Privacy Policy

Creator Roam acts as the data controller and ensures that personal data is processed in compliance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws. Our headquarters are located within the EU, and we are dedicated to upholding the highest standards of privacy and data security in all our operations.

Types of Data Collected

• Personal Data: Includes but is not limited to names, email addresses, social media handles, and demographic information provided directly by users through account creation and service usage.
• Financial Data: Financial transactions are processed securely through Stripe's hosted checkout pages. We do not store or have access to your payment card details, ensuring your financial data remains confidential.
• Usage Data: We monitor how you interact with our services to improve functionality and user experience. This includes tracking the pages you visit, the features you use, and how frequently you access our services.
• Platform Data: Includes information obtained via official platform APIs, including Meta (Facebook and Instagram), Google (YouTube), and other connected services — such as access tokens used to sync your analytics.

Purpose of Processing

The purposes for processing personal data include:

• Providing personalized analytics and insights for social media strategy enhancement.
• Managing user accounts and facilitating communication for service-related notices.
• Processing transactions and maintaining accurate financial records.
• Conducting marketing and promotional efforts, subject to user consent.
• Providing and improving analytics and insights by processing social platform data in compliance with Meta's Platform Terms and Developer Policies, Google's API Services User Data Policy, and YouTube Developer Policies.

Time of Collection

Data is collected at the following times:

• At the point of user registration and during the setup of an account.
• When a user engages with our services to utilize our analytical tools.
• At the time of processing payments through Stripe for any service upgrades or purchases.
• During integration with Meta Platforms APIs or Google/YouTube APIs to access and process social platform data.

Consent

Consent is explicitly obtained when users agree to our privacy policy during the registration process. This consent can be withdrawn at any time by contacting us at [email protected], which will cease further processing but will not affect the lawfulness of processing based on consent before its withdrawal.

Recipients of the Data

Data is primarily processed internally by Creator Roam. For payment processing, Stripe receives the necessary financial data. We guarantee that no data is shared with other third parties for marketing or any other purposes without user consent.

• Service Providers: We share certain data with trusted Service Providers, such as Stripe for payment processing, who comply with Meta Platform Terms and adhere to high standards of data security.
• Tech Providers: Creator Roam may share data with Tech Providers who assist in providing analytics and insights. All Tech Providers comply with Meta's Platform Terms and Developer Policies.

Conservation Period

Personal data is stored for no longer than necessary to fulfill the specific purposes outlined in this policy:

• General user data is retained for 180 days post-account deactivation, unless retained longer for legal, tax, or regulatory reasons.
• Financial records, including transaction data and invoices, are kept for five years as per EU tax regulation requirements.
• Certain essential data may be retained for up to ten years in compliance with legal obligations under EU law.
• Platform data is retained for no longer than necessary to fulfill business purposes consistent with Meta Platform Terms.

Cookies

Cookies and similar tracking technologies are utilized to enhance site functionality and user experience:

• Functional Cookies: Necessary for the basic functioning of the site.
• Statistical Cookies: Employed to gather data on site usage and performance.
• Marketing Cookies: Used to deliver targeted advertising; these require explicit consent from users.

APIs

We utilize official APIs from supported social networks and platforms, including Facebook, Instagram, and YouTube, to gather analytics data. This ensures that all data processing adheres to the privacy policies of the respective platforms and complies with GDPR. Users explicitly consent to processing their platform data when connecting an account or registering for Creator Roam services.

Users' Rights

Under the GDPR, users have extensive rights concerning their data:

• Access, Rectify, Erase: You can request access to, correction of, or deletion of your personal data.
• Restrict, Object: You may ask to restrict processing or object to processing of your personal data.
• Portability: You have the right to receive your data in a structured, commonly used format.

Data Security

We employ state-of-the-art security measures including data encryption, secure data storage, and stringent access controls to protect against unauthorized access, alteration, or destruction of personal data.

• Encryption: Data is encrypted using TLS 1.2 during transmission and AES-256 during storage.
• Access Controls: Role-based permissions ensure that only authorized personnel have access to data.
• Audits: Regular audits are conducted to ensure data security compliance.
• Incident Reporting: In case of unauthorized access or data breach involving Meta platform data, Creator Roam will notify Meta within 24 hours.

Facebook and Instagram Data We Collect

When you connect Facebook or Instagram, we collect and store the following via Meta's APIs:

• Profile: Username, profile picture, follower count, following count, media count, biography.
• Insights (daily): Reach, impressions, accounts engaged, engagement rate, follower count, new followers, unfollowers, profile views, website clicks, email and phone clicks.
• Posts & media: Post IDs, captions, timestamps, likes, comments, reach, saves, shares, video watch time (for Reels).
• Demographics (optional): Age, gender, country, city of your followers (when available).

