Privacy Policy for Creonix Ltd.

Last Updated: October 20, 2025

1. Introduction

Welcome to Creonix.pro, operated by Creonix Ltd. ("we," "us," or "our"). Our SaaS platform is accessible at https://app.creonix.pro (the "Service"). Our Service allows users to connect their social media accounts (Instagram, TikTok, YouTube) via OAuth, schedule and publish organic video content (reels, stories, and Shorts), and access analytics to monitor account performance.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not access the Service.

We may update this Privacy Policy at any time. Changes will be indicated by an updated "Last Updated" date, and we encourage you to review this policy periodically.

2. Data We Collect

We collect information about you in the following ways:

• Instagram Account Information: When you connect your Instagram business account via OAuth, we collect your Instagram account ID, username, and access token provided by Meta (Instagram). This token allows us to publish content and retrieve analytics on your behalf.
• TikTok Account Information: When you connect your TikTok account via OAuth 2.0, we collect your TikTok Open ID, display name, access token, and refresh token provided by TikTok. This allows us to publish video content to your TikTok account on your behalf.
• YouTube Account Information: When you connect your YouTube channel via Google OAuth 2.0, we collect your YouTube channel ID, channel name, access token, and refresh token provided by Google. This allows us to upload Shorts to your YouTube channel and retrieve channel information. We use the YouTube Data API v3 in accordance with YouTube API Services Terms of Service.
• Media Data: We collect video files that you upload to the Service for publishing to your connected social media accounts (Instagram reels/stories, TikTok videos, YouTube Shorts). File size limits vary by platform.
• Analytics Data: We collect performance metrics from your Instagram account, including reach, follower growth, post engagement (likes, comments), and recent post data, to display in our Analytics section.
• Log Data: We automatically collect information such as your IP address, browser type, browser version, pages visited, time and date of visits, and time spent on pages ("Log Data").
• Database Logs: We maintain internal logs in our database related to application performance, errors, and actions (e.g., account connections, media uploads, publication events for all connected platforms).

3. How We Use Your Data

We use the information we collect to provide and improve the Service, including:

• Authenticating your social media accounts (Instagram, TikTok, YouTube) via OAuth and managing your connections to the Service.
• Allowing you to upload, schedule, and publish video content to your connected accounts:
  • Instagram: Reels and stories
  • TikTok: Video posts using the TikTok Content Posting API
  • YouTube: Shorts using the YouTube Data API v3
• Processing uploaded media files (e.g., compressing to H.264 format, adjusting specifications to meet platform requirements while preserving aspect ratio).
• Retrieving and displaying Instagram analytics (e.g., reach, follower growth, post engagement) in the Analytics section, updated hourly.
• For YouTube: Retrieving channel information to display connected account details and facilitate video uploads.
• For TikTok: Retrieving user profile information (display name) to display connected account details.
• Automatically refreshing access tokens when they expire to maintain uninterrupted service.
• Monitoring usage trends to improve the Service's functionality and user experience.
• Maintaining the security and operational integrity of the Service.
• Responding to your support requests and inquiries.
• Complying with legal obligations and platform policies (Instagram Platform Policies, TikTok Developer Terms, YouTube API Services Terms of Service).

4. Data Storage and Security

Your information, including social media account IDs (Instagram, TikTok, YouTube), access tokens, refresh tokens, channel/profile information, media files, and analytics data, is stored securely:

• Database Storage: Account credentials and tokens are stored in a MongoDB database and Supabase PostgreSQL database hosted on secure infrastructure.
• Token Encryption: OAuth access tokens and refresh tokens for all platforms (Instagram, TikTok, YouTube) are encrypted at rest in our database.
• Media Storage: Uploaded video files are stored temporarily during processing and publishing, then moved to Supabase Storage buckets with access controls.
• Secure Infrastructure: Our servers are hosted on Vultr Virtual Private Server (VPS) with industry-standard security measures.
• Access Controls: Database and server access is limited to authorized personnel only.
• Regular Security Updates: We perform regular security monitoring and updates to protect against vulnerabilities.
• HTTPS Encryption: All data transmission between your browser and our servers uses HTTPS encryption.

