Privacy Policy

We collect the following categories of information when you sign up for an account, connect a platform, or use Creator OS:

• Account data — your name, email address, and password hash. We never store passwords in plaintext.
• Profile and workspace data — niche, business models, monthly revenue range, team member emails, brand kit, and any content you create inside the app (projects, drafts, scripts).
• Connected platform data — when you connect YouTube, Instagram, Facebook, or another supported platform via OAuth, we receive an access token (and, where supported, a refresh token), your account identifier on that platform, and the scopes you granted. We may also pull channel metadata (display name, handle, follower counts), post metadata, message threads, and engagement statistics — only for the scopes you explicitly authorize.
• Usage data — pages you visit inside the app, actions you take, and basic device/browser metadata sent by your browser.

We use the information described above to:

• Provide, operate, and improve Creator OS.
• Authenticate you, keep your session active, and protect your account.
• Publish content on your behalf to platforms you have connected (only when you explicitly trigger a publish or schedule one).
• Show statistics and insights about your posts and channels.
• Display direct messages from connected platforms inside the Creator OS Inbox so you can reply and assign threads to teammates.
• Send transactional emails such as team invites and security notifications.

When you connect an Instagram or Facebook account through Meta, we receive only the data covered by the scopes you grant during the OAuth flow. Depending on which scopes you authorize, this may include:

• Your Instagram / Facebook user ID, username, and display name.
• Aggregate account statistics (follower count, post count, reach, impressions).
• Metadata, captions, and engagement counts for media you publish through Creator OS.
• Direct message threads and message content, used only to display and respond to messages inside the Creator OS Inbox.

We do notsell Meta platform data. We do not use it for advertising. We do not share it with third parties beyond the infrastructure providers listed in Section 5. You can disconnect Instagram or Facebook at any time from the Profile page; this revokes our tokens and prevents any further fetching.

We retain your account and workspace data for as long as your account is active. When you disconnect a platform, we delete the associated OAuth tokens. When you delete your account, we delete your profile, projects, and integration rows within 30 days. Backups containing residual copies are purged on our standard backup rotation.

To request account deletion, email privacy@creator-os.app.

We share your data only with the following categories of recipients, and only as needed to operate Creator OS:

• Infrastructure providers — Neon (database hosting), Amazon Web Services (media storage), a self-managed VPS (application hosting), and Resend (transactional email).
• Connected platforms — when you publish or reply via Creator OS, we send the relevant data to the destination platform (YouTube, Instagram, Facebook, etc.).
• Teammates you invite — they can see content, projects, and messages within the workspaces you share with them.
• Legal compliance — when required to comply with applicable law, subpoena, or to protect the rights of our users.

We do not sell your personal information. We do not share it with advertisers.

We use industry-standard practices to protect your data, including HTTPS everywhere, bcrypt password hashing, and access controls on our infrastructure. OAuth tokens are stored in our database and accessed only by server-side code that operates on your behalf. No method of transmission over the internet is 100% secure, but we work hard to keep your data safe.

• Disconnect a platform at any time from the Profile page. This deletes the associated OAuth tokens.
• Revoke access from the platform side— you can also revoke Creator OS' access directly from Meta, Google, etc.
• Update or deleteyour account information by emailing the address in Section 4.

Creator OS is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.

We operate Creator OS from servers located in the United States. If you access Creator OS from outside the U.S., you understand that your data will be transferred to and processed in the U.S., which may have different data-protection laws than your jurisdiction.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated by email or via an in-app notice.

Questions about this Privacy Policy? Email privacy@creator-os.app.