When: Data is collected when you connect your account (one-time) and during periodic syncs (typically every 24 hours or when you trigger a refresh).

Why: To display analytics, compare performance over time, and provide insights to improve your content.

Deletion: You can disconnect at any time in Settings. We stop syncing immediately. To delete stored data, deactivate or delete your account; we will remove your data within 30 days of request.

Track Others feature: When you track a public Instagram account (not your own), we store that account's public profile data (username, follower count, engagement, posts) via Meta's business_discovery API. This data is used only to display comparisons in your dashboard and is deleted when you remove the account from tracking or delete your account.

TikTok Data We Collect

When you connect TikTok, we collect and store the following via TikTok Login Kit and Display API:

• Profile: Display name, username, bio text, profile link, avatar, verification status, follower count, following count, total likes, and public video count.
• Videos: Video IDs, titles, captions, publish time, duration, dimensions, share links, embed links, cover images, and current view, like, comment, and share counts.
• Daily trends (computed by us): Follower changes, view changes, and engagement rates built from daily sync snapshots — TikTok does not provide historical analytics through this API.
• OAuth tokens: Access and refresh tokens to keep your connection active until you disconnect.

We do not collect: TikTok ad revenue, Creator Fund earnings, profile reach, demographics, or your external link-in-bio URL (not exposed by TikTok's API).

When: Data is collected when you connect TikTok and during periodic syncs (typically every 24 hours).

Why: To show your TikTok stats alongside Instagram, Facebook, and YouTube in one dashboard.

Deletion: Disconnect TikTok in Manage connections. We stop syncing immediately. Stored data is removed per our retention policy when you delete your account or request deletion.

TikTok Data Processing

Creator Roam accesses TikTok data only after you authorize our app through TikTok Login Kit. We use read-only scopes for profile and public video metadata. You can revoke access in Manage connections or in your TikTok app settings.

YouTube and Google Data We Collect

When you connect your YouTube channel, we collect and store the following via Google's YouTube Data API and YouTube Analytics API:

• Google account (sign-in): Your Google account identifier, email address, and basic profile name — used to sign you in and link your channel to your Creator Roam account.
• Channel profile: Channel name, description, thumbnail, country, custom URL, subscriber count, total view count, and video count.
• Channel analytics (daily): Views, watch time, average view duration, likes, comments, shares, subscribers gained, and subscribers lost.
• Audience breakdowns: Top countries, traffic sources, and age/gender viewer percentages (when YouTube provides them for your channel).
• Videos: Video IDs, titles, publish dates, thumbnails, duration, and privacy status for videos in your uploads list.
• Per-video analytics: Views, watch time, likes, comments, and shares for your videos over the selected time window.
• Revenue estimates (when available): Estimated ad revenue and related monetization figures for channels in the YouTube Partner Program. Zeros or missing values are normal if your channel is not monetized.

When: Data is collected when you connect your YouTube channel (one-time authorization) and during periodic syncs (typically every 24 hours, or when you trigger a refresh after connecting).

Why: To show your YouTube stats in one dashboard, track performance over time, compare platforms, and help you understand what content is working — the same purpose as our Instagram and Facebook analytics.

Deletion: You can disconnect YouTube at any time in Manage connections (Settings). We stop syncing immediately. To remove stored YouTube data, disconnect the channel or delete your Creator Roam account; we will remove your data within 30 days of a deletion request. You can also revoke Creator Roam's access in your Google Account permissions at any time.

Meta Platform Data Processing

Creator Roam accesses and processes data from Meta Platforms, such as Facebook and Instagram, to provide social media analytics and insights. This includes user tokens for authentication and personalized analytics, page tokens to retrieve page insights and engagement metrics, and access tokens for app functionality and enhanced insights. Users explicitly consent to this data processing when connecting their accounts and can revoke access at any time through Settings or their social media platform settings.

Google and YouTube Data Processing

Creator Roam accesses and processes data from Google and YouTube to provide channel analytics and insights for creators. This includes OAuth access and refresh tokens to authenticate your connection, read your channel and video metadata, and retrieve analytics reports you are entitled to see in YouTube Studio. We request only read-only scopes needed for analytics; we do not upload, edit, or delete your YouTube content. Users explicitly consent to this data processing when connecting YouTube and can revoke access at any time through Manage connections in Creator Roam or through Google Account permissions. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Incident Reporting

In the event of any unauthorized access, data breach, or incident involving Meta platform data, Creator Roam will notify Meta within 24 hours and promptly begin remediation efforts. If you believe your data has been compromised, please contact us immediately at [email protected].

Contact Us

If you have any questions about our Privacy Policy, or if you would like to request data modification or deletion, please contact us at [email protected].