Privacy Policy

Effective Date: April 1, 2026

Last Updated: April 1, 2026

CreateSocial (“we”, “us”, or “our”) operates the website at createsocial.ai and the CreateSocial platform (collectively, the “Service”). This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Service.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, email address, and password when you create an account (managed through Amazon Cognito)
• Brand profile: Industry, role, audience demographics, content pillars, goals, brand voice preferences, and other information you provide during onboarding
• Knowledge base content: Notes, URLs, YouTube transcripts, and other materials you add to your knowledge base
• Video content: Video recordings, audio, and images you create or upload through the Service
• Payment information: Billing details processed through Stripe. We do not store your full credit card number on our servers.
• Social media credentials: OAuth tokens for connected platforms (TikTok, Instagram, YouTube, LinkedIn, X). Tokens are encrypted at rest.
• Communications: Emails, support requests, and other correspondence you send us

1.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken within the Service
• Device information: Browser type, operating system, screen resolution, and device identifiers
• Log data: IP address, access times, and referring URLs
• Analytics: We use Google Analytics to collect aggregate usage data (see Section 5)

1.3 Information from Third Parties

• Social media platforms: When you connect your accounts, we receive profile information and publishing permissions as authorized by you
• Payment processor: Stripe provides us with transaction confirmations and subscription status

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Generate content ideas, process videos, generate subtitles and captions, schedule and publish content to your connected platforms
• Personalize your experience: Use your brand profile and knowledge base to tailor AI-generated content to your niche, audience, and voice
• Process payments: Manage subscriptions, charge fees, and issue refunds when applicable
• Communicate with you: Send account notifications, billing confirmations, feature updates, and respond to support requests
• Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access

We do not sell your personal information. We do not use your content to train AI models. Your videos, ideas, and knowledge base content are used solely to provide you with the Service.

3. Third-Party Services We Use

We use the following third-party services to operate CreateSocial. Each has its own privacy policy governing its use of your data:

4. Data Storage and Security

4.1 Where Your Data Is Stored

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States (us-east-1 region). Video files are stored in Amazon S3. Database records are stored in Amazon RDS (PostgreSQL). Authentication is managed through Amazon Cognito.

4.2 Security Measures

We implement the following security measures to protect your data:

• All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
• Database connections are encrypted in transit
• Social media OAuth tokens are encrypted at rest using AES-256 encryption
• Database credentials are stored in AWS Secrets Manager, not in application code
• Authentication handled by Amazon Cognito with JWT-based session management
• All database queries are scoped to your organization to prevent cross-tenant data access
• Payment information is processed and stored by Stripe; we never see or store your full card number

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Cookies and Tracking

5.1 Cookies

We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled.

5.2 Google Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect anonymous usage data including pages visited, time on site, and referral sources. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

5.3 Local Storage

We use browser local storage to store authentication tokens (managed by AWS Amplify). These tokens are required for the Service to function and are cleared when you sign out.

6. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Video content: Retained while your account is active. Deleted within 30 days of account deletion or when you delete individual videos.
• Draft recordings: Automatically expire and are deleted after 7 days.
• Knowledge base content: Retained while your account is active. Deleted within 30 days of account deletion.
• Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).
• Server logs: Retained for up to 90 days for security and debugging purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing of your data
• Withdraw consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, contact us at hello@createsocial.ai. We will respond within 30 days.

7.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and share, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

7.2 European Residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data is: (a) performance of our contract with you (providing the Service), (b) your consent (where applicable), and (c) our legitimate interests (improving and securing the Service). You have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

CreateSocial is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, contact us at hello@createsocial.ai.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 30 days before changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at:
hello@createsocial.ai