Privacy Policy for Creonix

Last Updated: May 8, 2025

1. Introduction

Welcome to Creonix ("we," "us," or "our"). Creonix is a SaaS platform accessible at https://app.creonix.pro (the "Service"). Our Service allows users to connect their Instagram business accounts via OAuth, schedule and publish organic video content (reels and stories), and access analytics to monitor account performance.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not access the Service.

We may update this Privacy Policy at any time. Changes will be indicated by an updated "Last Updated" date, and we encourage you to review this policy periodically.

2. Data We Collect

We collect information about you in the following ways:

• Account Information: When you connect your Instagram business account via OAuth, we collect your Instagram account ID, username, and access token provided by Meta (Instagram). This token allows us to publish content and retrieve analytics on your behalf.
• Media Data: We collect video files (reels and stories, up to 30 MB) that you upload to the Service for publishing to your Instagram account.
• Analytics Data: We collect performance metrics from your Instagram account, including reach, follower growth, post engagement (likes, comments), and recent post data, to display in our Analytics section.
• Log Data: We automatically collect information such as your IP address, browser type, browser version, pages visited, time and date of visits, and time spent on pages ("Log Data").
• Database Logs: We maintain internal logs in our database related to application performance, errors, and actions (e.g., account connections, media uploads, publication events).

3. How We Use Your Data

We use the information we collect to provide and improve the Service, including:

• Authenticating your Instagram account and managing your connection to the Service.
• Allowing you to upload, schedule, and publish video content (reels and stories) to your Instagram account.
• Processing uploaded media files (e.g., compressing to H.264 format to meet Instagram requirements while preserving aspect ratio).
• Retrieving and displaying Instagram analytics (e.g., reach, follower growth, post engagement) in the Analytics section, updated hourly.
• Monitoring usage trends to improve the Service’s functionality and user experience.
• Maintaining the security and operational integrity of the Service.
• Responding to your support requests and inquiries.
• Complying with legal obligations and Instagram’s Platform Policies.

4. Data Storage and Security

Your information, including Instagram account IDs, access tokens, media files, and analytics data, is stored in a MongoDB database hosted on a secure Vultr Virtual Private Server (VPS). We implement the following security measures:

• Secure server infrastructure provided by Vultr.
• Access controls to limit database and server access to authorized personnel only.
• Regular security monitoring and updates to protect against vulnerabilities.

Despite these measures, no security system is impenetrable, and no data transmission method is guaranteed to be completely secure. We cannot guarantee absolute security of your information.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties for marketing purposes. We may share your information in the following cases:

• With Meta (Instagram): We use the Instagram Graph API to authenticate accounts, publish content, and retrieve analytics. Our API usage complies with Meta’s Platform Terms and Developer Policies.
• By Law or to Protect Rights: We may share information to comply with legal processes, investigate policy violations, or protect the rights, property, or safety of others, as permitted by applicable law.
• Service Providers: We use Vultr for hosting infrastructure. Vultr does not have direct access to application data unless required for infrastructure maintenance or legal compliance.
• Business Transfers: Your information may be shared during negotiations of a merger, sale of company assets, financing, or acquisition of all or a portion of our business.

6. Compliance with Instagram Policies

When you upload media to the Service, you confirm that your content complies with Instagram’s Community Guidelines and Platform Policy. We are not responsible for content that violates these rules. We reserve the right to suspend or permanently ban accounts that violate Instagram’s policies, with no option for reinstatement.

7. User Rights

Depending on your jurisdiction (e.g., under GDPR for EU residents), you may have the following rights:

• Right to Access: Request access to the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data, subject to legal exceptions.
• Right to Restrict Processing: Request restriction of data processing.
• Right to Data Portability: Receive your data in a structured, commonly used format.

To exercise these rights, contact us at [email protected]. To delete your account and data, log into the Service, go to Account Settings, and select "Delete Account." This will remove your account, connected Instagram data, and uploaded media.

8. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., web beacons, tracking pixels) to manage sessions and improve your experience. We do not use these technologies to collect personal information beyond what is necessary for the Service’s functionality. You can disable cookies in your browser settings, but this may affect the Service’s availability (e.g., session management).

9. Data Retention

We retain your data only as long as necessary to provide the Service or comply with legal obligations. Instagram account IDs and access tokens are retained while your account is active. Media files and analytics data are retained until you delete them or your account. Upon account deletion, all associated data is permanently removed within 30 days, unless required by law to retain longer.

10. International Data Transfers

Your data may be transferred to and processed in the United States, where our servers are hosted. As Creonix operates under a French company, we ensure such transfers comply with applicable data protection laws, including GDPR for EU users, using appropriate safeguards.

11. Governing Law

This Privacy Policy shall be governed by the laws of France, as Creonix operates under a French company. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union.

12. Contact Information

For questions about this Privacy Policy, contact us at:

Email: [email protected]
Website: https://app.creonix.pro/