Privacy Policy
Last updated: 3 July 2026
Postzila ("we", "us" or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA").
This Privacy Policy applies to personal data collected by Postzila from our clients, users, and representatives of corporate entities who register for and use our platform (collectively referred to as "you" or "your").
1. Personal Data We Collect
We practise data minimisation and only collect the specific personal data necessary to establish your account, provide our services, and meet our statutory tax obligations in Singapore. We collect:
- Name of Person: To identify you, communicate with you, and personalise your account experience.
- Name of Company: To associate your account with your corporate entity.
- Billing Address: To verify your location and accurately calculate your Goods and Services Tax (GST) liability in compliance with the Inland Revenue Authority of Singapore (IRAS) regulations.
- Email Address or Mobile Number: To facilitate account registration, secure login verification (OTP), and critical service notifications.
1.1 Payment Processing and Financial Data
Third-Party Processor: Payment processing on Postzila is handled entirely by our external, PCI-compliant payment gateway provider, Stripe.
No Storage of Financial Data: When you make a payment, your credit card details, bank account numbers, and other financial credentials are submitted directly to Stripe and do not pass through or get stored on Postzila’s servers. Postzila does not have access to, nor do we retain, your full credit card details.
Data We Receive: Stripe only shares transaction metadata with us, which includes your name, the date of the transaction, the amount paid, the last four digits of your card (for verification purposes), and your billing address (which we use to compute your GST liability as noted in Section 1).
Stripe’s Privacy Policy: The collection, use, and processing of your financial data by Stripe is governed strictly by Stripe's own privacy policy, which can be viewed on their official website.
2. Purposes for Collection, Use, and Disclosure
We collect, use, and disclose your personal data strictly for the following purposes:
- Registering, managing, and maintaining your Postzila user account.
- Processing transactions, managing billing, and calculating applicable GST liability.
- Providing customer support, responding to inquiries, and sending technical updates or security alerts.
- Complying with applicable laws, regulations, and requests from statutory bodies in Singapore (such as IRAS).
We will not use your personal data for any other purpose without obtaining your prior explicit consent.
3. Postzila as a Data Intermediary
When you upload corporate identity kits, marketing collateral, or images containing personal data (such as faces or names of individuals) into Postzila to generate social media content, we process that data as a Data Intermediary on your behalf.
Your Obligation: As the Data Controller, you warrant that you have obtained valid consent under the PDPA from any individual whose personal data is contained within your uploaded materials before passing it to Postzila.
AI Engine Processing: To generate your social media posts, images, and videos, your inputs are processed through our underlying Third-Party Engines (Google/Gemini, BytePlus, and Kuaishou/KIE AI). These providers only process this data as downstream data intermediaries on our instructions to generate the Output.
4. Cross-Border Transfers of Personal Data
As part of our multi-engine AI pipeline, the personal data you provide or upload may be transferred to, and processed in, servers located outside of Singapore (including infrastructure operated by Google, BytePlus, and KIE AI).
In accordance with the PDPA, we ensure that any overseas recipients are legally bound by contracts or binding corporate rules that provide a standard of protection to your personal data that is comparable to the protection provided under the PDPA.
5. Security and Retention of Personal Data
Security: We implement reasonable and appropriate administrative, physical, and technical security measures (including encryption and secure API communication) to protect your personal data from unauthorised access, collection, use, or disclosure.
Retention: We retain your personal data only for as long as it is required to fulfil the purposes outlined in Section 2, or as necessary to comply with legal, regulatory, or accounting requirements (such as retaining corporate tax records for 5 years under Singapore law). Once no longer required, we will securely destroy or anonymise the data.
6. Your Rights (Access, Correction, and Withdrawal)
Under the PDPA, you have the right to request access to or correction of the personal data we hold about you. You may also withdraw your consent to our use of your personal data at any time (though doing so may mean we can no longer provide you access to Postzila).
To exercise any of these rights, please contact our Data Protection Officer at the email address provided below.
7. Contacting Our Data Protection Officer (DPO)
If you have any questions about this Privacy Policy, or if you wish to make a request regarding your personal data, please contact our Data Protection Officer at:
- Email: dpo@postzila.ai