Privacy policy

Account and session

You sign in with Google, or with email and password, or a one-time magic link. The app keeps you logged in with secure session cookies while you use it.

Retention: Session lifetime follows your auth provider settings. You can delete your account from Settings; that removes your app data tied to the account (subject to database cascades and provider retention).

Preferences and invoice profile

Optional settings such as country, timezone, 12- or 24-hour time display, currency, content niche, email signature text, and business details you enter for invoices are stored with your account.

Social profile links (manual YouTube URL, TikTok, X)

If you do not use Google to connect YouTube, you may paste a public YouTube channel URL plus optional TikTok and X URLs. These are stored as text on your account.

Instagram (Meta) connection

If you choose Connect Instagram, you sign in with Facebook/Meta. We store your Instagram professional account identifiers and an encrypted token so the server can call Meta’s APIs on your behalf (e.g. for future metrics).

Retention: Token and connection fields are removed when you disconnect Instagram in the app, subject to backups and database operations.

YouTube channel (Google sign-in)

If you choose Connect YouTube, you sign in with Google and grant read-only YouTube Data and YouTube Analytics scopes so we can list channels you manage and later refresh Audience Metrics on demand. You pick which channel to save. We store the channel id, title, profile URL, a public subscriber count snapshot, and an encrypted OAuth refresh token (for Analytics refresh and token rotation). Ongoing “What to Charge” public stats still use your server’s YouTube Data API key where applicable.

Retention: Disconnect YouTube in the app clears stored channel fields; pick sessions expire within minutes.

YouTube channel stats (“What to Charge”)

To suggest rate ranges, the server uses your linked YouTube channel (id from Google connect or a channel URL you pasted) with Google’s YouTube Data API to read public metadata (for example recent uploads and view counts). Calls use an application API key on the server.

Retention: Channel reference is stored in your social links. After a successful estimate, the app may save the computed ranges and related figures in `user_social_links.what_to_charge_snapshot` so the What to Charge page and agent can reuse them when a fresh YouTube pull is unavailable (for example rate limits).

YouTube Analytics (Audience Metrics)

When you connect YouTube with Google on About you → Social media, the same OAuth consent includes read-only YouTube Analytics (yt-analytics.readonly) together with youtube.readonly. The app stores an encrypted OAuth refresh token and a JSON snapshot of age/gender and geography reports when you click Update on Audience Metrics. After each successful update, the server may render a single size-efficient WebP image of that card and store it in private object storage under a fixed path per user (replacing the previous file). The agent can include that snapshot in email drafts when brands ask for audience demographics, and may embed the stored chart image in Gmail drafts or sends when the draft includes a designated placeholder token.

Retention: Encrypted token and snapshot rows persist with your social-links record until overwritten or your account is removed. The WebP object is removed when a refresh yields no chart data, or is replaced on each update that produces a chart.

Deals, dashboard, and reports

Deal records you create (clients, amounts, dates, notes, status) are stored to power lists, dashboards, and reports inside the app. Free-text deal fields (such as client/agency labels, topics, notes, billing block, links, Gmail thread id, and first invoice recipient email) are encrypted at the application layer before storage; amounts, dates, categories, and invoice flags stay queryable for dashboards.

Invoice details, bank information, and PDFs

Invoice branding, payment instructions, and bank details you save are stored in the database. Bank-related fields are encrypted at the application level before storage. Invoice PDFs may be generated on the server when you email an invoice.

Retention: Encrypted payloads remain until you clear or overwrite them; follow your organization’s policy for financial record retention.

Sending invoice email

When you send an invoice by email, the server builds the message and sends it through your connected Gmail account (same Google integration as Offers), including HTML, plain text, and a PDF attachment.

Retention: The message appears in your Gmail Sent mail; deal rows may record send dates and recipient for your records.

Invoice client directory (by email domain)

When you send an invoice to a corporate (non-consumer) email domain, we store the recipient address and Bill-to lines you used, keyed by that domain, so a later invoice can pre-fill them for another deal with the same client domain (for example a dedicated invoices@ mailbox).

Retention: Rows remain until overwritten by a later send to the same domain or if you replace them manually in a future product flow; follow your retention policy for client records.

Your agent (preferences and Gmail)

On Agent setup you save how your email agent should behave (reply scope, how strictly the AI filters threads for the New offers tab—light vs strict paid-work filter—quoting style, which offer types you accept—integrations, dedicated videos, Shorts—separate categories to reject per offer type, discount preferences). If you connect Gmail, you sign in with Google; we store your address, an encrypted refresh token, the Gmail connect timestamp, and an inbox sync cursor (high-water internal time) for listing threads. Inbox scan lists messages matching Gmail’s Primary and Promotions categories only (not the whole inbox). For the first sync only, an admin setting (API limits) controls how many whole days before your Gmail connect time are included; after that, sync uses only threads newer than your saved cursor. Inbox scan and Preview draft run only after your What to Charge calculator succeeds; then thread text, agent settings, and a What to Charge summary go to an AI model—we do not store full email bodies for model runs beyond what you choose to save below. On the Offers page, AI draft previews (up to an admin-configured slot count), cached inbox thread summaries, and sent-offer rows may be stored with your agent settings in the application database, encrypted at rest with a server key, so they sync across your devices until you send, delete, or newer scans replace older entries. On the Offers page you can save a Gmail draft or send a reply through Google’s API when you choose; that happens in your mailbox, not in our database. Opening a thread in the New offers tab asks Gmail to remove the unread label on that thread.

Retention: Disconnect Gmail in Agent setup clears the stored token and email for this product.

Web app on your device

The site exposes a web app manifest (manifest.json) so browsers can show icons and a name if you add Creatr Forge to your home screen. We do not register a service worker; caching follows normal browser rules. The /offline page is available as a regular page if you open it directly.

Content Forge

Titles and types (long video vs Short), pipeline stage, optional links (YouTube URL, external script/doc URL), in-app script draft HTML you type in Content Forge, optional AI outline form fields you submit to draft a numbered outline into that script, optional “Report issue” on Generate outline (your notes plus a JSON snapshot of the outline form and video idea id, stored in offers_feedback_reports for administrators only, same inbox as Offers diagnostics), optional link to one of your deals, archive flag, and a per-month publish goal with visit/streak counters you build by using Content Forge.

Retention: Removed when you delete your account (subject to database cascades).

Administrator configuration

Users with admin access can change global pricing configuration, the Agent persona text (draft-reply instructions), and per-user API cooldown defaults (minimum minutes between successful calls to Gmail, YouTube, YouTube Analytics, and OpenAI-backed flows) stored in the database. That data is not end-user personal data but affects calculations, AI drafts, and how often creators can trigger external APIs. When configured, the app also stores ephemeral per-tab route templates in Redis so admins can see approximate concurrent traffic by page shape (not tied to account identity in that store).

Retention: Database-backed admin settings follow normal database retention. Redis presence keys expire automatically (roughly two minutes without a heartbeat).