postlii

postlii · Legal

Data Deletion Policy

How to permanently delete your postlii account and all associated data.

Effective September 1, 2025

At postlii.ca, you stay in control of your data. This Data Deletion Policy explains how you can request the permanent deletion of your account and all personal information we hold about you, how long the deletion takes, and what (if anything) we are legally required to retain after deletion.

This policy applies to data we collect directly from you (account details, branding assets you upload, posts you create) and to data we receive on your behalf from third-party platforms you connect to postlii (e.g. Facebook, Instagram, LinkedIn, TikTok, Pinterest, X, Google Business Profile).

1. What Counts as 'Your Data'

When you sign up for postlii and use the platform, the following categories of personal data may be stored against your account:

  • Identity & contact data — first and last name, email address, phone number, country, and the profile type you picked (realtor, brokerage, mortgage broker).
  • Branding assets — headshot, personal brand logo, brokerage logo, brand colour, public-facing email and website.
  • Brokerage details — brokerage name, street address (split into street 1/2, city, province, postal code, country) and brokerage phone number.
  • Authentication metadata — your Supabase Auth user ID, sign-in provider (email OTP or Google OAuth), the email-verification timestamp, and your hashed Auth records.
  • Templates and posts — drafts, finished posts, captions, scheduled and published posts, and per-template settings you customized.
  • Linked-account tokens — OAuth access and refresh tokens for any third-party social platforms (Meta / Instagram / LinkedIn / TikTok / Pinterest / X / Google Business Profile) you connected through postlii.
  • Billing data — subscription plan, status, trial dates, promo codes redeemed, invoice records. Credit-card numbers are NEVER stored on our servers; they are held by our PCI-compliant payment processor (Stripe).
  • Support tickets — messages you sent us, attachments you shared, and our replies.
  • Operational logs — error reports and rate-limit counters keyed by IP address. These automatically expire within 30 days and are not linked to your account by name.

2. How to Delete Your Account — Self-Serve

The fastest way to permanently delete your postlii account is from inside the app:

  • Sign in at https://www.postlii.ca/login.
  • Open Settings → Account → Delete account.
  • Confirm by typing your email address and clicking the red Permanently delete button.

What this does

Triggers an immediate sign-out, schedules an irreversible purge of your data (see Section 4 for the timeline), and revokes any OAuth tokens postlii holds for your connected third-party accounts so we no longer have access to them on your behalf.

You can also disconnect each third-party account individually before deletion via Settings → Connections — useful if you want to keep your postlii account but cut a single integration.

3. How to Delete Your Account — By Email Request

If you cannot access the in-app flow (lost access to your email, account locked, etc.), send a deletion request from the email address on file to:

  • Email: info@postlii.ca
  • Subject: Data deletion request
  • Body: include your registered email address and a brief confirmation that you want all of your data permanently deleted.

What happens next

We will acknowledge receipt within 2 business days. If the request comes from a different email than the one on file, we will reply asking for proof of account ownership (e.g. answering a knowledge-based challenge) before proceeding — this protects you from someone else deleting your account.

Once verified, your account is queued for deletion immediately and the full timeline in Section 4 applies.

4. Deletion Timeline

From the moment a deletion request is verified, the following timeline applies:

  • Within 24 hours — your account is signed out everywhere, your password is invalidated, and your data is hidden from all public surfaces (mini-site, public business card, any shared post URLs).
  • Within 7 days — your branding assets, templates, scheduled posts, support tickets and OAuth tokens are deleted from our primary database (Supabase) and our object storage. Backups created before the deletion request continue to roll off on their normal schedule.
  • Within 30 days — all encrypted backups containing your data have rotated out, completing the deletion across every system we operate.
  • Within 90 days — any aggregated usage logs that referenced your account (rate-limit counters keyed to your IP, error reports) are fully purged from our log retention store.

What we keep, and for how long

Canadian tax and accounting law requires us to retain certain invoice and transaction records for six (6) years from the end of the tax year they relate to. These records contain only the minimum necessary fields: invoice ID, amount, GST/HST collected, date, and an internal reference (no headshot, no posts, no OAuth tokens). They are not used for any purpose other than tax compliance.

We may also retain a record of the deletion request itself (date, requestor's stated email) for two (2) years as proof of compliance, in case a future dispute arises.

5. Third-Party Platforms (Facebook, Instagram, etc.)

When you delete your postlii account, we delete the OAuth tokens we hold for any third-party platforms you connected (Facebook / Instagram / LinkedIn / TikTok / Pinterest / X / Google Business Profile). This revokes our app's access to your accounts on those platforms.

Deleting your postlii account does NOT delete posts that postlii previously published to those platforms — posts that were sent live become the property of the host platform and are governed by that platform's own privacy and content controls.

If you also want those posts removed, you must log in directly to each platform (Instagram, Facebook, etc.) and delete them there, or use that platform's own data-deletion tools.

6. Data Deletion Callback (for Platform Reviewers)

For platforms that require a programmatic deletion callback URL during API approval, postlii honours requests sent to:

  • Callback URL: https://www.postlii.ca/api/data-deletion
  • Method: POST
  • Payload: signed request body matching the platform's standard data-deletion-callback spec (we verify the signature against the app secret you issued us).
  • Response: JSON with `{ url: <status-page>, confirmation_code: <code> }`, per the platform spec.

Status check

The status URL we return (`https://www.postlii.ca/policies/data-deletion?code=<code>`) shows the current state of the deletion request: queued, in progress, or complete. The reviewer or the end user can use it to verify deletion was honoured.

For user-driven requests (non-callback), this same page can be referenced as the data deletion instructions URL required by Meta, Google, TikTok, and similar API reviewers.

7. Anonymous and Aggregated Data

After your account is deleted, we may retain anonymized statistics that no longer identify you — for example, totals like 'number of posts scheduled per month across all users'. These cannot be re-linked to you and are used only to understand product usage and load.

If you object to even this anonymized retention, mention it in your deletion request and we will exclude your historical contributions from the aggregation.

8. Your Rights Under Privacy Law

Deletion is one of several rights guaranteed to you under Canadian privacy law (PIPEDA) and, where applicable, the EU GDPR. You also have the right to:

  • Access the personal data we hold about you (see our Privacy Policy).
  • Correct any inaccurate information (you can do this directly in Settings → Profile, or by emailing info@postlii.ca).
  • Port your data to another service — request a JSON export of your account at info@postlii.ca and we will provide it within 30 days.
  • Withdraw consent for processing at any time. Note that withdrawing consent for essential processing (such as account login) will effectively close your account.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca) if you believe we have handled your data improperly.

9. Updates to This Policy

We may update this Data Deletion Policy from time to time. Material changes will be communicated by email to all active account holders at least 14 days before they take effect. The 'Last updated' date at the top of this page always reflects the current version.

10. Contact Us

Questions about this policy or about a deletion request you've made:

  • Email: info@postlii.ca
  • Subject line: Data deletion question
  • Response time: within 2 business days, often sooner.

Questions about this policy? Email info@postlii.ca

Other policies

Privacy PolicyTerms of ServiceCanadian Copyright PolicyCookie PolicyDisclaimerDMCARefund & Billing PolicySubscription & Billing Policy
Back to all policies