Privacy Policy

Creatoro ("we", "our", or "us") is an Instagram automation platform operated by Creatoro (India). This Privacy Policy explains how we collect, use, store, and protect information about you when you use our platform at creatoro.io and related services.

By using Creatoro, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.

We collect the following categories of information to provide and improve our services:

Account Information: When you register, we collect your name and email address. This is used to create and manage your account, send you transactional communications, and provide support.

Instagram Account Data: When you connect your Instagram Business account, we access data through the Meta Graph API, including your Instagram profile information, posts, comments, DM conversations, follower data, and analytics (followers, reach, impressions, engagement). We access only the data scopes required to deliver the automation features you enable.

Usage Data: We automatically collect information about how you interact with our platform, including pages visited, features used, timestamps, IP address, browser type, device type, and session duration. This data is used to improve the product and diagnose issues.

Payment Information: Subscription payments are processed by DodoPayments. We do not store your full payment card details. We receive and retain limited transaction records such as payment confirmation, plan type, and billing date from DodoPayments.

Communication Data: If you contact us for support, we retain records of those communications to assist you and improve our service.

We use the information we collect for the following purposes:

Service Delivery: To authenticate your account, operate the automation features (DM replies, comment responses, post scheduling), power the CRM for your contacts and followers, and display analytics dashboards.

Transactional Communications: To send you account-related emails such as registration confirmations, password resets, billing receipts, and important service notices. These communications are necessary to run your account and cannot be opted out of.

Product Improvement: To analyze aggregated usage patterns, debug errors, and develop new features. We do not use your personal data or Instagram content for training machine learning models.

Legal Compliance: To comply with applicable law, respond to lawful requests from authorities, and enforce our Terms of Service.

We do not use your personal data for advertising, and we do not sell or rent your data to any third party.

Your account data and Instagram data are stored in a PostgreSQL database hosted on cloud servers. Media files and attachments are stored using Cloudflare R2 object storage. Frequently accessed data such as session tokens and rate-limit counters are cached in Upstash Redis.

All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption provided by our cloud infrastructure. Access to production systems is restricted to authorised personnel only, and access is logged and reviewed.

While we implement industry-standard security practices, no system is completely secure. We encourage you to use a strong password and to notify us immediately at privacy@creatoro.io if you suspect any unauthorised access to your account.

We integrate with the following third-party services to operate the platform. Each is subject to their own privacy policy:

Meta (Instagram API):We use the Meta Graph API to access your Instagram Business account data. Your use of Instagram is governed by Meta's Data Policy. We access only the permissions you explicitly authorise during the Instagram connection flow.

DodoPayments:Payment processing is handled by DodoPayments. Your payment information is transmitted directly to DodoPayments and is subject to DodoPayments' Privacy Policy. We do not process or store card numbers.

Upstash Redis: We use Upstash as our managed Redis provider for caching session data and rate-limiting. Upstash processes data under a data processing agreement with us.

Cloudflare R2:Media files associated with your account are stored in Cloudflare R2, Cloudflare's object storage service. Data is processed under Cloudflare's privacy and data protection terms.

We do not share your personal data with any other third parties except as required by law or to protect our rights.

Depending on where you are located, you may have the following rights with respect to your personal data:

Right of Access: You may request a copy of the personal data we hold about you.

Right to Correction: You may request that we correct inaccurate or incomplete data.

Right to Deletion: You may request deletion of your account and associated personal data. Upon a valid deletion request, we will remove your data from our active systems within 30 days, subject to any legal retention obligations.

Right to Portability: You may request an export of your personal data in a commonly used, machine-readable format.

Right to Object / Restrict Processing: In certain circumstances, you may object to or request restriction of the processing of your data.

To exercise any of these rights, contact us at privacy@creatoro.io. We will respond within 30 days (or within the timeframe required by applicable law).

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

Account data (name, email) is retained for the lifetime of your account and deleted within 30 days of account closure.

Instagram data fetched via the API is retained while your account is active. If you disconnect your Instagram account from Creatoro, we cease further data fetching and delete the cached Instagram data within 14 days.

Billing records are retained for 7 years as required by applicable financial regulations in India.

Usage logs and analytics snapshots are retained for up to 12 months and then automatically purged or anonymised.

We use a minimal number of cookies strictly necessary to operate the platform. These include session cookies to keep you authenticated while using the dashboard. We do not use tracking cookies, advertising cookies, or third-party analytics cookies that profile you across websites.

Session cookies are deleted when you close your browser or log out. You can configure your browser to refuse cookies, but doing so may prevent some parts of the platform from functioning correctly.

Creatoro is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us at privacy@creatoro.io and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by displaying a prominent notice on the platform before the changes take effect. The updated policy will carry a revised "Last updated" date at the top of this page.

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our privacy team at:

Email: privacy@creatoro.io

For data protection and compliance inquiries (including GDPR), you may also write to our Data Protection Officer at dpo@creatoro.io.