Last updated: May 13, 2026
This Privacy Policy describes how Pistache Postiz (“Pistache Postiz”, “we”, “our”, or “us”), the social media scheduling platform operated by Agence Pistache (7 rue Gaston de Flotte, 13012 Marseille, France), collects, uses, and protects information when you use the Pistache Postiz application. By using Pistache Postiz, you agree to the practices described in this policy.
1. Who we are
Pistache Postiz is operated by Agence Pistache, a French social media agency. The Pistache Postiz application is available at https://meta.postiz.agence-pistache.fr. Our marketing website is https://agence-pistache.fr. Our Terms of Service are available at https://agence-pistache.fr/pistache-postiz-terms-of-service.
2. Information we collect
To provide the Pistache Postiz service, we collect:
- Account information: name, email address, and authentication credentials you provide when creating a Pistache Postiz account.
- Social network connection data: when you connect a TikTok, Instagram, Facebook, LinkedIn, YouTube, X, Pinterest, Threads, Bluesky, Mastodon, or Reddit account through OAuth, we receive and store the OAuth access tokens issued by that platform, along with basic public profile information (display name, username, avatar URL, account ID).
- Content data: the posts, captions, images, and videos you create, schedule, or publish through Pistache Postiz.
- Analytics data: aggregated performance metrics for posts published through Pistache Postiz (views, likes, comments, shares, reach), retrieved from the official APIs of the connected networks.
- Usage data: log data such as IP address, browser type, pages visited, and timestamps, used to operate and secure the service.
3. How TikTok data is handled
When you connect a TikTok account to Pistache Postiz:
- Authentication happens exclusively through TikTok’s official OAuth 2.0 flow. We never see, request, or store your TikTok password.
- We store the OAuth access token issued by TikTok, used only to perform actions you explicitly request through Pistache Postiz (publishing videos you scheduled, reading the analytics of videos you published).
- We retrieve only the scopes you grant during the OAuth flow (
user.info.basic,user.info.profile,user.info.stats,video.list,video.upload,video.publish). - You can disconnect your TikTok account at any time from within Pistache Postiz; doing so revokes the stored access token and deletes the cached profile data within 30 days.
- You can also revoke Pistache Postiz access directly from your TikTok account settings.
4. How we use information
We use the information collected to:
- Operate the Pistache Postiz service: schedule and publish your content, display analytics, and manage your social network connections.
- Provide customer support and respond to your requests.
- Improve the reliability, security, and quality of Pistache Postiz.
- Comply with legal obligations.
5. Data sharing
Pistache Postiz does not sell or rent personal information. We share data only with:
- The social network APIs (TikTok, Instagram, Facebook, LinkedIn, etc.) to which you have explicitly connected your accounts, and only to perform actions you initiate through Pistache Postiz.
- Infrastructure providers (hosting, database, error monitoring) under written confidentiality agreements, strictly to operate the service.
- Authorities when legally required.
6. Data retention
We retain account and content data for as long as your Pistache Postiz account is active. When you delete your account or disconnect a social network, the related access tokens are revoked immediately and associated cached data is deleted within 30 days, except where retention is required by law.
7. Your rights
Under the French Data Protection Act and the European General Data Protection Regulation (GDPR), you have the right to access, rectify, delete, and restrict the processing of your personal data, as well as the right to data portability and to object to processing. To exercise these rights, contact us at contact@agence-pistache.fr.
8. Security
Pistache Postiz uses HTTPS in transit, encrypted storage for OAuth tokens, and standard security controls including access logging, password hashing, and least-privilege role separation. No system is perfectly secure, but we work to protect your data against unauthorized access.
9. Changes to this policy
We may update this Privacy Policy from time to time. The latest version is always available at https://agence-pistache.fr/pistache-postiz-privacy-policy. Continued use of Pistache Postiz after an update constitutes acceptance of the revised policy.
10. Contact
For any question regarding this Privacy Policy or your data:
Agence Pistache — Pistache Postiz
7 rue Gaston de Flotte, 13012 Marseille, France
Phone: +33 4 12 29 00 55
Email: contact@agence-pistache.fr