• Pricing
  • Help
  • AI Traffic
    • Learn MoreStart free

    Privacy Policy

    Effective: May 2026

    Contents

    1. Who We Are
    2. What Postmancer Does
    3. Eligibility
    4. Data We Collect
    5. How We Use Your Data
    6. Third-Party Services
    7. Data Sharing
    8. Data Retention
    9. Data Security
    10. Your Rights
    11. International Data Transfers
    12. Changes to This Policy
    13. Contact

    1. Who We Are

    Postmancer is operated by Michał Włosik EFC, ul. Północna 16/5, 54-105 Wrocław, Poland (NIP: 8942747708).

    In this policy, "we", "us", and "our" refer to the operator. "You" and "your" refer to you, the user of the Postmancer Chrome extension and associated services (collectively, the "Service").

    2. What Postmancer Does

    Postmancer is a Chrome extension that adds a sidebar to Ghost CMS Admin. It connects to your Ghost site via the Ghost Admin API to provide AI writing tools, content management features, redirect management, and AI traffic insights.

    Postmancer's AI features (Ghostwriter and Narrate) use third-party AI services to generate content on your behalf. The Hallucinated Traffic feature uses a lightweight beacon script installed in your Ghost site's Code Injection footer to track anonymous 404 visits and identify which AI tools are referring visitors to non-existent pages on your site.

    Postmancer does not access, read, or modify any content on your Ghost site beyond what is necessary for the features you actively use.

    3. Eligibility

    Postmancer is intended for users aged 16 and older. By using the Service, you confirm that you are at least 16 years of age. We do not knowingly collect data from anyone under 16. If we learn that a user is under 16, we will promptly delete their account and associated data.

    4. Data We Collect

    4.1 Account data

    When you create an account, we collect:

    • Email address — used for authentication and account management
    • Display name and profile photo — if you sign in with Google OAuth, provided by Google and used for display within the application
    • Password — if you sign up with email and password, your password is securely hashed by Supabase Auth and never stored in plain text
    • Authentication tokens — managed server-side via Supabase Auth to keep you signed in

    4.2 Ghost site connection data

    When you connect your Ghost site, we store in your browser's local Chrome storage:

    • Ghost site URL — the admin URL of your Ghost site
    • Ghost Admin API key — used to authenticate requests to the Ghost Admin API on your behalf

    Your Ghost site URL and API key are stored locally in your browser only, using Chrome's secure local storage. They are never sent to or stored on Postmancer's servers.

    4.3 AI usage data

    When you use AI features (Ghostwriter, Narrate), we store:

    • Usage records — the action performed, the number of AI credits consumed, and the timestamp. Used to enforce monthly credit limits and display usage in the settings panel
    • Post content — post titles and body content are sent to our backend edge functions to generate AI output. This content is processed in real time and is not permanently stored on our servers after processing

    4.4 Hallucinated Traffic data

    When you install the AI Traffic beacon on your Ghost site, we store:

    • 404 URL paths — the path that was visited but does not exist on your site
    • Referrer classification — which AI tool (ChatGPT, Perplexity, Gemini, etc.) referred the visitor, based on the HTTP referrer header
    • Hit count and timestamps — how many times each URL was visited and when it was first and last seen
    • Site token — a unique UUID associated with your account and Ghost site, used to attribute beacon hits to your account

    No personal data from your site's visitors is collected. The beacon does not use cookies, does not track individual users, and does not collect IP addresses or any identifying information about the visitors themselves.

    4.5 Subscription and billing data

    When you upgrade to Pro, billing is handled by Polar.sh. We store:

    • Plan status — whether your account is on the free or pro plan
    • Polar customer ID and subscription ID — used to identify your subscription in Polar's system

    We do not store payment card details. All payment processing is handled by Polar.sh and their payment processor.

    4.6 Settings and preferences

    Your configuration choices are stored server-side and include:

    • Which sidebar tools are enabled
    • Notification and display preferences

    5. How We Use Your Data

    • Provide the service — authenticate your account, connect to your Ghost site, and power all features you actively use
    • AI content generation — relay post content to Google Gemini (Ghostwriter) and ElevenLabs (Narrate) to generate requested output on your behalf
    • Credit enforcement — track AI credit usage to apply free and pro plan limits and display your remaining credits
    • Hallucinated traffic tracking — receive and store beacon hits from your Ghost site's 404 pages, classify them by AI source, and display them in the Postmancer panel
    • Subscription management — receive webhook events from Polar.sh to update your plan status when you subscribe, upgrade, or cancel
    • Customer support — respond to enquiries sent to our contact email

