Postera
Privacy Policy
Last updated: May 2026 · Version 2.0
IMPORTANT: Postera is an AI-based informational tool. It does NOT provide legal, tax, financial, or medical advice. Information in your documents is processed solely to provide you with explanations. Use is at your own risk. AI results may be incorrect — always verify before acting.
1. Data Controller
Rauf Ismayilov
Nordring 102, 90409 Nuremberg, Germany
Email: support [at] postera [dot] pro
Full contact details: see Impressum.
2. Data We Collect
Data you provide directly:
- Email address when creating an account
- Photos or text of documents you scan
- Language selection and in-app settings
Data automatically collected:
- Device type, operating system version
- Anonymous usage statistics and error reports
- Subscription information (managed by App Store / Google Play)
Biometric data (Face ID / fingerprint) is stored on your device and never transmitted to us.
3. Legal Basis (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)) — account creation, scan service, subscription management
- Consent (Art. 6(1)(a)) — AI processing, analytics; revocable any time
- Legitimate interest (Art. 6(1)(f)) — security, fraud prevention
4. AI Processing — Anthropic Claude
Document scans are sent to Anthropic (USA) for AI analysis under a Data Processing Agreement (DPA) with EU Standard Contractual Clauses. Anthropic does not use your data to train AI models.
5. Data Retention
- Documents themselves: NOT stored on our servers — only your device
- Account data: while account is active
- Anonymous logs: 90 days
- Subscription receipts: 10 years (legal/tax obligation)
Account deletion: personal data removed within 30 days.
6. Third-Party Processors
- Supabase (EU/Frankfurt) — account, database
- Anthropic Claude (USA) — AI analysis
- RevenueCat (USA) — subscription management
- Apple App Store / Google Play — payments
7. Your Rights (GDPR Art. 15-22)
- Access, rectification, erasure, restriction, data portability, objection, withdraw consent
To exercise any right, email us. We respond within 30 days. You may also file a complaint with a data protection authority.
8. Security
We use TLS encryption, AES-256 storage encryption, and access controls. However, no system is 100% secure. You acknowledge that internet transmission carries inherent risks.
9. Children
Postera is not directed at children under 16. We do not knowingly collect data from children.
10. Changes
We may update this policy. Material changes will be announced in the app. Continued use means acceptance.