Privacy Policy

Last updated 1 July 2026

PostLake is a product of CrumbleLake ("CrumbleLake", "we", "us", "our"), based in the United Kingdom. This policy explains what personal data we collect when you use PostLake, why we use it, who we share it with, and the rights you have under the UK GDPR and the Data Protection Act 2018.

Who we are What we collect How & why we use it Who we share it with International transfers Retention Security Your rights Cookies Contact

1. Who we are

PostLake is a unified social media API operated by CrumbleLake. For the personal data described in this policy, CrumbleLake is the data controller. You can reach us about anything in this policy at crumblelake@gmail.com.

When you connect your own social accounts and publish content through PostLake, we act as a data processor on your behalf for that content — you decide what is posted and where. A Data Processing Agreement (DPA) is available on request.

2. What we collect

Information you give us

Information we collect automatically

Billing data

Payments are handled by our payment providers (RevenueCat and Stripe). We receive confirmation of your plan, credits, and invoices — we never see or store your full card number.

3. How & why we use it, and our lawful bases

PurposeLawful basis (UK GDPR Art. 6)
Create and run your account; publish, schedule, and report on the content you ask us toPerformance of a contract with you
Take payment and manage credits, plans, and invoicesPerformance of a contract
Secure the service, prevent abuse, debug, and keep audit logsLegitimate interests (running a safe, reliable service)
Send essential service emails (verification, password reset, billing, renewal reminders)Performance of a contract / legitimate interests
Keep financial recordsLegal obligation (UK tax/accounting law)
Any optional marketing (only if we ever add it)Your consent, which you can withdraw at any time

We do not sell your personal data, and we do not use your content to train AI models.

4. Who we share it with

We share data only with the service providers ("sub-processors") that help us run PostLake, and with the social networks you choose to connect. Each is bound to protect your data and use it only on our instructions. The current list — including what each does and where it is located — is on our Sub-processors page.

We may also disclose data if required by law, or to protect our rights, our users, or the security of the service.

5. International transfers

Some of our sub-processors are based outside the UK (for example in the United States). Where personal data is transferred outside the UK, we rely on appropriate safeguards — such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision — so your data receives an equivalent level of protection.

6. How long we keep it

DataRetention
Account & profileWhile your account is open, then deleted within 30 days of closure (unless we must keep it longer by law)
Connected-account tokensUntil you disconnect the account or close your account
Content (posts, media, schedules)While your account is open, or until you delete it
Billing & invoice recordsUp to 7 years, to meet UK tax and accounting obligations
Security & audit logsTypically up to 12 months

7. How we protect it

No system is perfectly secure, but we take reasonable technical and organisational measures appropriate to the risk.

8. Your rights

Under UK data protection law you have the right to:

To exercise any of these, email crumblelake@gmail.com. We will respond within one month. You can also disconnect accounts and delete content yourself from your dashboard, or request full deletion via our data deletion page.

If you are unhappy with how we handle your data, you have the right to complain to the UK's supervisory authority, the Information Commissioner's Office (ICO) — though we'd appreciate the chance to put things right first.

9. Cookies

We use only a strictly-necessary session cookie and a functional theme-preference cookie — no advertising or cross-site tracking. Full details are in our Cookie Policy.

10. Children

PostLake is a business tool and is not directed at children. You must be at least 18 to use it. We do not knowingly collect data from anyone under 18.

11. Changes to this policy

We may update this policy from time to time. If we make material changes we'll update the date above and, where appropriate, notify you by email. Continued use of PostLake after a change means you accept the updated policy.

12. Contact

Questions, requests, or complaints about privacy? Email crumblelake@gmail.com. PostLake is a CrumbleLake product, United Kingdom.