TryMyPost
Back to Home

Privacy Policy

Last updated: February 26, 2026

1. Controller and Scope

This Privacy Policy explains how TryMyPost ("we", "us", or "our") processes personal data when you use https://www.trymypost.com and related services, including account authentication, saved presets/templates, and secure sharing features.

Contact for privacy requests: trymypost.business@gmail.com.

2. Controller Identity and Contact Details

  • Data controller: Esteta (TryMyPost)
  • Registered office jurisdiction: Italy
  • Privacy contact email: trymypost.business@gmail.com

At the date of this policy, no separate Data Protection Officer is publicly designated. Privacy requests are handled through the contact above.

3. Data We Process

Account and profile data

  • Firebase user ID, email, display name and profile image (when provided by your auth provider).
  • Authentication provider details (for example Google, Apple, password) needed to manage account access.
  • Basic account metadata necessary to maintain session integrity and account security.

Content and presets you choose to save

  • Template/preset names, descriptions, preview thumbnails and configuration data that you explicitly choose to save.
  • Associations between saved templates and your account identifier to enable retrieval and editing.
  • You control when this data is saved, updated or deleted from your account area.

Share links and security data

  • Share payload metadata (user agent, IP-related request metadata, timestamps) used for delivery and abuse prevention.
  • Rate-limiting and anti-abuse metadata for API protection and service reliability.
  • Operational logs needed for debugging, incident response and security monitoring.

Cookie and analytics data

We use strictly necessary cookies by default. Analytics and marketing data are processed only when you grant consent. Detailed categories, providers and controls are described in our Cookie Policy.

4. Legal Bases (GDPR)

  • Contractual necessity: account login, saved presets/templates, and requested platform features.
  • Legitimate interest: service security, fraud prevention, debugging, abuse prevention and product reliability.
  • Consent: analytics and marketing cookies and related measurement/advertising tools.
  • Legal obligations: when processing is required to comply with applicable law, enforcement requests or regulatory duties.

5. Processors and Third Parties

  • Firebase (Google): authentication and Firestore data storage for user accounts and saved templates.
  • Vercel: hosting, infrastructure and operational delivery of the web application.
  • Google Analytics / Hotjar / Vercel Analytics: optional analytics tools enabled only with consent.
  • Google AdSense: optional advertising services enabled only with consent.

We do not sell personal data.

6. International Transfers

Some providers process data outside your country. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses and equivalent contractual protections.

7. Retention

  • Authentication cookie (`authToken`): up to 7 days depending on session lifecycle and security controls.
  • Account and saved template data: retained while your account is active or until deletion request, subject to legal retention duties.
  • Share links: expire automatically (default 24 hours).
  • Security/rate-limit records: retained for limited anti-abuse windows and incident response purposes.
  • Consent records: retained until updated/withdrawn, with versioning metadata for compliance traceability.

8. Your Rights

Depending on your jurisdiction, you may request access, correction, deletion, restriction, objection, portability, and consent withdrawal. You can submit requests at trymypost.business@gmail.com.

9. Data Sources

  • Directly from you when you register, authenticate, save templates, or submit support/privacy requests.
  • From authentication providers (for example Google/Apple) according to the permissions you authorize.
  • From technical request metadata generated by your browser/device during secure service delivery.

10. Mandatory vs Optional Data

  • Account/authentication data is necessary to provide login and account-linked features.
  • Template/preset data is optional and processed only when you choose to save content.
  • Analytics and marketing data is optional and processed only after consent.

If required account/authentication data is not provided, account-specific features may be unavailable.

11. Automated Decision-Making and Profiling

We do not perform solely automated decision-making that produces legal effects or similarly significant effects on users. Analytics tools may create aggregated behavioral insights, but not automated legal/profiling decisions about individuals.

12. Minors

Our services are not directed to children under 14 and are not intended for users who cannot legally provide consent under applicable law. If you believe a minor provided personal data improperly, contact us for review and removal.

13. Updates

We may update this policy when legal, technical or product changes require it. The version date at the top indicates the latest revision.

14. Security Measures

We implement technical and organizational measures appropriate to risk, including authenticated access controls, security monitoring, anti-abuse protections, and encrypted transport where applicable.

15. Right to Lodge a Complaint

If you believe your data protection rights were violated, you may lodge a complaint with your local supervisory authority. For users in Italy, the competent authority is Garante per la Protezione dei Dati Personali.