Effective date: 2026-06-08

This Privacy Policy explains how Publicasta collects, uses, stores and shares personal data when you visit publicasta.com, create an account, publish content, comment, report content, use the API or contact us.

1. Controller and contact

The service is operated by To be defined, To be defined. For privacy questions or requests, contact [email protected]. For general support, contact [email protected].

If any company details are marked as “To be defined”, they are temporary and will be completed before a full public commercial launch.

2. Personal data we collect

Depending on how you use Publicasta, we may process:

  • Account data: name, email address, account role, account level, language preferences and authentication identifiers.
  • Login data: data received from sign-in providers such as Google, including provider account ID, email, name and avatar where available.
  • Publishing data: channels, articles, translations, drafts, revisions, slugs, excerpts, media metadata, publication status, scheduled publication time and moderation status.
  • Content data: text, images, captions, comments, reports, appeal explanations and any personal data you choose to include in content.
  • API data: API token metadata, token prefix, token name, creation and revocation times, API requests and resulting publishing activity. We store hashed API tokens, not the plain token after creation.
  • Moderation and trust data: reports, report reasons, moderation decisions, automated moderation results, account trust indicators and related notes.
  • Technical data: IP address, user agent, request timestamps, URLs, referrer, cookies, session identifiers, logs, error reports and security events.
  • Communication data: messages you send to support, privacy, moderation or administrative contacts.
  • Billing data: plan, payment status and billing metadata if paid features are introduced. Payment card details should be handled by payment processors rather than stored directly by Publicasta.

3. How we use personal data

We use personal data to:

  • create and manage accounts;
  • authenticate users and protect accounts;
  • provide publishing channels, articles, translations, comments, reactions, API access and media hosting;
  • show public content, sharing previews, language versions and publication dates;
  • moderate content, review reports, prevent abuse and maintain account trust;
  • operate scheduled publication, revision review and media cleanup workflows;
  • respond to support, privacy and moderation requests;
  • secure, debug, monitor and improve the service;
  • manage account levels, feature access and billing where applicable;
  • comply with legal obligations and enforce the Terms and Publishing Rules.

4. Legal bases

Where EU or similar data-protection law applies, we rely on the following legal bases:

  • Contract: to provide accounts, publishing tools, API access, moderation workflows requested by users, support and paid features.
  • Legitimate interests: to secure the service, prevent spam and abuse, maintain logs, improve functionality, enforce rules, handle reports and protect users, authors and third parties.
  • Legal obligation: where we must keep records, respond to lawful requests, handle compliance duties or preserve information required by law.
  • Consent: where we ask for optional consent, for example for non-essential cookies or optional communications. You may withdraw consent where consent is the basis.

5. Public content

Articles, channels, comments, author-visible names, publication dates, media and translations may be public. Public content can be viewed, copied, indexed by search engines, shared by readers and cached by third parties. Do not publish personal data unless you have a lawful basis and understand that public removal may not remove all third-party copies.

6. Cookies and similar technologies

We use cookies and similar technologies for login sessions, security, language preferences and basic service operation. If analytics, advertising or other non-essential cookies are introduced, we will provide appropriate notice and choices where required.

7. Who we share data with

We may share personal data with service providers who help operate Publicasta, such as hosting, storage, database, email, authentication, moderation, logging, analytics, security, payment and backup providers. They may process data only for agreed service purposes.

We may also share data if required by law, to protect rights and safety, to investigate abuse, to enforce our Terms, in connection with a business transfer, or with your direction or consent.

8. International transfers

Service providers, infrastructure and support may be located in different countries. Where applicable law requires safeguards for international transfers, we will use appropriate mechanisms such as adequacy decisions, standard contractual clauses or other lawful transfer tools.

9. Retention

We keep personal data only as long as reasonably needed for the purposes described above, unless a longer period is required or permitted by law.

  • Account data is usually kept while the account exists.
  • Published content remains until removed, unpublished or deleted by the author or moderation.
  • Drafts and media may be cleaned up if unused or abandoned.
  • API token metadata may be retained after revocation for security and audit purposes.
  • Moderation, report and trust records may be retained to prevent repeated abuse and handle disputes.
  • Technical logs are kept for a limited period appropriate for security, debugging and operations.
  • Backups may retain data for a limited period before rotation or deletion.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, export or restrict use of your personal data, object to certain processing, withdraw consent and complain to a data-protection authority. EU/EEA users have rights under the GDPR, including rights of access, rectification, erasure, restriction, portability and objection.

To exercise rights, contact [email protected]. We may need to verify your identity. Some requests may be limited where data is needed for security, legal compliance, freedom of expression, dispute handling, enforcement of claims or protection of others.

11. Automated processing and moderation tools

Publicasta may use automated tools to help detect spam, abuse, unsafe content or policy violations. Automated checks may flag content for review or influence moderation queues, but important publication or enforcement decisions may also involve human review. If you believe an automated or moderation decision was wrong, contact [email protected].

12. Children

Publicasta is not intended for children below the age at which they can lawfully use online services in their country without parental consent. Do not use Publicasta if you are not old enough to do so. If we learn that we process a child’s personal data unlawfully, we will take appropriate steps to delete or restrict it.

13. Security

We use technical and organisational measures designed to protect personal data, including access controls, hashed API tokens, encrypted transport, operational monitoring and backups. No online service can guarantee perfect security. You are responsible for securing your account, devices and API keys.

14. Your responsibilities as an author

If you publish personal data about other people, invite collaborators, moderate comments or use the API to submit data, you may have your own privacy and legal responsibilities. You must have a lawful basis for publishing or processing personal data and must respect requests and rights that apply to your own content.

15. Changes

We may update this Privacy Policy as Publicasta develops, service providers change or legal requirements evolve. The effective date above shows the current version. Material changes may be announced through the service or account email where appropriate.

16. Contact and complaints

For privacy requests, contact [email protected]. You may also have the right to lodge a complaint with your local data-protection supervisory authority. We ask that you contact us first where possible so we can try to resolve the issue.