Privacy Policy

Effective Date: January 1, 2026 | Last Updated: February 23, 2026

1. Introduction

CreatorSense AI ("we," "our," or "us") is a business analytics platform designed for content creators. This Privacy Policy explains how we collect, use, store, and protect your personal information and Platform Data from connected social media accounts.

This policy applies to all users of CreatorSense AI, including our website, dashboard, browser extension, and any related services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Password (encrypted)
Display name
Profile picture (optional)

2.2 Platform Data from Connected Accounts

When you connect social media platforms, we collect the following data solely from your own accounts with your explicit consent:

Facebook/Instagram (Meta)

Basic profile information (name, profile picture, user ID)
Page insights and engagement metrics (likes, comments, reach, impressions)
Post performance data
Follower/fan demographics (aggregated)

YouTube (Google)

Channel information (name, subscriber count, views)
Video analytics (views, watch time, engagement)
Revenue data (if authorized)
Audience demographics (aggregated)

TikTok

Profile information (username, display name)
Video performance metrics (views, likes, comments, shares)
Follower count and growth trends

Twitter/X

Profile information (username, display name, follower count)
Tweet engagement metrics (likes, retweets, replies)
Audience insights

Twitch

Channel information (username, follower count)
Stream analytics (viewers, chat activity)
Subscriber metrics

Patreon

Creator profile and membership tiers
Patron relationships and pledge history
Earnings and payout data (if authorized)

OnlyFans & Fansly

Profile performance and subscription counts
Engagement metrics (messages, likes, posts)
Anonymized revenue generation metrics

Payment Gateways (Stripe, Gumroad)

Transaction histories and revenue aggregates
Subscriber churn metrics
Note: We do NOT collect or store full credit card details or bank routing information.

Other Platforms

For any additional platforms we support, we collect similar analytics data limited to profile information and content performance metrics.

2.3 Usage Data

Device information (browser type, operating system)
Log data (access times, pages viewed)
IP address (for security and localization)

2.4 Payment Information

Payment processing is handled by Stripe
We do not store full credit card numbers on our servers
We retain transaction records for billing and compliance

3. How We Use Your Information

3.1 Primary Uses

We use your information to:

Display your analytics in a unified dashboard
Generate AI-powered insights and recommendations
Track growth trends across platforms
Provide personalized content strategy suggestions
Send service-related notifications

3.2 We Do NOT:

Sell, license, or rent your data to third parties
Use your data for advertising or profiling
Share Platform Data with other users or companies
Use your data for discrimination, surveillance, or eligibility determinations
Access or store your login credentials for connected platforms (we use OAuth)

4. Data Storage and Security

4.1 Storage Location

Your data is stored on secure cloud servers (Railway/AWS) with encryption at rest and in transit.

4.2 Security Measures

We implement industry-standard security safeguards including:

Administrative Safeguards:

Employee access controls and training
Regular security audits and reviews
Incident response procedures

Technical Safeguards:

TLS/SSL encryption for all data transmission
Encrypted database storage (AES-256)
Secure OAuth authentication (no password storage for platforms)
Regular security updates and patches
Access logging and monitoring

Physical Safeguards:

Data centers with restricted physical access
Environmental controls and redundancy

4.3 Security Incident Reporting

In the event of a security incident affecting your data, we will:

Notify affected users promptly
Report to relevant platform providers (Facebook, Google, etc.)
Take immediate remediation steps
Cooperate with any regulatory requirements

5. Data Retention and Deletion

5.1 Retention Period

We retain your Platform Data only as long as:

Your account remains active
You keep the platform connected
It's needed for the service you requested

5.2 Automatic Deletion

We automatically delete Platform Data when:

You disconnect a platform
You delete your account
You request data deletion
The platform provider requests deletion
Retention is no longer necessary for service delivery

5.3 How to Request Deletion

You can delete your data at any time by:

Dashboard Settings: Navigate to Settings → Privacy → Delete My Data
Disconnect Platforms: Remove individual platforms to delete only that data
Delete Account: Request full account deletion
Email Request: Contact privacy@creatorsenseai.com

We will process deletion requests within 30 days. Certain data may be retained if required by law (e.g., billing records for tax compliance).

6. Data Controller

The entity responsible for determining the purposes and means of processing your personal data (the "Data Controller") is:

Creator Sense AI
Sydney, New South Wales, Australia
Email: privacy@creatorsenseai.com

As the Data Controller, Creator Sense AI is responsible for all personal data and Platform Data shared by Meta and other platform providers through the permissions you authorise. We determine how and why your data is processed, and we are accountable for ensuring it is handled in accordance with applicable data protection laws and platform policies.

7. Data Sharing

7.1 We Share Data Only:

With Service Providers: Cloud hosting, payment processing, and email services that help us operate (bound by confidentiality agreements)
When Required by Law: In response to valid legal requests
With Your Consent: Only if you explicitly authorize sharing

7.2 Service Providers

We work with the following third-party service providers who may process Platform Data on our behalf. Each is bound by confidentiality agreements and data processing terms:

Provider	Category of Services	Data Processed
Railway	Cloud hosting & infrastructure	All application data (hosted environment)
Cloudflare R2	Cloud object storage	Media files uploaded by users (images, videos)
OpenAI	AI model processing	User queries and anonymised context sent to ARIA AI
Pinecone	Vector database / semantic search	Embedded representations of creator data for AI personalisation
Stripe	Payment processing	Billing information (name, email, payment method)
Resend	Transactional email delivery	Email address and message content for notifications
Google Analytics	Website usage analytics	Anonymised site usage data (no Platform Data)

All service providers are contractually required to protect your data and use it solely for providing their designated services. We do not permit them to use your data for their own marketing or analytics purposes.

