Sharpingknives

Privacy Policy

Last updated: 22 May 2026

This Privacy Policy applies to Sharpingknives (the "App" or the "Service"), a self-hosted social media scheduling and publishing tool operated by Mario Gabriele Sabbatini, trading as Sharpingknives, Italy ("we", "us", "our", the "Operator"). Sharpingknives runs at postiz.sharpingknives.com and is deployed from the open-source Postiz software. This policy explains how the App collects, uses, stores and discloses information when you create an account and use it.

By creating an account or otherwise using the Service, you ("you", "the user") acknowledge that you have read and understood this Privacy Policy.

1. Who we are (Data Controller)

The data controller responsible for the processing of personal data through the Service is:

2. The service in brief

The Service allows authenticated users to:

The Service does not read, scrape, repost or otherwise interact with content produced by users other than the authenticated user who has explicitly connected an account.

3. The data we collect

3.1 Account & identity data

When you register for an account on the Service, we collect: your email address, a hashed password (we never store passwords in plain text), and the display name you choose. We also assign you a unique internal identifier.

3.2 Connected third-party platform data

When you connect a third-party platform account to the Service, we receive information from that platform via its official OAuth flow and APIs. The specifics depend on the platform:

3.2.1 TikTok

When you connect a TikTok account, we use the TikTok Login Kit and the TikTok Content Posting API. We collect and store, only for the duration needed to operate the Service:

We do not request access to your TikTok inbox, direct messages, follower list, or to any content posted by other TikTok users. We do not use TikTok data for advertising, profiling, or any purpose other than operating the Service for you.

3.2.2 Meta — Instagram & Facebook

When you connect an Instagram Business / Creator account or a Facebook Page, we use the Meta Graph API. We collect: page or business account ID, name, profile picture, access tokens, and post-level metadata (post ID, publish timestamp, aggregated insights) for content you publish through the Service. We do not access personal Instagram accounts or content posted by users you do not control.

3.2.3 YouTube / Google

When you connect a YouTube channel, we use the Google OAuth 2.0 flow and the YouTube Data API v3. We collect: channel ID, channel title, thumbnail, OAuth access/refresh tokens, and metadata for videos you upload through the Service (video ID, status, aggregated public statistics).

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.2.4 Other supported platforms

For any other platform you choose to connect (X, LinkedIn, Threads, Pinterest, Reddit, Mastodon, Discord, Bluesky, etc.), we collect the minimum data required by that platform's official API to identify the connected account and to publish content on your behalf — typically an account identifier, display name, and OAuth tokens.

3.3 Content you upload for scheduling

Any text, image or video you compose or upload through the Service for the purpose of scheduling or publishing is stored on the server hosting the Service until you delete it, or until the corresponding scheduled post has been published and any retention period set by the user has elapsed.

3.4 Operational logs and usage data

We log technical information necessary to operate and secure the Service: timestamps of login attempts, IP addresses of authenticated sessions, errors returned by third-party APIs, and scheduled-job execution outcomes. These logs are retained for security and debugging purposes and are not used for profiling.

3.5 Cookies

The Service uses strictly necessary first-party cookies to keep you logged in (session cookies and a JWT). No advertising, analytics, or cross-site tracking cookies are set.

4. How we use the data & legal bases (GDPR)

5. Who we share data with

We do not sell or rent personal data, and we do not share it with third parties for advertising or analytics. We share data only with:

6. International data transfers

The Service is hosted in the European Economic Area (Helsinki, Finland). When you publish content to third-party platforms (e.g., TikTok, Meta, Google), data is transmitted to servers operated by those platforms, which may be located outside the EEA. Such transfers are governed by the respective platforms' own privacy policies and transfer mechanisms.

7. Data retention

8. How to revoke access

You can disconnect any connected third-party account at any time, directly from the "Channels" page of your Sharpingknives dashboard. Disconnecting:

  1. Immediately deletes the access and refresh tokens stored on the Service.
  2. Where the platform offers a token-revocation endpoint (TikTok, Google, Meta, etc.), the Service invokes it so that the tokens are also invalidated on the platform side.

Independently of disconnecting through the Service, you can revoke access at any time from the third-party platform itself:

9. Security

OAuth tokens and password hashes are stored in a PostgreSQL database accessible only over an internal network. All HTTP traffic to the Service is served over TLS 1.2+ (Let's Encrypt). The underlying server uses encrypted storage and is protected by firewall rules limiting administrative access.

10. Your rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or in another jurisdiction that grants equivalent rights, you have the right to:

To exercise any of these rights, contact us at mario@sharpingknives.com.

11. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Third-party platforms

Each third-party platform you connect to the Service operates under its own privacy policy, which governs how that platform processes data once it leaves the Service. Please review:

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date at the top and, where feasible, notify users through the Service. Continued use of the Service after such changes constitutes acceptance of the updated policy.

14. Contact

For any question regarding this Privacy Policy or the processing of your personal data, contact us at mario@sharpingknives.com.