Privacy Policy

1. Introduction

PostFlow ("we", "us", or "our") is a social media scheduling and content management service operated by Forge Research Ltd, a company registered in England and Wales. PostFlow is a trading name of Forge Research Ltd. The service is accessible at postflow.firstdollarfast.com.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to handling your personal data responsibly and transparently. If you have any questions about this policy or how we handle your data, please contact us at [email protected].

2. Who We Are

Data Controller: Forge Research Ltd
Registered address: England and Wales
Contact email: [email protected]
Website: postflow.firstdollarfast.com

As the data controller, Forge Research Ltd determines the purposes and means of processing your personal data.

3. What Data We Collect

We collect the following categories of personal data when you use PostFlow:

Account data. When you create a PostFlow account, we collect your name, email address, and a password (stored in hashed form). If you register using a third-party service such as Google, we receive the data that service shares with us, which typically includes your name and email address.

TikTok account data. When you connect a TikTok account to PostFlow using TikTok's OAuth authorisation flow, we receive and store an access token and open ID issued by TikTok. We do not receive or store your TikTok password. The access token allows PostFlow to post content to your TikTok account on your behalf, subject to the permissions you grant during the authorisation process.

Content data. We temporarily store video files and associated metadata (captions, hashtags, scheduled posting times) that you upload to PostFlow for the purpose of scheduling and publishing. Video files are deleted from our servers within 48 hours of successful publication or upon your request.

Usage data. We collect information about how you use PostFlow, including pages visited, features used, and actions taken within the application. This data is collected in aggregate and is used to improve the service.

Technical data. We collect your IP address, browser type, operating system, and device identifiers for security and fraud prevention purposes.

Communications data. If you contact us by email or through our support channels, we retain a record of that correspondence.

4. How We Use Your Data

We process your personal data for the following purposes:

To provide the PostFlow service. We use your account data, TikTok access tokens, and content data to schedule and publish posts to your connected social media accounts as instructed by you. The legal basis for this processing is the performance of a contract with you (UK GDPR Article 6(1)(b)).

To maintain and improve the service. We use usage data and technical data to monitor the performance of PostFlow, diagnose technical issues, and develop new features. The legal basis for this processing is our legitimate interests in operating and improving a commercial service (UK GDPR Article 6(1)(f)).

To communicate with you. We use your email address to send you service-related notifications, such as confirmation of scheduled posts, alerts about failed publications, and updates to this Privacy Policy. The legal basis for this processing is the performance of a contract with you (UK GDPR Article 6(1)(b)).

To comply with legal obligations. We may process your data where required to do so by applicable law, including in response to lawful requests from regulatory authorities. The legal basis for this processing is compliance with a legal obligation (UK GDPR Article 6(1)(c)).

5. TikTok Data and the TikTok API

PostFlow integrates with TikTok's Content Posting API. When you connect your TikTok account to PostFlow, the following applies:

We request only the permissions necessary to provide the scheduling and posting features you have requested. Specifically, we request the video.publish scope, which allows PostFlow to publish video content to your TikTok account on your behalf.

We do not access, store, or process any TikTok data beyond what is necessary to fulfil the scheduling and posting functions of the service. We do not read your TikTok messages, followers, following lists, or any content you have not explicitly uploaded to PostFlow for scheduling.

You may revoke PostFlow's access to your TikTok account at any time by visiting your TikTok account settings and removing PostFlow from your list of connected apps. Revoking access will immediately prevent PostFlow from publishing further content to that account.

Our use of TikTok data is governed by TikTok's Developer Terms of Service in addition to this Privacy Policy.

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We share your data only in the following circumstances:

Service providers. We use third-party service providers to operate PostFlow, including cloud hosting providers and analytics services. These providers process data on our behalf and are contractually required to handle it in accordance with UK GDPR.

TikTok. When PostFlow publishes content on your behalf, your content and associated metadata are transmitted to TikTok's servers in accordance with TikTok's own terms and privacy policy.

Legal requirements. We may disclose your data to law enforcement or regulatory authorities where required to do so by applicable law or in response to a valid legal request.

Business transfers. In the event that Forge Research Ltd is acquired, merged with another company, or sells its assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and the privacy policy that will apply to your data.

7. Data Retention

We retain your personal data for as long as your PostFlow account is active or as necessary to provide you with the service. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Video files uploaded for scheduling are deleted from our servers within 48 hours of successful publication or within 48 hours of a failed publication attempt. You may request earlier deletion by contacting us at [email protected].

TikTok access tokens are deleted immediately upon account closure or upon disconnection of the relevant TikTok account from PostFlow.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit using TLS, hashed storage of passwords, and access controls limiting data access to authorised personnel only.

No method of transmission over the internet or electronic storage is completely secure. While we take reasonable precautions, we cannot guarantee the absolute security of your data.

9. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:

The right to access. You may request a copy of the personal data we hold about you.

The right to rectification. You may request that we correct any inaccurate or incomplete personal data we hold about you.

The right to erasure. You may request that we delete your personal data, subject to certain exceptions where we are required to retain it.

The right to restriction of processing. You may request that we restrict the processing of your personal data in certain circumstances.

The right to data portability. You may request that we provide your personal data in a structured, commonly used, machine-readable format.

The right to object. You may object to our processing of your personal data where we rely on legitimate interests as the legal basis for processing.

The right to withdraw consent. Where we process your data on the basis of your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, at ico.org.uk.

10. Cookies

PostFlow uses cookies and similar tracking technologies to maintain your login session and to collect usage data. You may configure your browser to refuse cookies, but doing so may affect the functionality of the service.

We do not use cookies for advertising purposes or to track your activity across third-party websites.

11. Children's Privacy

PostFlow is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by posting a notice on the PostFlow website. Your continued use of PostFlow following such notification constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected]
Website: postflow.firstdollarfast.com
Postal address: Forge Research Ltd, England and Wales

This Privacy Policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.