Privacy Policy

Last updated on May 1, 2026

Overview

This Privacy Policy explains how Postana (the “Service”) collects, uses, discloses, and protects information when you visit postana.app or use our products and services. Postana is operated by Starterlyst Labs LLC (“we”, “us”, or “our”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Information we collect

Information you provide

  • Account information, such as your name, email address, authentication information, and any profile details you choose to provide.
  • Workspace and brand details, such as brand names, descriptions, voice/tone preferences, and content planning inputs.
  • Content and files you upload, draft, or generate while using the Service (for example: captions, scripts, carousel copy, images, and related assets).
  • Support communications, such as messages you send to support or feedback you provide.

Information collected automatically

  • Usage data, such as pages viewed, actions taken, feature usage, and approximate location derived from IP address.
  • Device and log data, such as browser type, device identifiers, and diagnostic information.
  • Cookies and similar technologies used to keep you signed in, secure the Service, and understand how the Service is used.

Note: If you include personal data in prompts, uploads, or content, you represent that you have the right to provide it. Please avoid submitting sensitive information unless it is necessary for your intended use.

How we use information

We use information to:

  • Provide, operate, and maintain the Service.
  • Authenticate users and secure accounts.
  • Generate, personalize, and improve content planning and creation features.
  • Analyze usage to improve performance, reliability, and user experience.
  • Communicate with you about updates, security notices, and support requests.
  • Detect, prevent, and respond to fraud, abuse, and technical issues.
  • Comply with legal obligations and enforce our terms.

How we share information

We may share information in the following circumstances:

  • Service providers that help us run the Service (for example: hosting, databases, authentication, analytics, and AI infrastructure).
  • Legal and safety reasons, such as to comply with law, respond to lawful requests, or protect our rights and users.
  • Business transfers, such as a merger, acquisition, or sale of assets, in which case your information may be transferred as part of that transaction.

We do not sell personal information in the conventional sense. We also do not share personal information for cross-context behavioral advertising as defined by certain state privacy laws.

Third-party services

We use third-party service providers to help deliver and improve the Service. Depending on how you use Postana, these providers may process certain information on our behalf, such as:

  • Authentication and databases (for example, Supabase).
  • Product analytics and error monitoring (for example, PostHog).
  • AI infrastructure and model providers (for example, via an AI gateway).
  • Hosting, storage, and content delivery.
  • Design tools you choose to connect, such as Canva via the Canva Connect API. See the Canva integration section below for details.

We require service providers to use information only for the purposes of providing services to us and to protect it in a manner consistent with this Privacy Policy.

Canva integration

Postana offers an optional integration with Canva that lets you open a Postana post image inside Canva, edit it, and bring the edited version back into Postana. The integration uses the Canva Connect API and only activates when you choose to connect your Canva account.

What we collect from Canva

  • OAuth tokens (access token and refresh token) issued by Canva when you authorize Postana, used to make API calls on your behalf.
  • Design metadata, such as the Canva design ID and edit URL for designs you create through Postana, so we can sync edits back to the right post.
  • Exported design files (e.g. JPEG exports of your edited design) that we re-upload into Postana storage to replace the post image.

What we send to Canva

  • The post image you choose to edit, uploaded into your Canva account as an asset so it can seed a new design.
  • A short, opaque correlation token so Canva can tell us which design you came from when you click “Return to Postana” in the editor.

How we use this information

Canva integration data is used solely to operate the “Edit in Canva” round-trip on content you initiate. We do not use Canva data to train models, profile users, or share with third parties for advertising. Tokens are stored in our database (Supabase) and exported design files are stored in our object storage bucket, associated with your Postana account.

Scopes we request

Postana requests the minimum Canva scopes needed for the round-trip: asset:read, asset:write, design:meta:read, design:content:read, and design:content:write. Canva displays these scopes on the consent screen before you authorize.

Disconnecting and deletion

You can disconnect Canva from Postana at any time from your Postana settings, which deletes your stored OAuth tokens and stops further API calls. You can also revoke Postana from your Canva connected-accounts page. When you delete your Postana account, associated Canva tokens and design records are deleted along with the rest of your account data.

Your use of Canva is also subject to Canva's Privacy Policy and Terms of Use.

AI features

Postana includes AI-assisted features to help you brainstorm, draft, and generate content. To provide these features, we may send prompts and related context (such as your brand preferences, content topics, and instructions) to AI service providers. AI outputs may be inaccurate or incomplete; you are responsible for reviewing and using outputs in a manner that complies with applicable laws and platform policies.

Cookies & analytics

We use cookies and similar technologies to provide essential functionality (like keeping you signed in) and to understand how the Service is used. We also use analytics tools to measure performance and improve the product.

Analytics tools may collect information such as pages visited, clicks, and device details. We use this information in aggregate to understand product usage and to improve reliability and usability.

You can control cookies through your browser settings. If you disable cookies, some features of the Service may not function properly.

Security

We implement reasonable technical and organizational measures designed to protect your information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data retention

We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the type of information and why we collected it.

You may request deletion of your account and associated information by contacting us at [email protected].

International transfers

Postana may be accessed from around the world. If you use the Service, you understand that your information may be processed and stored in countries where we or our service providers operate, including the United States, and those countries may have different data protection laws than your jurisdiction.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. To request these actions, contact us at [email protected].

You can also access and update certain information within your account settings.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can take appropriate steps.

Changes

We may update this Privacy Policy from time to time. If we make changes, we will update the “Last updated” date and, when appropriate, provide additional notice.

Contact

If you have questions about this Privacy Policy or our privacy practices, contact us at [email protected] or by mail:

Starterlyst Labs LLC
131 Continental Dr
Suite 305
Newark, DE 19713
United States