This Privacy Policy explains how Mian Ltd ("we", "us", "our") collects, uses, stores, and shares personal data when you use the PostPow application, website, API, and any related services (collectively, the "Service").
Data Controller: Mian Ltd
Registered in: England and Wales, United Kingdom
Company number: 09222806
Contact: contact@theapptor.com
We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. Our Terms of Service apply alongside this policy.
When you register for PostPow, we collect:
When you connect a social media account (TikTok, Instagram, YouTube, or others) to the Service, we receive and store:
We use these tokens only to perform the actions you initiate in the Service (for example, to publish a post you have scheduled). We never use your tokens to perform actions you have not instructed.
To provide the scheduling and publishing features, we store the media files (videos and images) and associated text (captions, hashtags, and notes) that you upload or create in the Service.
When you access the Service, we automatically collect:
Where you purchase a subscription, payments are processed by a third-party payment processor (such as Apple or Stripe). We do not receive or store your full payment card number. We may receive a transaction reference, the last four digits of a card, and the billing country for our records.
If you contact us for support or send us feedback, we keep a record of that correspondence.
We use the personal data described above for the following purposes and on the following legal bases under UK GDPR:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Performance of a contract with you |
| Storing, scheduling, and publishing your content to connected platforms | Performance of a contract with you |
| Managing connected social media account tokens on your behalf | Performance of a contract with you |
| Processing payments and managing subscriptions | Performance of a contract with you |
| Sending transactional emails (account confirmation, scheduling reminders, publishing notifications) | Performance of a contract with you |
| Troubleshooting errors, providing customer support | Performance of a contract with you |
| Improving and developing the Service; analysing usage patterns | Our legitimate interests in improving the Service, balanced against your interests |
| Detecting and preventing fraud, abuse, or security incidents | Our legitimate interests in securing the Service and protecting users |
| Complying with legal obligations (for example, tax records or responding to lawful requests) | Compliance with a legal obligation |
| Sending marketing communications about PostPow features or offers (where you have opted in) | Your consent |
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
PostPow integrates with the following third-party platforms through their official APIs. Your use of those platforms is also subject to their own privacy policies:
Data obtained through platform APIs is used solely to provide the Service features you have requested. We do not sell or transfer that data to third parties for their independent use. We retain API-obtained data only as long as necessary for the purpose for which it was collected, or until you disconnect the relevant account.
We do not sell your personal data. We may share it with the following categories of recipients, strictly as necessary:
We use third-party service providers to help operate the Service, including:
These providers are contractually bound to process your data only on our instructions and to maintain appropriate security measures.
We may disclose personal data where required by law, court order, or a request from a competent regulatory or law-enforcement authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Mian Ltd, our users, or the public.
If Mian Ltd is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will give you notice before your data becomes subject to a materially different privacy policy.
The Service is operated from the United Kingdom. Some of our service providers are based in the United States or other countries outside the UK. When we transfer personal data to those countries, we do so under appropriate safeguards, including the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses approved by the UK Information Commissioner's Office (ICO).
| Data type | Retention period |
|---|---|
| Account information | Duration of your account, plus up to 30 days after deletion (for recovery), then deleted |
| Social media OAuth tokens | Until you disconnect the account or delete your PostPow account, whichever is sooner |
| Uploaded media and content | Until you delete the content or your account, then deleted within 30 days |
| Published post records | Until you delete your account, then deleted within 30 days |
| Payment and billing records | 7 years (required by UK tax law) |
| Usage logs and error data | Up to 90 days in identifiable form, then aggregated or deleted |
| Support correspondence | Up to 3 years after the interaction closes |
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include encryption in transit (HTTPS/TLS), encryption at rest for sensitive fields such as API tokens, access controls, and security monitoring. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
OAuth access tokens for your connected social media accounts are stored encrypted and accessed only by the authenticated scheduling and publishing components of the Service. You should revoke access immediately if you believe a token has been compromised — either within PostPow (by disconnecting the account) or directly in the relevant platform's security settings.
Subject to applicable law, you have the following rights in relation to your personal data:
To exercise any of these rights, contact us at contact@theapptor.com. We will respond within one calendar month. We may need to verify your identity before acting on a request. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
The Service uses a small number of essential cookies and similar technologies to keep you logged in and to maintain session state. We do not use third-party advertising cookies or sell your browsing data to advertisers. Where we use analytics tools, we configure them to minimise personal data collection (for example, using anonymised IP addresses).
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you become aware that a child has provided us with personal data without appropriate consent, please contact us at contact@theapptor.com and we will delete it promptly.
You can disconnect a social media account from PostPow at any time within the app's Settings. Upon disconnection, we will stop using that account's token and will delete it from our systems within 30 days. You can also revoke PostPow's access directly through the platform's own security settings:
Revoking access on the platform side does not automatically delete your PostPow data; to do that, disconnect the account within PostPow or delete your account entirely.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you — for example by email or an in-app notice — before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Your continued use of the Service after the updated policy takes effect constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:
Mian Ltd (Company number 09222806, registered in England and Wales)
Email: contact@theapptor.com
If you are unhappy with our response, you may complain to the Information Commissioner's Office (ICO), the UK data protection supervisory authority:
ICO Helpline: 0303 123 1113
Website: ico.org.uk
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF