Postwalls

Privacy Policy and Register Description

Last updated: 30.11.2025 | Effective from: 30.11.2025

1. Data Controller

Service: Postwalls

Description: Postwalls is a web-based message wall service that allows users to create message walls and communicate with others.

This privacy policy applies to the use of Postwalls service.

2. What personal data is collected

9. Contact information and complaints

  • Email address - Required for authentication and magic link login

Content Data

  • Your created walls - Wall name, type (free/pro), creation time
  • Your sent messages - Message content, send time, email address
  • Wall activation data - Activation time, usage time

Technical data and logs

  • Session data - Login tokens (access_token, refresh_token)
  • Cookies - For functionality and user experience improvement
  • User identifier - UUID automatically created by Supabase Auth system
  • IP address - Hashed with SHA-256 immediately upon storage
  • Browser data - User-Agent hashed to short form (16 characters)
  • Rate limiting logs - Automatically deleted after 24h
  • Usage analytics - Anonymized after 30 days
GDPR compliance: Original IP addresses are not stored. All technical logs are anonymized or automatically deleted.

Analytics and interaction data

  • User actions - Stored in user_analytics table (event_type, event_data)
  • Interactions - Likes, reactions, shares (user_interactions table)
  • Usage times - Wall viewing and usage times

3. Why personal data is processed

Service Implementation

  • • User identification and login
  • • Wall creation and management
  • • Message sending and receiving
  • • Magic link email sending

Legal basis: Contract fulfillment (GDPR 6(1)(b))

Security and abuse prevention

  • • Rate limiting (spam prevention)
  • • Security logs and audit trail
  • • User account security
  • • GDPR deletion request tracking

Legal basis: Legitimate interest (GDPR 6(1)(f))

Service development

  • • Usage analytics (anonymous)
  • • Service performance optimization
  • • User experience improvement
  • • Technical issue identification

Legal basis: Legitimate interest (GDPR 6(1)(f))

Legal obligations

  • • GDPR compliance
  • • Data deletion upon request
  • • Audit trail logging
  • • Security logs

Legal basis: Legal obligation (GDPR 6(1)(c))

4. Cookie usage

Cookies are small text files stored on your device during website use. We use cookies to improve your user experience and service functionality.

✅ Essential cookies

These cookies are essential for basic website functions. They cannot be disabled.

  • postwalls-cookie-consent - Stores your cookie settings
  • Supabase session data - Login maintenance
  • CSRF tokens - For security assurance

⚙️ Functionality

These cookies enable customized user experience and stored settings.

  • postwalls-theme - Theme settings (dark/light)
  • Language settings - Selected language (if supported in future)
  • UI settings - Personalized views

Analytics and statistics

These cookies help us understand service usage. Requires your consent.

  • Google Analytics - Website usage statistics (not yet in use)
  • Hotjar - User experience analysis (not yet in use)
  • Internal analytics - Internal user statistics

Marketing

These cookies enable targeted advertising. Requires your consent.

  • Facebook Pixel - Social media advertising (not yet in use)
  • Google Ads - Search advertising (not yet in use)
  • Retargeting - Remarketing (not yet in use)

Cookie management

You can manage your cookie settings at any time:

Cookie Settingsor use browser cookie settings

5. How long personal data is stored

Automatic data deletion

Postwalls is designed to be GDPR-compliant with automatic data deletion.

F

Free walls (activated)

74 hours from activation (2h active + 72h grace period). Unactivated free walls are deleted 24 hours after creation.

P

Pro walls (activated)

96 hours from activation (24h active + 72h grace period). Unactivated pro walls are deleted after 90 days (reminder email at 60 days).

@

Email addresses and user accounts

Stored until user requests account deletion or walls expire and are deleted. Unactivated Free walls (24h) and Pro walls (90 days) are automatically deleted.

