This Privacy Policy explains how bbttagroup handles personal data in connection with bbttagroup Postiz, the self-hosted Postiz instance at https://postiz.bbttagroup.com, and the public website at https://oz.bbttagroup.com.
1. Controller
The controller for this policy is bbttagroup, Civic association (občianske združenie), company ID 55090141, with registered seat at Kláštorská 338/32, 949 01 Nitra-Zobor, Slovak Republic. You can contact us at [email protected].
The self-hosted service uses open-source Postiz software. Postiz, Gitroom Limited, Gitroom LLC and TikTok do not operate this instance and are not the controller for data processed by this instance.
2. What This Policy Covers
This policy covers data processed through the public bbttagroup website and the self-hosted Postiz service. It does not cover third-party websites, social media platforms, the bbttagroup e-shop, or services operated by other legal entities. When you connect or publish to a third-party platform, that platform's own privacy policy also applies.
3. Data We Collect
Depending on how you use the service, we may process:
- account details such as name, email address, password hash, workspace, role and settings;
- authentication data such as session cookies, OAuth tokens, token expiry dates, scopes and connected account identifiers;
- content data such as captions, images, videos, links, media files, prompts, schedules, drafts and publishing metadata;
- platform data returned by connected services, such as profile names, account IDs, publishing status, post IDs, thumbnails, comments or analytics where an enabled scope allows it;
- technical and security data such as IP address, browser, device type, log entries, audit events and error reports;
- communications you send to us, including support requests and rights requests.
The public website uses privacy-friendly, cookieless analytics where enabled. We do not use website analytics to identify individual visitors.
4. How We Use Data
We use personal data to:
- create and manage authorized accounts and workspaces;
- authenticate users and protect the service from abuse, fraud and unauthorized access;
- store drafts, schedules and media selected by authorized users;
- publish content to connected platforms when requested by an authorized user;
- receive publishing status, account metadata and analytics from connected platforms where enabled;
- maintain, troubleshoot and improve the reliability of the website and service;
- respond to support, security, privacy and legal requests;
- comply with law and enforce our Terms of Service.
We do not sell personal data. We do not use scheduled posts, connected-platform content or private workspace data for third-party advertising.
5. Legal Bases
Where EU or Slovak data protection law applies, we process data based on one or more of the following legal bases: performance of a contract or similar arrangement with authorized users; our legitimate interests in operating and securing the service; compliance with legal obligations; and consent where required, such as for optional communications or optional platform permissions.
6. TikTok and Other Connected Platforms
If you connect a TikTok account, the service may receive and store the account identifiers, authorization scopes, OAuth tokens and metadata needed to provide the integration. When you publish or schedule TikTok content, we send the selected media, captions, settings and related metadata to TikTok as instructed by the authorized user.
TikTok's own processing is governed by TikTok's Privacy Policy and other TikTok terms. You can disconnect TikTok in the service, revoke access through TikTok's app permissions settings, or contact us to request deletion of stored TikTok integration data.
7. AI-Assisted Features
If AI-assisted features are enabled, prompts and selected inputs may be sent to the configured model provider to generate captions, hashtags, summaries or other outputs. Do not include confidential information or sensitive personal data in prompts unless you are authorized to do so and the provider is approved for that data.
8. Who We Share Data With
We share data only as needed to operate the website and service:
- hosting, database, storage, email, security, analytics and error-monitoring providers;
- connected third-party platforms selected by authorized users, including TikTok when TikTok publishing is used;
- other members of the same workspace according to their assigned permissions;
- professional advisers such as legal, accounting or insurance advisers under confidentiality duties;
- public authorities when disclosure is required by law or needed to protect rights, safety or security.
We require service providers to process data only for agreed purposes and to protect it with appropriate security measures.
9. International Transfers
We operate from Slovakia and may use service providers in the European Economic Area and in other countries. When personal data is transferred outside the EEA, we use appropriate safeguards where required, such as contractual protections and technical security measures.
10. Retention
We keep data only as long as needed for the purposes described in this policy:
- account data is kept while the account is active and then deleted or anonymized after closure unless retention is required;
- scheduled content is kept until it is published, deleted or no longer needed for service operation;
- published post records and analytics may be kept while the workspace remains active;
- OAuth tokens are kept while the platform connection is active and are deleted or invalidated after disconnection where technically possible;
- security and operational logs are usually kept for up to 12 months;
- backups are overwritten on their normal cycle, usually within 30 to 90 days;
- records needed for legal, security or dispute-resolution reasons may be kept longer.
11. Security
We use reasonable administrative and technical safeguards to protect personal data, including HTTPS, restricted administrator access, role-based permissions, software updates, backups and monitoring. No online service can be guaranteed to be completely secure.
12. Your Rights
Depending on where you live, you may have rights to access, correct, delete, restrict or object to processing of your personal data, receive a copy of your data, withdraw consent where processing is based on consent, and lodge a complaint with a data protection authority.
To exercise your rights, request deletion of integration data, or ask privacy questions, contact [email protected]. We may need to verify your identity before acting on a request.
13. Children
The service is intended for organizational and professional use by authorized users. It is not directed to children, and we do not knowingly collect personal data from children under 18. If you believe a child provided personal data to us, contact us so we can delete it.
14. Cookies and Local Storage
The public website does not use tracking cookies. The Postiz service may use essential cookies or local storage for login sessions, security and preferences. These are necessary for the service to work and are not used for behavioral advertising.
15. Third-Party Sites
The website and service link to third-party services and social media platforms. Their privacy practices are governed by their own policies. Review the policies of any platform you connect before authorizing access or publishing content.
16. Changes to This Policy
We may update this policy when our service, providers, legal requirements or platform integrations change. The updated date at the top of this page shows when the policy last changed.
17. Contact
For privacy requests, questions or complaints, email [email protected] or write to bbttagroup, Kláštorská 338/32, 949 01 Nitra-Zobor, Slovak Republic.