7.3 Law Enforcement and Government Requests

CreatorSense AI is committed to protecting your privacy, including in the context of requests from public authorities and law enforcement agencies. Our approach is as follows:

Legal Review: Every request from a public authority or law enforcement agency is reviewed by responsible personnel to determine its legality and scope before any data is disclosed. We will not comply with requests that we believe to be unlawful, overbroad, or improperly issued.
Challenging Unlawful Requests: We will challenge requests that we consider to be unlawful, lack proper authorisation, or exceed the scope permitted by applicable law. We reserve the right to seek legal counsel and, where appropriate, seek judicial review of such requests.
Data Minimisation: In any case where we are legally required to disclose user data to a public authority, we will limit disclosure to the minimum information strictly necessary to satisfy the request. We do not provide bulk access to user data.
Documentation: All requests from public authorities, including the nature of the request, the legal basis cited, our response, and the legal reasoning applied, are documented internally in accordance with our compliance and audit obligations.
User Notification: Where permitted by law, we will endeavour to notify affected users of any valid legal request before disclosing their data, so they have the opportunity to seek their own legal remedies.
National Security: As of the date of this policy, CreatorSense AI has not received any national security requests (e.g., national security letters or FISA orders) for user data, and we have not provided user data in response to such requests.

For questions about this process, contact us at privacy@creatorsenseai.com.

8. Your Data Subject Rights

We respect and implement the following rights under GDPR, CCPA, and Australian Privacy Principles:

8.1 Right to Access (GDPR Art. 15)

You can:

Access all your data through the dashboard
Export your data in JSON format via Settings → Privacy → Export My Data
Request a copy of all data we hold about you

We will respond to access requests within 30 days.

8.2 Right to Rectification (GDPR Art. 16)

You can update your account information at any time through Settings. If you believe any data is inaccurate, contact us for correction.

8.3 Right to Erasure (GDPR Art. 17)

See Section 5.3 for deletion procedures. Upon account deletion, all personal data is removed within 30 days. Some data may be retained for legal obligations (anonymized).

8.4 Right to Data Portability (GDPR Art. 20)

Your data export is provided in machine-readable JSON format. This includes your profile, platform connections, content metrics, revenue data, and AI usage history.

8.5 Right to Withdraw Consent

You can disconnect any platform at any time, revoking our access to new data and triggering deletion of previously collected data. You can also withdraw marketing consent via Settings → Notifications.

8.6 Right to Object (GDPR Art. 21)

You can opt out of marketing communications and disable analytics tracking via Settings. Objections are processed within 48 hours.

8.7 Right to Restrict Processing (GDPR Art. 18)

9. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States where our servers are located. We use appropriate safeguards for international transfers, including:

Standard Contractual Clauses (for EU/EEA users)
Compliance with applicable data protection laws

10. Children's Privacy

CreatorSense AI is not intended for users under 18 years of age. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Email notification
Dashboard notification
Updated "Last Modified" date

Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Platform-Specific Compliance

12.1 Meta (Facebook/Instagram)

This application complies with Meta Platform Terms, including:

Using Platform Data only to provide analytics services to the user who connected their account
Not selling or licensing Platform Data to third parties
Deleting Platform Data upon user request or platform disconnection
Implementing required security safeguards

12.2 Google (YouTube)

This application complies with Google API Services User Data Policy, including limited use requirements.

12.3 TikTok

This application complies with TikTok's Platform Terms of Service.

12.4 Twitter/X

This application complies with Twitter Developer Agreement and Policy.

12.5 Twitch

This application complies with Twitch Developer Services Agreement.

12.6 Patreon

This application complies with the Patreon API Terms of Use, ensuring member data is processed securely and only for authorized analytics purposes.

12.7 OnlyFans & Fansly

Our integrations strictly adhere to the respective platform Terms of Service regarding data access, focusing strictly on creator-owned analytics without violating user privacy guidelines.

12.8 Payment Processors (Stripe, Gumroad)

Our usage of financial APIs complies fully with proper PCI-DSS guidelines where applicable, and we follow the Stripe Services Agreement and Gumroad API guidelines.

13. Consent Management

We track and respect the following consent types:

Consent Type	Purpose	Required	How to Manage
Terms of Service	Legal agreement to use the service	Yes	Accepted at registration
Privacy Policy	Data handling agreement	Yes	Accepted at registration
Newsletter	Product updates and tips	No	Settings → Notifications
Marketing Email	Promotional content and offers	No	Settings → Notifications
Analytics Tracking	Usage improvement	No	Cookie Preferences

All consent records are stored with timestamps and can be withdrawn at any time. We maintain an audit trail of consent changes for compliance purposes.

14. Contact Us

For privacy questions, data requests, or concerns:

Data Protection Contact: privacy@creatorsenseai.com

General Support: support@creatorsenseai.com

For data subject requests, please include:

Your account email
Type of request (access, deletion, correction, portability)
Any platform-specific requests

We will acknowledge your request within 3 business days and complete it within 30 days.

15. Data Request Justification

Why We Request Each Type of Data:

Data Type	Purpose	User Benefit
Profile Information	Display in dashboard, identify account	See your accounts in one place
Engagement Metrics	Track performance over time	Understand what content works
Audience Demographics	Analyze follower composition	Target content to your audience
Revenue Data	Financial forecasting (ORACLE)	Plan your business growth
Content Performance	Compare across platforms	Optimize posting strategy

We only request data that is necessary to provide our analytics services. We do not request access to private messages, friend lists, or other sensitive data not needed for analytics.