Privacy Policy
The short version
PostStack is self-hosted. You run it on your own server, so we never see your messages, contacts, tokens or any operational data — that all stays on your infrastructure. This policy covers only this marketing website (poststack.techskills.academy): the cookies it uses and the analytics behind them. Everything beyond strictly necessary is denied by default until you accept in the cookie banner.
1. Who we are
This site is operated by Paweł Jurczyk (TechSkills Academy), Poland. Contact: [email protected].
2. Cookies this website uses
We keep a single strictly-necessary cookie to remember your consent choice. Analytics and marketing cookies load only after you opt in, and you can withdraw consent any time via the “Cookies” link in the footer.
| Name | Purpose | Lifetime | Category |
|---|---|---|---|
poststack_consent | Stores your cookie decision | 365 days | Necessary |
_ga, _ga_* | Google Analytics 4 client/session (server-side, first-party) | 24 months | Analytics |
_gid | GA daily session identifier | 24 hours | Analytics |
_fbp, _fbc | Meta Pixel / Conversions API identifiers (ad measurement) | 90 days | Marketing |
3. Analytics & ad measurement
When you consent to analytics, we use Google Analytics 4 routed through a first-party server endpoint (server-side Google Tag Manager) and, optionally, a self-hosted Umami instance. Umami is cookieless and uses no persistent identifier. When you consent to marketing, the Meta Pixel runs server-side via the Conversions API to measure how our ads perform. Routing through our own server lets us strip PII and anonymize IPs. We never sell or share this data.
4. The PostStack application
The product is source-available software you deploy yourself. We have no access to your instance, its database, your social tokens, or the people you talk to. Your data controller for the app is you. The one exception is anonymous usage telemetry, described next.
5. Anonymous usage telemetry
An instance sends back a once-daily aggregate snapshot that helps us understand how PostStack is used and prioritise the roadmap. It is on by default (opt-out), the same model as many self-hosted tools. What a snapshot contains:
- a random instance id (a UUID generated once on first run — not tied to you);
- a salted hash of your domain — never the domain itself;
- deployment shape: version numbers and on/off feature & integration flags;
- aggregate counts only — totals such as connected channels, processed webhooks and messages, plus the per-platform channel breakdown shown in the “Live fleet” section on our homepage.
It never contains message content, contact or audience data, social tokens,
your raw domain, or anything that identifies a specific person. You can turn it off
completely by setting POSTSTACK_TELEMETRY_DISABLED=true in your environment —
then no snapshot is built and no network call is made. The exact fields, with examples, are
documented in
docs/PRIVACY.md in the source repository.
6. Email
If you email us, your message is stored on our mail server only so we can reply. We do not add you to any marketing list and we delete the thread once the matter is resolved, unless you ask us to keep it.
7. Your rights (GDPR)
You can request access to, correction of, or deletion of any personal data we hold (for the website, that is limited to consent state and any email correspondence). Write to [email protected] and we will respond within 30 days. The supervisory authority in Poland is the President of the Personal Data Protection Office (UODO).
8. Changes
If this policy changes materially we will update the “Last updated” date above. Previous versions live in this site’s git history.