Creafilo Privacy Policy

We process account data required for login, such as name, email address, and account identifiers from the identity provider you choose.

We also process workspace data, content, media assets, schedules, publish jobs, live sessions, offers, tracked links, CTA kits, workspace analytics, billing state, feedback, and operational audit logs.

When you connect channels such as YouTube or Meta, we store tokens, channel identifiers, permission scopes, token health, and destination metadata needed to operate the features you enable.

For live streaming, we may process live titles, descriptions, thumbnails, scripts, run-of-show items, pinned comments, destination state, stream health, recording references, transcripts, clip references, and operational analytics.

Creafilo requests only permissions needed for the features you enable, such as reading connectable Pages or channels, creating or preparing publish/live workflows, checking token status, and storing destination metadata.

For Meta and Instagram, direct publishing is used only for eligible Pages or Instagram Professional accounts. Personal profiles that are not supported by official APIs use Assisted Publish, not hidden auto-posting.

For YouTube and Twitch, data is used to connect channels, prepare live/video metadata, operate requested publishing or live workflows, and show operational status.

OAuth tokens, refresh tokens, and stream keys are stored encrypted when the CREAFILO_TOKEN_ENCRYPTION_KEY runtime configuration is available. Tokens are not shown back to the browser after storage.

Media that must be published through platform APIs may be stored in object storage and exposed through public HTTPS URLs because some platforms require media to be fetched from a public URL during publishing.

Local blob previews in the browser are used only for temporary upload experience and are not final publish URLs.

We use data to create and secure accounts, operate workspaces, connect channels, publish or prepare posts, run live handoff workflows, show analytics, process billing, and provide support.

Our processing may be based on performing the service you request, legitimate interests in security and service improvement, consent when you connect third-party integrations, and legal or accounting obligations where applicable.

If AI features are enabled, Creafilo may process prompts, briefs, captions, transcripts, live recording references, and analytics to generate drafts, recommendations, clips, insights, or summaries.

AI output is assistive. Users should review content before publishing, especially product claims, sponsor or affiliate statements, and audience-impacting information.

Creafilo may use infrastructure, object storage, email, payment, observability, AI, and social platform API providers only to operate the service.

Where data is processed across borders, we apply access limits, technical safeguards, and data-processing arrangements appropriate for the service.

Workspace data is retained while the account is active or as needed for security, audit, billing, dispute resolution, and service recovery.

You may request deletion through the Data Deletion page. Channel tokens will be revoked or removed from active systems, while limited backups may remain temporarily according to security retention cycles.

We limit internal access, use encrypted secret flow, separate browser-safe configuration from backend secrets, keep operational audit logs, and monitor abuse such as spam, unauthorized publishing, token errors, or activity that harms platforms.

No system is risk-free. If you see unauthorized activity, contact support@creafilo.com so we can help rotate tokens, revoke channels, or suspend a risky workspace.