Privacy Policy

Effective: [EFFECTIVE DATE]

This Privacy Policy explains how [ENTITY NAME] ("we") collects, uses, shares, and protects information when you use CreatorOps (the "Service"). It applies to information collected through the Service, not to information collected by third parties whose websites or services may be linked to from the Service.

1. Summary, in plain English

• We give you a private email address. Mail sent to it lands in your account so you can read and reply.
• We hold your inbox so you can use it. We do not read it for advertising and do not sell it.
• We use Postmark to deliver email and Anthropic to draft replies on your request. Both are documented below.
• You can delete your account at any time. Data sits in a 30-day soft-delete window before permanent removal.

2. Information we collect

From you, when you sign up

• Email address and password (passwords are stored only as a salted PBKDF2 hash; we cannot read them).
• Your chosen handle (e.g. jenna) and the resulting email address ([email protected]).

Automatically, when you use the Service

• Session and CSRF cookies set in your browser to keep you signed in. We do not use third-party tracking cookies for advertising.
• Approximate timestamps and source IP for security-relevant actions (login, signup, handle claim, draft send), retained as audit logs.
• Rate-limit counters keyed by user ID or IP, used solely to throttle abuse.

Mail content

• The full content of inbound email sent to your handle (sender, subject, headers, body), so you can read and reply.
• The drafts and outbound replies you create through the Service.
• AI inference records: a sanitized preview of the inbound message and the structured JSON the model returned, kept so you can audit and so we can debug bad outputs.

What we do NOT collect

• Contents of your personal Gmail / Outlook / TikTok inbox. The Service intentionally avoids OAuth into third-party providers.
• Browsing history, location data, or device fingerprinting beyond what's needed for the security cookies above.

3. How we use information

• To operate the Service: deliver inbound mail to the right account, send your outbound replies, generate AI drafts on your request.
• To keep accounts secure: detect and block abuse via rate limits, audit logs, and blocklist checks.
• To communicate with you about the Service: account verification, password reset, security or policy updates.
• To comply with law and respond to lawful requests, in accordance with the safeguards described below.

We do not use the contents of your inbox to train AI models, target advertising, or sell to third parties.

4. Subprocessors

We rely on a small number of vetted vendors ("subprocessors") to operate the Service. Each handles only the data it needs and is contractually bound to comparable security and confidentiality obligations.

• Cloudflare — hosts the Service, the database (D1), session storage (Workers KV), and serves all web traffic. Receives all data routed through the Service.
• Postmark (ActiveCampaign LLC) — receives mail sent to [email protected] and forwards it to our webhook; sends your outbound replies. Receives full email content (sender, recipient, subject, body, headers).
• Anthropic, PBC — generates AI draft replies when you press "Analyze." Receives a sanitized version of the inbound message inside an explicit untrusted-content delimiter, along with any rule hints you've configured. Anthropic's API terms prohibit use of inputs to train their models for our tier; see Anthropic's documentation for details.
• Resend (or equivalent transactional provider) — sends account-system emails (verification codes, password resets). Receives only your account email and the system message body.

We will update this list and notify users of material changes before introducing a new subprocessor that handles inbox content.

5. Sharing

We share personal data only as described above, plus:

• With law enforcement or other authorities when legally required, scrutinizing each request and notifying users where lawfully permitted.
• In connection with a merger, acquisition, or sale of assets — in which case we will require the acquirer to honor commitments at least as protective as this Policy.
• With your explicit consent, for a stated purpose.

6. Cookies

We use the minimum number of cookies necessary:

• session — HttpOnly, Secure, SameSite=Lax. Identifies your signed-in session. Lifetime: 30 days.
• csrf — Secure, SameSite=Lax (not HttpOnly so the page JS can read it). Backs CSRF protection on mutating requests. Lifetime: 30 days.

We do not set advertising or third-party tracking cookies.

7. Retention and deletion

• Account deletion: on request, your account and inbox are soft-deleted for 30 days. During that window you may contact us to restore. After 30 days, primary-storage records are permanently removed.
• Backups: system backups age out on a separate cycle (typically 30–90 days) and are not used to restore deleted accounts after the soft-delete window.
• Audit and abuse-prevention logs: security-relevant events (failed logins, rate-limit hits, send events) may be retained for up to 12 months in pseudonymized form.
• AI inference records: retained alongside the originating message; deleted when the message is deleted.

8. Your rights

Depending on where you live, you may have the right to access, correct, port, or delete personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, email [CONTACT EMAIL]. We will respond within the timeframe required by applicable law (generally 30 days under the GDPR; 45 days under the CCPA).

EEA / UK (GDPR)

Our lawful bases for processing are: (a) contract performance — operating the Service you signed up for; (b) legitimate interests — securing the Service against abuse; (c) consent — for any processing that requires it (we ask before relying on this); and (d) legal obligation — when required to comply with law. You may lodge a complaint with your local data-protection authority. For Data Protection Agreement requests, email [DPA EMAIL].

California (CCPA / CPRA)

We do not "sell" or "share" personal information as those terms are defined under California law. California residents may request to know, delete, correct, or limit use of sensitive information. We will not discriminate against you for exercising these rights.

9. Security

Passwords are hashed with PBKDF2-SHA256. Session tokens are stored in the database only as SHA-256 hashes. All traffic is served over HTTPS with HSTS, CSP, and other hardening headers. Mutating endpoints are protected by a double-submit CSRF token. Sensitive operations (password change, email change, sign-out all) are rate-limited per user. Despite our best efforts, no system is perfectly secure — we encourage you to use a strong, unique password.

10. Children

The Service is not directed to children under 13 (or the higher minimum age set by your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact [CONTACT EMAIL] and we will delete it.

11. International transfers

We and our subprocessors may process information in the United States and other countries. Where required by law (for example, for transfers from the EEA), we use Standard Contractual Clauses or other lawful transfer mechanisms.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before they take effect.

13. Contact

Questions or requests? Email [CONTACT EMAIL].