UI, contact us.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are only used in aggregated form and can be disabled in your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, email us at info@postq.dev or contact us.