We built CreateMySocialAI to help you grow your business — not to profit from your data. This policy explains what we collect, why we collect it, and how you can control it.
When you create an account we collect your name, email address, and a hashed password. We never store your password in plain text.
To generate content tailored to your brand, we store information you provide about your business: your website URL, industry, brand voice, target audience, and any training documents you upload.
When you connect a social media account (Facebook, Instagram, Twitter/X, LinkedIn), we receive and store OAuth access tokens. These tokens are encrypted at rest using AES-256 encryption. We use them solely to post content and retrieve engagement metrics on your behalf.
We store the posts, content ideas, campaigns, and comments generated or managed through the platform. We also log actions taken within the app (posts published, content approved, etc.) to power analytics and recommendations.
Payment processing is handled entirely by Stripe. We never see or store your full credit card number. We store your Stripe Customer ID and subscription status to manage your account.
We collect standard server logs including IP addresses, browser type, and pages visited. This data is used for security monitoring and debugging, not for advertising.
We do not sell your personal data. We do not use your data to train AI models beyond generating content for your own account.
We share your data only with the following categories of service providers, and only as necessary to operate the platform:
We do not share your data with advertisers, data brokers, or any third parties beyond those listed above.
We retain your data for as long as your account is active. If you cancel your subscription, your data remains available for 30 days, after which it is deleted. You may request immediate deletion at any time by emailing [email protected].
We use industry-standard security measures including TLS in transit, AES-256 encryption for OAuth tokens, bcrypt password hashing (12 rounds), and rate limiting on authentication endpoints. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
Depending on your location, you may have the right to:
To exercise any of these rights, email [email protected]. We will respond within 30 days.
We use a single session cookie to keep you logged in. We do not use tracking cookies or advertising cookies. If you use Cloudflare's analytics (loaded on the site), a minimal analytics beacon is sent to Cloudflare — see Cloudflare's privacy policy for details.
CreateMySocialAI is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.
We may update this policy from time to time. We will notify you of material changes by email or by posting a notice in the app at least 14 days before changes take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.
Questions about this policy? Email us at [email protected].