PosterApp Privacy Policy

Last updated: March 27, 2026

This Privacy Policy explains how PosterApp and its operator, AEA GmbH & Co. KG, access, use, store, and share personal data when you use PosterApp.

1. Scope and Visibility

This Privacy Policy applies to the PosterApp platform and is linked on the homepage and in the legal section of the app interface so users can easily access it before and after sign-in.

2. Updates to This Policy

We keep this policy current. If our data practices materially change, we update this page and revise the "Last updated" date. Where required, we provide notice in-product and/or by account communication.

3. Controller

AEA GmbH & Co. KG
Am Flugplatz 28
88483 Burgrieden
Germany

Phone: +49 7392 9378440
Fax: +49 251 38451247
Commercial Register: Amtsgericht Ulm, HRA 726335
VAT ID: DE327113973
WEEE Registration Number: DE 46974041

4. Description of the Service

The platform allows customers to schedule and publish content across social media platforms such as Facebook, Instagram, Pinterest, TikTok, Tumblr, and YouTube using official APIs.

5. Categories of Personal Data Processed

• Account data (name, email, company, billing data)
• Social media authentication data (OAuth tokens, API credentials, account identifiers)
• Usage and technical logs (IP, browser, device, timestamps)
• Uploaded content (images, videos, texts, posts)

6. Purposes of Processing

• Providing and operating PosterApp features
• Authenticating and connecting user-authorized social accounts
• Scheduling and publishing user-requested social media content
• Billing, support, service security, fraud prevention, and diagnostics
• Maintaining and improving reliability and performance

7. Legal Bases (GDPR)

• Art. 6(1)(b): performance of a contract
• Art. 6(1)(c): legal obligations
• Art. 6(1)(f): legitimate interests (security, abuse prevention, optimization)
• Art. 6(1)(a): consent where required

8. Google User Data (Google APIs / YouTube)

PosterApp uses Google OAuth and YouTube Data API scopes only after explicit user authorization. We process Google user data only to provide requested account connection and publishing functionality.

• Data accessed: YouTube channel identifiers/metadata, OAuth access and refresh tokens, upload status data
• Purpose: account connection, scheduling, publishing, and status tracking for user-authorized content
• Storage: access-controlled systems with secure transport (HTTPS)
• Sharing: only with Google APIs and trusted technical processors required to operate PosterApp; no sale of Google user data
• Retention: only for service operation and legal obligations, then deleted according to retention rules
• Restricted use: no advertising profiling, data brokerage, or unrelated secondary use

PosterApp's use of information received from Google APIs complies with the Google API Services User Data Policy, including Limited Use requirements.

9. Social Platform Integrations

Connected platforms process data under their own terms and privacy policies. PosterApp acts on user instructions using permissions granted through official OAuth flows.

10. Data Sharing

Data may be shared with hosting, infrastructure, payment, and technical service providers, and with social platforms connected by users. PosterApp does not sell personal data to third parties.

11. International Transfers

Where data is transferred outside the EEA, we apply appropriate safeguards, including Standard Contractual Clauses and other lawful transfer mechanisms.

12. Processor Role (Art. 28 GDPR)

Where customers process third-party data through PosterApp, AEA GmbH & Co. KG may act as a processor, while the customer remains the controller responsible for legal basis and compliance.

13. Data Retention and Deletion

Data is retained only as long as necessary for operation of the service and legal obligations (including tax, accounting, and dispute-resolution requirements). Users can disconnect linked social accounts; related tokens and associated connection data are then removed according to our retention procedures.

14. Data Subject Rights

Under GDPR, data subjects have rights to access, rectification, erasure, restriction, portability, and objection (Art. 15-21 GDPR).

15. Contact

For privacy requests or questions, please contact: alexander.krisling@varvara.de