We believe in clear, honest communication about data. This page explains exactly what we collect, why, and how long we keep it. We do not sell your data to anyone, ever. Session analytics are retained to help hosts review their event results — individual participant PII is minimised and deleted per the schedule below.
EngageLive is operated by postlister.com, based in Indore, Madhya Pradesh, India. References to "we", "us", or "EngageLive" in this policy refer to postlister.com. For GDPR purposes, postlister.com acts as the data controller for host account data, and as a data processor for participant session data on behalf of the host (the controller).
| What | Why | How long |
|---|---|---|
| Host account data (email, name, company) | Authentication, plan management, session logging, purchase receipts, organisation features | Retained for lifetime of account. Deleted within 30 days of account deletion request. |
| Session responses (poll answers, quiz scores, word cloud words, Q&A messages) | To display live results to the host and participants during the session, and to provide post-session analytics to the host | Real-time delivery through Firebase (deleted at session end). Aggregated results archived per plan retention: 30 days (Free), 180 days (Starter), unlimited (Pro/Business). |
| Session code & host settings | To allow participants to join and configure the session | Until host ends session or 48 hours, whichever is sooner |
| Participant names and emails (only if host enables collection) | Identify participants on leaderboard; enable host follow-up if host enables email collection | Retained per plan schedule if the host saves results. Otherwise deleted at session end. |
| Purchase records (email + plan + expiry) | To verify plan access across devices and for accounting | Retained for 13 months from purchase for accounting, then deleted |
| IP address (on contact form and account actions) | Fraud prevention and rate limiting | 30 days, then anonymised |
EngageLive uses Google Firebase Realtime Database (asia-southeast1, Singapore) to power live session data. Firebase is operated by Google LLC. Data stored in Firebase is subject to Google's Privacy Policy and Google's standard contractual clauses for data transfers. We use Firebase only for real-time session messaging — no user profiles or long-term analytics data is stored in Firebase.
Payments are processed by:
We receive only the payment reference number and buyer email from these gateways — never your full card details.
All data transmitted between users and our servers is encrypted using TLS 1.2 or higher. Session data in Firebase is protected by Firebase Security Rules requiring a valid session code. Host account data is stored on Hostinger servers (Lithuania, EU) with platform-level encryption at rest. Admin access to our servers is protected by key-based authentication. We do not expose PHP errors or server configuration in production.
See our full Security & Trust Centre for a detailed controls table and sub-processor list.
EngageLive is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has submitted personal information through our platform, please contact us at support@postlister.com and we will delete it promptly.
Under GDPR, UK GDPR, and the Indian DPDP Act, you have the right to:
To exercise any of these rights, email support@postlister.com. We respond within 30 days. For GDPR complaints you may also contact your local supervisory authority.
| Plan | Session result retention | Participant data |
|---|---|---|
| Free (5 participants/session, 2 sessions/day) | 30 days from session date | Deleted at session end |
| Starter | 180 days from session date | Deleted at session end (name/email if exported by host before then) |
| Pro / Business | Unlimited — retained for lifetime of account | Deleted at session end (name/email if exported by host) |
Host account data (email, name, organisation settings, plan history) is retained for the lifetime of the account and deleted within 30 days of an account deletion request. Purchase records are retained for 13 months for accounting purposes.
Legal basis for processing: We process host account data on the basis of contract (to provide the service you signed up for). We process session analytics on the basis of our legitimate interests (providing host analytics) and the host's instructions as data controller. Participant data is processed on the basis of the host's lawful basis for the session.
International transfers: Firebase data flows through Google's asia-southeast1 (Singapore) region under Google's Standard Contractual Clauses. Host account data is stored in Hostinger's EU servers (Lithuania). Both sub-processors are listed in our Data Processing Agreement.
Data Processing Agreement: Organisations subject to GDPR who use EngageLive for their employees' sessions should request a countersigned DPA from our DPA page or by emailing legal@postlister.com.
We may update this Privacy Policy from time to time. For material changes, we will email registered users at least 14 days before the change takes effect. We will update the "Last updated" date at the top of this page. Continued use of EngageLive after changes constitutes acceptance of the updated policy.
For privacy questions, data deletion requests, or GDPR queries: support@postlister.com (general) or legal@postlister.com (legal/DPA).
Postal address: EngageLive / postlister.com, Indore, Madhya Pradesh, India.