Legal & Policies

Privacy Policy — How Postflo Handles Your Data

Postflo  ·  Strux Digital Pvt. Ltd.  ·  Effective: 26 March 2026

PRIVACY POLICY

How Strux Digital Pvt. Ltd. Collects, Uses, and Protects Your Personal Data

Effective: 26 March 2026 · Postflo (postflo.in) · Strux Digital Pvt. Ltd.

1. INTRODUCTION AND SCOPE

Strux Digital Private Limited ("Strux Digital," "Postflo," "we," "us," "our") is committed to protecting the privacy and personal data of our clients, users, and website visitors. This Privacy Policy ("Policy") describes how we collect, use, process, disclose, and protect personal information in connection with Postflo, available at postflo.in and app.postflo.in.

This Policy is issued in compliance with: (a) Section 43A and Section 72A of the Information Technology Act, 2000 ("IT Act"); (b) the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"); (c) the Digital Personal Data Protection Act, 2023 ("DPDP Act") to the extent applicable and enforced; and (d) globally recognised privacy principles informed by the EU General Data Protection Regulation (GDPR). By using the Service, you consent to the practices described in this Policy.

2. DATA CONTROLLER IDENTITY

Entity: Strux Digital Private Limited

Registered Office: Hyderabad, Telangana, India

Product: Postflo (postflo.in)

Privacy Contact: legal@postflo.in

Grievance Officer: grievance@postflo.in

3. PERSONAL DATA WE COLLECT

3.1 Data You Provide Directly

• Account and Registration Data: Full name, email address, organisation name, phone number, designation, billing address, GST identification number, and any other information provided during account creation, onboarding, or platform interaction.

• Payment and Billing Data: Billing contact details, payment transaction references, and invoicing records. Full payment card data is processed exclusively by our PCI-compliant payment processor and not stored on Postflo servers.

• User Data and Content: Podcast transcripts, episode metadata, show profiles, host names, subscriber counts, audience demographics, sponsorship lead information, and any other content you upload or submit to the Platform.

• Communications: Content of emails, support tickets, demo booking requests, cancellation requests, and other communications with Postflo.

3.2 Data Collected Automatically

• Usage and Interaction Data: Pages visited, tools used, episodes processed, features accessed, timestamps, session duration, click paths, and interaction data.

• Technical and Device Data: IP address, browser type and version, operating system, device identifiers, and HTTP referrer.

• Log Data: Server access logs, error logs, and system event records.

• Cookies and Tracking Technologies: As described in our Data & Cookies Policy.

3.3 Data Received from Third Parties

We may receive information from third-party services connected to Postflo, including payment processors (transaction status), email delivery providers (delivery confirmation), and analytics platforms.

4. SENSITIVE PERSONAL DATA

Under the SPDI Rules, "sensitive personal data or information" (SPDI) includes passwords and financial information. Postflo stores account passwords in hashed form (bcrypt) and handles payment information exclusively through PCI-compliant processors. We do not collect biometric data, medical records, or similar sensitive categories. Where SPDI is collected, it is processed only for the stated purpose and with your consent.

5. PURPOSES OF PROCESSING

• Providing, operating, maintaining, and improving the Service.

• Creating, managing, and administering your Account and subscription.

• Processing payments, issuing GST-compliant invoices, and managing billing.

• Sending transactional communications including account activation, password reset, and subscription reminders.

• Responding to support requests, grievances, and demo enquiries.

• Monitoring platform usage, detecting abuse or fraud, and ensuring security.

• Complying with legal obligations and enforcing our Terms, including non-compete provisions.

• Conducting product analytics and research to improve Service quality.

• Sending marketing communications where consented or permitted under Applicable Law, with opt-out options available.

6. LEGAL BASES FOR PROCESSING

• Contractual necessity: Processing required to perform our agreement with you and provide the Service.

• Legitimate interests: Security, fraud prevention, analytics, service improvement, and enforcement of the non-compete and intellectual property provisions of our Terms.

• Legal obligation: Compliance with Indian law, GST regulations, court orders, or government directions.

• Consent: Where we rely on consent, you may withdraw it at any time by contacting legal@postflo.in. Withdrawal does not affect prior lawful processing.

7. DATA SHARING AND DISCLOSURE

We do not sell your personal data. We may share data with:

• Cloud Infrastructure: Render (hosting and deployment).

• AI Service Providers: Anthropic (Claude AI API) for transcript processing and Output generation. Review Anthropic's privacy policy for their data handling practices.

• Payment Processors: For subscription payments and invoicing.

• Email Delivery Providers: Including Resend, for transactional email delivery.

• Analytics Providers: Google Analytics / Google Tag Manager for usage analytics.

• Proxy Service Providers: Webshare for IP rotation services used in transcript acquisition.

• Professional Advisors: Lawyers, accountants, and auditors, subject to confidentiality obligations.

• Law Enforcement and Government Bodies: Where required by Applicable Law, court order, or to protect rights and safety.

• Business Transferees: In connection with a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

8. DATA RETENTION

• Account and Profile Data: Retained for the Subscription Term and up to 2 years thereafter unless a deletion request is made.

• User Data and Uploaded Content: Retained while the Account is active; up to 90 days after termination before deletion.

• Financial and Transaction Records: Minimum 7 years as required by the Companies Act, 2013, and applicable tax laws.

• System Logs: 90 days unless extended for security or legal purposes.

• Communications and Support Records: 3 years from the date of last interaction.

Personal data no longer required for any stated purpose shall be deleted, anonymised, or pseudonymised.

9. YOUR RIGHTS

Subject to Applicable Law, including the DPDP Act upon its full enforcement, you may:

• Request confirmation and a copy of personal data held about you.

• Request rectification of inaccurate or incomplete personal data.

• Request deletion of personal data, subject to legal retention obligations.

• Withdraw consent previously given for processing.

• Lodge a complaint with our Grievance Officer (see Grievance Redressal Policy).

• Nominate a person to exercise rights on your behalf in the event of incapacity or death, under the DPDP Act.

To exercise any right, contact us at legal@postflo.in. We will respond within 30 days. Identity verification may be required.

10. DATA SECURITY

Postflo implements reasonable technical and organisational security measures, including bcrypt password hashing, Fernet-encrypted API key storage, HTTPS for all data in transit, session-based access controls, rate limiting on authentication endpoints, and regular security reviews. No system is impenetrable. Postflo is not liable for unauthorised access beyond its reasonable control. In the event of a personal data breach likely to cause risk to your rights, we will notify the relevant authority and/or affected individuals as required by law.

11. INTERNATIONAL DATA TRANSFERS

Your data is primarily processed using infrastructure in or near India. Where data is transferred to jurisdictions outside India for AI processing or cloud services, Postflo ensures appropriate contractual safeguards consistent with Applicable Law, including standard contractual clauses or equivalent protections.

12. CHILDREN'S PRIVACY

The Service is not directed at individuals under 18 years of age. Postflo does not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact legal@postflo.in and we will promptly delete such data.

13. CHANGES TO THIS POLICY

We may update this Policy periodically. Material changes will be notified via email or prominent notice on the Platform. Continued use after changes constitutes acceptance. The Effective Date above reflects the latest revision.

14. CONTACT

For privacy-related enquiries, rights requests, or complaints, contact: legal@postflo.in

© 2026 Strux Digital Private Limited. All Rights Reserved.

Postflo is a product of Strux Digital Pvt. Ltd. · postflo.in · Hyderabad, Telangana, India