Postimony
Sign inGet started free

Privacy Policy

Effective date: May 3, 2026

Postimony (“we”, “us”, or “our”) operates the website postimony.com and the Postimony testimonial collection service (the “Service”). This Privacy Policy explains how we collect, use, and share information when you use our Service.

1. Information we collect

Account information. When you sign up, we collect your email address and password (stored as a bcrypt hash — never in plain text) to create your account.

Workspace data. Information you enter about your business: workspace name, logo, and brand color.

Request data. Names and email addresses of your customers that you submit to the Service in order to request testimonials.

Testimonials. Written text and/or video recordings submitted by your customers through collection pages.

Usage data. Standard server logs (IP address, browser type, pages visited, timestamps). We do not currently use third-party analytics.

Payment data. Billing is handled by Stripe. We store only a Stripe customer ID — we never see or store full card numbers.

2. How we use information

  • To provide and operate the Service
  • To send testimonial request emails and reminder emails on your behalf
  • To process payments via Stripe
  • To respond to support inquiries
  • To send product updates (you can unsubscribe at any time)
  • To detect and prevent fraud or abuse

We do not sell your data or your customers' data to third parties.

3. Information sharing

We share information only with the following third-party service providers, strictly to operate the Service:

  • Resend — transactional email delivery
  • Stripe — payment processing

We may disclose information if required by law or to protect rights, property, or safety.

4. Data retention

We retain your account data for as long as your account is active. If you delete your account, we delete your workspace, requests, and testimonials within 30 days. Stripe may retain billing records per their own retention policy.

5. Your customers' data

You are the data controller for the names and email addresses of customers you upload. You are responsible for having a lawful basis to contact them and for complying with applicable privacy laws (GDPR, CAN-SPAM, CASL, etc.) in your jurisdiction.

We act as a data processor on your behalf for that data.

6. Cookies

We use only strictly-necessary cookies:

  • session — a signed JWT set after login. This is an httpOnly cookie required for authentication.

We do not use advertising or tracking cookies.

7. Security

We use industry-standard measures including HTTPS, httpOnly session cookies, and parameterised database queries. No method of transmission is 100% secure; we cannot guarantee absolute security.

8. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. We will notify account holders by email and update the effective date at the top. Continued use after changes constitutes acceptance.

10. Contact

Questions or requests? hello@postimony.com