A

Analytics and interaction data

30 days: IP addresses and User-Agent data are automatically anonymized. 1 year: Anonymized analytics data is deleted. GDPR request: All data is deleted immediately.

L

GDPR deletion log

Anonymous audit trail is maintained to fulfill legal obligations. Does not contain personal data.

T

Account deletion confirmation tokens

1 hour validity period. Old tokens are automatically deleted after 24 hours.

5. Where personal data is stored

5. Where personal data is stored

All your personal data is stored securely in GDPR-compliant services in the EU/EEA area.

Database

Supabase PostgreSQL - EU area servers, GDPR-compliant

  • User accounts, walls, messages, Analytics and interaction data, Session and authentication data

Email service

Configurable - Supports all SMTP services, no Google-specific limitations

  • Magic link emails, Account deletion confirmation messages

Server functions

Supabase Edge Functions - EU area edge servers

  • Magic link processing, GDPR deletion functions, Automatic wall cleanup

Security

  • • All data encrypted during transmission (HTTPS/TLS), • Databases encrypted at rest, • Access to data only for authenticated users, • Row Level Security (RLS) in use

6. User rights (GDPR)

Right to delete data

You can delete all your personal data at any time.

Delete my account and all my data →

GDPR Article 17 - Right to be forgotten

Right to access data

You can request a copy of all data we have stored about you.

GDPR Article 15 - Right of access

Contact: info@postwalls.com

Right to rectify data

You can correct incorrect or outdated data.

GDPR Article 16 - Right to rectification

Edit your messages and wall information in the service

Right to object to processing

You can object to processing of your data for analytics.

GDPR Article 21 - Right to object

Contact: info@postwalls.com

📦 Right to data portability

You can get your data in machine-readable format.

GDPR Article 20 - Right to data portability

JSON format available upon request

Right to complain

You can file a complaint with the data protection authority.

GDPR Article 77 - Right to lodge a complaint

Data Protection Ombudsman: tietosuoja.fi

7. Automated decision-making

Limited automated decision-making

Postwalls uses only technical automated functions that do not significantly affect users:

  • Rate limiting: Automatically prevents spam
  • Automatic wall deletion: Activated walls (Free: 74h, Pro: 96h), unactivated walls (Free: 24h, Pro: 90 days)
  • Token management: Removes expired authentication tokens
  • Reminder emails: Sends activation reminder for Pro walls at 60 days

These do not meet the GDPR Article 22 definition of significant automated decision-making.

8. Minors' usage and age restrictions

AGE RESTRICTION: 16 YEARS

Postwalls service may only be used by persons over 16 years of age.

GDPR compliance: According to EU General Data Protection Regulation (GDPR), processing personal data of persons under 16 requires guardian consent.

Service nature: Postwalls is a public communication service where messages are visible to other users. This makes the service unsuitable for minors.

User responsibility: When registering, you confirm that you are at least 16 years old. Providing false information may result in immediate account closure.

Legal basis for age restriction

  • GDPR Article 8: Consent requirements for persons under 16
  • Service safety: Risks of public communication for minors
  • Data protection: Legality of personal data processing
  • Terms compliance: Age restriction monitoring

What we do to protect minors

  • Clear announcement of age restriction during registration
  • User age verification required for wall creation
  • Reporting and investigation of suspicious minor usage
  • Immediate account closure if user is under 16
  • Immediate deletion of personal data for minors

9. Contact information and complaints

Data protection matters

If you have questions about data processing or want to use your GDPR rights:

Email: info@postwalls.com

Response time: 30 days (GDPR requirement)

Authority contact information

If you are not satisfied with the response, you can complain:

Data Protection Ombudsman

Website: tietosuoja.fi

Email: tietosuoja@om.fi

10. Changes to privacy policy

We reserve the right to update this privacy policy as the service develops. Significant changes will be announced to users by email at least 30 days before the changes take effect.

Last update: 30.11.2025

← Back to Home
Cookie Settings|Delete My Account|Postwalls v1.0