Despite these measures, no security system is impenetrable, and no data transmission method is guaranteed to be completely secure. We cannot guarantee absolute security of your information.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties for marketing purposes. We may share your information in the following cases:

• With Meta (Instagram): We use the Instagram Graph API to authenticate accounts, publish content, and retrieve analytics. Our API usage complies with Meta's Platform Terms and Developer Policies.
• With TikTok: We use the TikTok Content Posting API and TikTok OAuth 2.0 to authenticate your account and publish video content on your behalf. Our API usage complies with TikTok Developer Terms of Service and TikTok's Privacy Policy. We share only the data necessary to facilitate video uploads (video files, captions, privacy settings) as authorized by you during the OAuth consent process.
• With Google (YouTube): We use the YouTube Data API v3 to authenticate your channel via Google OAuth 2.0 and upload Shorts on your behalf. Our API usage complies with YouTube API Services Terms of Service and YouTube API Services Developer Policies. We share only the data necessary to facilitate video uploads (video files, titles, descriptions, thumbnails) as authorized by you during the OAuth consent process. Creonix's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
• By Law or to Protect Rights: We may share information to comply with legal processes, investigate policy violations, or protect the rights, property, or safety of others, as permitted by applicable law.
• Service Providers: We use Vultr for hosting infrastructure and Supabase for database and storage services. These providers do not have direct access to application data unless required for infrastructure maintenance or legal compliance.
• Business Transfers: Your information may be shared during negotiations of a merger, sale of company assets, financing, or acquisition of all or a portion of our business.

6. Compliance with Platform Policies

When you upload and publish content through the Service to any connected platform, you confirm that your content complies with the respective platform's policies:

• Instagram: Your content must comply with Instagram's Community Guidelines and Instagram Platform Policy.
• TikTok: Your content must comply with TikTok's Community Guidelines and TikTok Developer Terms of Service.
• YouTube: Your content must comply with YouTube's Community Guidelines, YouTube Terms of Service, and our use must comply with YouTube API Services Terms of Service.

We are not responsible for content that violates these rules. We reserve the right to suspend or permanently ban accounts that violate platform policies, with no option for reinstatement. Actions taken by platforms (e.g., content removal, account suspension) are outside our control.

7. User Rights

Depending on your jurisdiction (e.g., under GDPR for EU residents), you may have the following rights:

• Right to Access: Request access to the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data, subject to legal exceptions.
• Right to Restrict Processing: Request restriction of data processing.
• Right to Data Portability: Receive your data in a structured, commonly used format.

To exercise these rights, contact us at [email protected]. To delete your account and data, log into the Service, go to Account Settings, and select "Delete Account." This will remove your account, connected Instagram data, and uploaded media.

8. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., web beacons, tracking pixels) to manage sessions and improve your experience. We do not use these technologies to collect personal information beyond what is necessary for the Service’s functionality. You can disable cookies in your browser settings, but this may affect the Service’s availability (e.g., session management).

9. Data Retention

We retain your data only as long as necessary to provide the Service or comply with legal obligations:

• Account Credentials: Social media account IDs, usernames, and OAuth access/refresh tokens (Instagram, TikTok, YouTube) are retained while your account is active and the platform connection is maintained.
• Media Files: Uploaded video files are retained temporarily during processing and publishing, then stored in Supabase Storage. Files are retained until you delete them manually or until your account is deleted.
• Analytics Data: Instagram analytics data is retained while your account is active to display historical performance metrics.
• Account Deletion: Upon account deletion via Account Settings, all associated data (tokens, media files, analytics, connection information for all platforms) is permanently removed within 30 days, unless required by law to retain longer.
• Platform Disconnection: If you disconnect a specific platform (Instagram, TikTok, or YouTube) without deleting your Creonix account, the tokens and connection data for that platform are removed immediately.

Backup copies may remain in our systems for up to 90 days before permanent deletion as part of standard backup procedures.

10. International Data Transfers

Your data may be transferred to and processed in countries outside of your own, including the United States, where our servers are hosted. We ensure such transfers comply with applicable data protection laws, including GDPR for users in the European Economic Area, by using appropriate safeguards.

11. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the United Kingdom, as Creonix Ltd. is a company registered in the United Kingdom. We comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

12. Contact Information

For questions about this Privacy Policy, contact us at:

Email: [email protected]
Website: https://app.creonix.pro/