Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how AnkleBreaker Studio (“we”, “us”) collects, uses, stores, and shares information when you use our self-hosted social-media management application (the “Service”), which lets authorized team members schedule and publish content to connected social-media accounts.

The Service is operated by AnkleBreaker Studio for internal, authorized use. It is a self-hosted instance of Postiz running on our own infrastructure. We are the data controller for the information described below.

1. Information we collect

Account information

When an account is created we store your name and email address, and a securely hashed password (or, where single sign-on is used, the identifier provided by the identity provider).

Social-media authorization data

When you connect a social-media account, the relevant platform grants us access tokens (and, for some platforms, refresh tokens or app passwords) through its official authorization flow. We store these credentials so the Service can publish content on your behalf. We never receive or store your password for those third-party platforms.

Content you provide

We store the posts, captions, comments, images, videos, schedules, drafts, and related metadata you create or upload in order to schedule and publish them.

Profile data from connected platforms

To display your connected accounts we may retrieve and cache basic profile information from each platform, such as account name, handle, avatar, and page/channel identifiers.

Technical data

Our servers keep standard operational logs (such as IP address, timestamps, and error diagnostics) needed to run, secure, and troubleshoot the Service.

2. How we use information

To provide the Service: scheduling, publishing, and managing content across your connected accounts.
To authenticate users and secure access to the Service.
To display analytics and the status of scheduled and published posts.
To maintain, debug, secure, and improve the Service.
To comply with legal obligations.

3. How we share information

We do not sell your information. We share it only as follows:

With the social-media platforms you connect, when you instruct the Service to publish or retrieve content. The data you send is handled under each platform’s own terms and privacy policy.
With infrastructure providers that host the Service on our behalf — principally Amazon Web Services (hosting, in the EU) and Cloudflare (secure access and network). These providers process data under their respective agreements.
Where required by law, to comply with a legal obligation or lawful request.

4. Connected third-party platforms

The Service integrates, at your option, with platforms that may include X (Twitter), Facebook, Instagram, Threads, LinkedIn, YouTube, TikTok, Reddit, Mastodon, Bluesky, and Discord. When you connect one of these accounts and publish through it, the content and necessary metadata are transmitted to that platform. Your use of each platform is also governed by that platform’s terms and privacy policy. We are not affiliated with or endorsed by these platforms.

5. Data storage, location, and security

Data is stored on infrastructure we control in the European Union (AWS, Ireland region). We apply technical and organizational safeguards including: encryption of data at rest on disk and of secrets (access tokens are kept in an encrypted secrets store), encryption in transit (HTTPS/TLS), no public inbound network ports, and access control that restricts the application to authorized team members via an email-based access policy. No method of transmission or storage is completely secure, but we take reasonable measures to protect your information.

6. Data retention

We retain account information, content, and connection credentials for as long as your account is active and the connection exists. You may disconnect a social account at any time, which revokes and deletes the stored credentials for that connection. When an account is deleted, associated personal data is removed from active systems, subject to limited retention in encrypted backups that expire on a rolling schedule.

7. Your rights

Because we operate in France/the EU, you may exercise the rights afforded under the GDPR, including the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can disconnect accounts and delete content directly in the Service, or contact us using the details below to make a request.

8. Cookies

The Service uses strictly necessary cookies to keep you signed in and to secure your session. We do not use advertising or third-party tracking cookies.

9. Children’s privacy

The Service is intended for authorized adult team members and is not directed to children. We do not knowingly collect personal data from children.

10. International transfers

When you publish to a third-party platform, your content may be transferred to and processed in the countries where that platform operates. Such transfers are governed by the platform’s own safeguards and terms.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above.

12. Contact

For privacy questions or to exercise your rights, contact: francois@anklebreaker-studio.com.