Privacy Policy
Last updated: 10 July 2026
Audrey Janse van Rensburg trading as PostPilot ("PostPilot", "we", "us") operates postpilot.app. This policy explains what personal information we collect, why, and your rights over it.
What we collect
- Account information: name, email address and password (stored by our authentication provider, Supabase) when you register.
- Lead data you collect: if you use our lead capture tools, the names, emails and phone numbers your audience submits are stored on your behalf. You are the controller of this data; we process it for you.
- Usage data: pages visited, features used, device and browser type, collected to improve the product.
- Payment data: processed entirely by our payment provider, Paddle. We never see or store card numbers or bank details.
Why we collect it (lawful bases)
- To provide the service you signed up for (contract).
- To send service emails such as receipts and important updates (contract / legitimate interest).
- To send marketing emails only where you have opted in (consent). Every email includes an unsubscribe link.
- To keep the service secure and improve it (legitimate interest).
Who we share it with
We share data only with the service providers needed to run PostPilot: hosting (Vercel), database (Supabase), AI processing (Anthropic), payments (Paddle), and email. Each is bound by a data processing agreement. We never sell personal data.
International transfers
Our providers may process data outside your country. Where required, transfers rely on standard contractual clauses or equivalent safeguards.
How long we keep it
Account data for as long as your account is active, then deleted within 30 days of account deletion. Lead data is retained until you delete it or close your account.
Your rights
Depending on where you live (including under GDPR, UK GDPR, POPIA and CCPA), you may have the right to access, correct, delete, or export your personal data, to object to or restrict processing, and to withdraw consent at any time. To exercise any right, email privacy@postpilot.app. You may also complain to your local data protection authority. In South Africa, this is the Information Regulator.
Children
PostPilot is for business use and not directed at anyone under 18. We do not knowingly collect data from children.
Security
We use encryption in transit (HTTPS) and at rest, access controls, and reputable infrastructure providers. No system is perfectly secure; if a breach affecting your data occurs, we will notify you and the relevant authorities as required by law.
Changes
We will post any changes here and, for material changes, notify you by email.
Contact
Audrey Janse van Rensburg trading as PostPilot, Kempton Park, Gauteng, South Africa Email: privacy@postpilot.app Information Officer (POPIA): Audrey Janse van Rensburg