    6. Third-Party Services

    Postmancer relies on the following third-party services to function:

    Google Gemini — AI content generation (Ghostwriter) Post content is sent to Google's Gemini API via server-side edge functions to generate article outlines, full article drafts, and meta descriptions. Content is processed in real time and is not permanently logged by us after processing. Terms: ai.google.dev/terms

    ElevenLabs — Text-to-speech (Narrate) Post content is sent to ElevenLabs' API via server-side edge functions to generate audio narration. Audio files are stored in Supabase Storage and linked to your Ghost post. Content is processed in real time. Privacy policy: elevenlabs.io/privacy

    Supabase — Backend infrastructure Handles user authentication (email/password and Google OAuth). Stores account data, AI usage records, hallucinated traffic entries, plan status, and settings. Provides file storage for generated audio files. Runs edge functions that power AI generation and the beacon receiver. Hosted in the EU West region. Privacy policy: supabase.com/privacy

    Polar.sh — Subscription billing Handles payment processing and subscription management for the Pro plan. Sends webhook events to Postmancer to update your plan status. We do not store payment card details. Privacy policy: polar.sh/privacy

    Pixabay — Stock photography When you use Ghostwriter's feature image or in-body gallery options, or the Lorem Ipsum Generator with images enabled, photos are fetched from Pixabay's API and uploaded to your Ghost media library. No personal data is shared with Pixabay beyond standard API request metadata. Privacy policy: pixabay.com/service/privacy

    Google Chrome — Local storage Your Ghost site URL and Admin API key are stored in your browser's local Chrome storage using the chrome.storage.local API. This data never leaves your browser and is not accessible to Postmancer's servers.

    7. Data Sharing

    We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

    • Third-party service providers — as described in Section 6, strictly to operate the Service's core functionality
    • Legal obligations — if required by applicable law, regulation, or valid legal process
    • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity

    8. Data Retention

    • Account data — retained for as long as your account exists. If you delete your account, all associated data is permanently removed within 30 days
    • AI usage records — retained for 13 months to support billing period calculations, then deleted
    • Hallucinated traffic entries — retained until you dismiss them or delete your account
    • Generated audio files — stored in Supabase Storage and retained until you remove the audio from your post or delete your account
    • Plan and subscription data — retained for the duration of your account
    • Settings and preferences — retained for the duration of your account

    9. Data Security

    We implement the following measures to protect your data:

    • All communication between your browser, our servers, and third-party APIs uses HTTPS/TLS encryption
    • Your Ghost Admin API key is stored exclusively in your browser's local Chrome storage — never on our servers
    • Third-party API keys (Gemini, ElevenLabs) are stored as server-side environment variables and never exposed to the client
    • Authentication is managed via Supabase Auth with automatic session refresh and secure cookie handling
    • User data in Supabase is protected by row-level security (RLS) policies — each user can only access their own data
    • The Supabase backend is hosted in the EU West region
    • The Hallucinated Traffic beacon collects no personal data from your site's visitors — only anonymous URL paths and referrer classifications

    No system is perfectly secure. While we take reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet.

    10. Your Rights

    Depending on your jurisdiction, you may have the following rights regarding your personal data:

    • Access — request a copy of the personal data we hold about you
    • Rectification — request correction of inaccurate data
    • Erasure — request deletion of your account and all associated data
    • Portability — request your data in a structured, machine-readable format
    • Objection — object to processing of your data for certain purposes
    • Restriction — request that we limit how we process your data

    To exercise any of these rights, contact us at hello@postmancer.com. We will respond within 30 days, or within the timeframe required by applicable law.

    11. International Data Transfers

    Our authentication and storage infrastructure is hosted in the EU West region via Supabase. Third-party services including Google Gemini and ElevenLabs may process data in the United States or other regions. By using the Service, you acknowledge that your data may be transferred to and processed in countries outside your country of residence, which may have different data protection standards.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this document and, where feasible, notify you via the application or our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

    13. Contact

    If you have questions or concerns about this Privacy Policy or your data, please contact us:

    Michał Włosik EFC ul. Północna 16/5, 54-105 Wrocław, Poland NIP: 8942747708

    Email: hello@postmancer.com Web: postmancer.com

    Postmancer is independent of and not affiliated with, authorised, sponsored, or approved by Ghost Foundation.

    Cookie Settings
    This website uses cookies

    Cookie Settings

    We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

    These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

    These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

    These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

    These cookies help us to better deliver marketing content and customized ads.

    View Cookie Policy