Privacy Policy

PostLane operates the PostLane service. For anything in this policy — questions, access requests, deletion requests — contact us at privacy@postlane.studio.

Account data. Your name, email address, and profile details (title, avatar, working preferences) when you or your studio create an account.

Studio content. The work product your studio puts into PostLane: projects and productions, documents (call sheets, shot lists, checklists), uploaded media and files, comments and review notes, time entries, bookings, and invoices. This content belongs to your studio — we process it only to provide the service.

Usage and log data. When the application errors or behaves unexpectedly, we capture error context and a reference ID through our monitoring tools (Sentry and Axiom) so we can diagnose and fix problems. Log lines are operational — they are not used for advertising or profiling.

Payment data.Billing is handled by Stripe. Card numbers go directly to Stripe and are never stored on PostLane's servers; we keep invoice and payment-status records (amounts, dates, invoice numbers).

PostLane uses only essential cookies — the session cookies that keep you signed in. We do not use advertising cookies or third-party analytics cookies, which is why you don't see a cookie banner.

We use a small set of service providers to run PostLane. Each one processes data only to provide its function:

• Supabase — Database, authentication, and file storage
• Netlify — Application hosting and content delivery
• Cloudflare — Video streaming and media file storage
• Stripe — Billing and payment processing
• Resend — Transactional email (sign-in links, booking and notification emails)
• Sentry — Error monitoring (error context and reference IDs)
• Axiom — Application log management
• Anthropic — AI processing for product features (see “AI features” below)

Some integrations only process data when you connect them from your studio's settings:

• Google — Drive file import and Calendar sync — only if you connect a Google account
• Slack — Workspace notifications — only if you connect a Slack workspace
• Intuit QuickBooks — Accounting sync — only if you connect a QuickBooks company

If we add a service provider that processes your data, we'll update this page.

If you connect a Google account, PostLane accesses only the Google data needed for the feature you enable:

• Google Drive— the files you explicitly select through the Google picker, so they can be imported into your studio's workspace.
• Google Calendar — calendar events, to keep your production schedule and your calendar in sync.

We use this data solely to provide those features. We do not sell Google user data, we do not use it for advertising, and we do not transfer it to third parties except as necessary to provide the feature you asked for (for example, storing an imported file in your studio's storage) or as required by law.

PostLane's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can disconnect Google access at any time from your studio's integration settings (or by revoking PostLane's access at myaccount.google.com/permissions). Disconnecting deletes the stored connection tokens; files you previously chose to import remain in your studio's workspace (they're your studio's copies), and calendar sync stops.

Some PostLane features use AI to do their job — for example, extracting a call sheet from an uploaded PDF, transcribing or summarizing content, or drafting text you review before it's used. To provide those features, the relevant studio content is processed by our AI provider (Anthropic).

Our provider agreements do not permit your content to be used to train their models. AI output is always presented for your review — extracted documents land in a review state before anything is published.

Your studio's content stays in your workspace for as long as your account is active. To delete your account or your studio's data, contact privacy@postlane.studio — we'll confirm and complete the deletion.

Two practical carve-outs: invoice and payment records are retained where financial record-keeping requires it, and deleted data can persist in encrypted database backups for a limited window before those backups age out.

Data is encrypted in transit (TLS) and at rest. Every studio's data is isolated by row-level security enforced in the database itself — queries are scoped to your studio at the data layer, not just in application code. Stored integration credentials are additionally envelope-encrypted with per-secret keys. We're honest about scope: PostLane does not currently hold formal certifications such as SOC 2; we claim only the controls we actually run.

You can request access to, a copy of, correction of, or deletion of your personal data by emailing privacy@postlane.studio. Where applicable law (such as the GDPR or CCPA) provides additional rights — portability, restriction of processing, objection, non-discrimination for exercising your rights — we honor those too. We don't sell personal data, so there is nothing to opt out of selling.

PostLane is a business tool and is not directed at anyone under 16. We don't knowingly collect personal data from children.

When this policy changes, we'll update the "Last updated" date at the top of this page; for material changes we'll also notify studio owners by email or an in-app notice before the change takes effect.