Privacy Policy — Dr.Creators

1) Who We Are & Roles

For most processing activities, we act as an independent data controller. In certain cases (e.g., where a Brand uploads creator data for its own campaign), we may act as a data processor on behalf of that Brand. Our Data Processing Addendum (DPA) applies where we process personal data as a processor.

2) Information We Collect

A. Information You Provide

• Account & profile: name, email, password (hashed), company name, role, preferences, billing contact.
• Campaign & CRM data: briefs, notes, ratings, payment terms, deliverables, files you upload, messages sent through the Service.
• Support & communications: messages to our team, feedback, survey responses.
• Payment details: processed by our payment provider (we store limited billing metadata, not full card numbers).

B. Platform Data (Instagram/Meta & TikTok)

When you connect your Instagram or TikTok account, you authorize us to access Platform Data via official APIs within the scope of your granted permissions. Categories may include:

• Account metadata: account ID, username/handle, profile info, profile picture.
• Content & insights: posts, videos, captions, timestamps, comments/mentions (where permissioned), engagement metrics (views, likes, shares, saves), audience and content insights provided by the platform.
• Performance analytics: reach, impressions, CTR and similar metrics as exposed by the APIs.
• Tokens: access tokens/refresh tokens necessary to connect and sync your account.

We request only the permissions needed to provide the Service. You can revoke our access at any time in your Meta/TikTok account settings or inside the Service.

C. Automatically Collected

• Usage & device data: pages viewed, features used, clicks, session duration, IP address, device type, OS, browser, language, and coarse location (derived from IP).
• Cookies/SDKs: essential cookies for security and login; optional analytics/marketing cookies (with your consent where required).
• Logs & diagnostics: event logs for security, debugging, and uptime monitoring.

3) How We Use Information

• Provide, operate, maintain, and improve the Service and its features (including syncing creator performance).
• Authenticate you and manage accounts, subscriptions, and payments.
• Show analytics and dashboards, including creator performance metrics from Platform Data.
• Customize content and experiences; provide tips, onboarding, and support.
• Monitor and secure the Service; prevent fraud, abuse, and violations of platform policies.
• Comply with legal obligations and enforce agreements.
• Conduct product research and aggregated statistical analysis (using de-identified data where feasible).
• Send service-related communications (transactional emails, security alerts). Marketing emails are sent with your consent where required, and you can opt out at any time.

Legal bases (GDPR/LGPD): performance of a contract, legitimate interests (e.g., to secure and improve the Service), consent (e.g., cookies/marketing, connecting social accounts), and legal obligations.

4) How We Share Information

• Service providers (processors): hosting, cloud storage, analytics, error monitoring, email/SMS, payment processing, customer support. They are bound by confidentiality and data protection terms.
• Affiliates & corporate transactions: with our group companies; or in mergers, acquisitions, financing, or asset sales.
• Legal & compliance: to comply with law, enforce our terms, or protect rights, safety, and security.
• Platform compliance: where required by Instagram/Meta or TikTok terms to audit or enforce platform policies.
• Brands & Creators: if you choose to share or collaborate within the Service (e.g., campaign invitations, messaging, or profile visibility settings).

We do not sell personal information or Platform Data. We do not allow third parties to use Platform Data for their independent advertising or profiling.

5) Cookies, SDKs & Similar Technologies

We use essential cookies for authentication and security, and (with consent where required) analytics and marketing cookies/SDKs to measure usage and performance. You can manage preferences via our cookie banner and in your browser settings. Disabling certain cookies may limit functionality.

6) Security

We implement reasonable technical and organizational measures, including encryption in transit, access controls, and logging. No system is 100% secure. If we become aware of a data incident affecting your personal data, we will notify you and/or regulators as required by law.

7) Data Retention

• Account & CRM data: retained while your account is active and for up to 24 months after closure, unless longer is required by law or for dispute resolution.
• Platform Data: kept only as long as necessary to provide the Service. Upon revocation of permissions or account deletion, we delete or de-identify Platform Data within a commercially reasonable period.
• Backups & logs: may persist for up to 90–180 days in secure archives, then are deleted or overwritten.

8) Your Rights & Choices

Subject to local law (e.g., LGPD, GDPR, and similar), you may have the right to:

• Confirm processing and access your data; obtain a copy (portability).
• Correct inaccurate or incomplete data.
• Request anonymization, restriction, or deletion of data that is unnecessary, excessive, or processed in violation of law.
• Object to processing or withdraw consent (e.g., cookies, connected accounts) without affecting lawful processing before withdrawal.
• Opt out of marketing communications at any time (unsubscribe links or account settings).
• Lodge a complaint with a supervisory authority (e.g., Brazil’s ANPD or your local authority).

To exercise rights, email [email protected] or visit /data-delete. We may verify your identity and respond within the timeframes required by law.

9) International Data Transfers

We may transfer personal data to countries outside your own (e.g., to the United States or European Union) where our infrastructure or providers operate. When we do, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, and/or other mechanisms permitted by applicable law.

10) Children’s Privacy

The Service is not intended for individuals under 16 (or the age required by your country’s law, e.g., 13 in the U.S.). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.

11) Instagram/Meta & TikTok — Limited Use & Compliance

• We access and use Platform Data only as necessary to provide the Service you request (e.g., syncing creator performance and insights).
• We comply with Instagram Graph API Terms, Meta Platform Terms, and TikTok Developer Terms/Policies. You must also comply with these terms.
• We do not sell Platform Data, nor permit its use for third-party advertising, profiling, or marketing outside the Service.
• We do not combine Platform Data with personally identifiable information from other sources in ways that would violate platform terms or law.
• Upon revocation of permissions or account deletion, we will delete or de-identify Platform Data within a commercially reasonable period, subject to legal retention requirements.

12) Your Controls & Choices

• Account settings: update profile, change email preferences, manage connected accounts.
• Revoke platform access: in your Instagram/Meta or TikTok settings; you can also disconnect from within the Service.
• Cookie preferences: manage via our banner or your browser settings.
• Data deletion: request account deletion and data removal at /data-delete or by emailing us.

13) How to Submit a Data Request

Submit a request via /data-delete or email[email protected]. Please specify the right you wish to exercise and include sufficient information for verification. We will respond within the timeframe required by law (e.g., up to 15 days under LGPD; one month under GDPR).

14) Facebook/Instagram & TikTok Data Deletion Instructions

If you wish to delete data obtained from your connected Instagram or Facebook account:

1. Go to Facebook > Settings > Security and login > Apps and Websites, find “Dr.Creators”, and remove it. This revokes future access.
2. Submit a deletion request at /data-delete or email [email protected], specifying “Facebook/Instagram data deletion”.

For TikTok:

1. Open TikTok > Settings > Security & login > Apps, disconnect “Dr.Creators”.
2. Submit a deletion request at /data-delete or email us specifying “TikTok data deletion”.

After verification, we will delete or de-identify associated Platform Data within a commercially reasonable time, subject to legal retention obligations.

15) Disclosures for U.S. (California) Consumers

We do not “sell” or “share” personal information as defined by the CCPA/CPRA. California residents may request to know, access, correct, or delete personal information and may not be discriminated against for exercising these rights. Submit requests via/data-delete or email us.

16) Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy and revise the “Last updated” date. Material changes will be communicated via the Service or email where appropriate. Your continued use after changes become effective indicates acceptance.

17) Contact Us