Privacy Policy

Last updated: April 17, 2026

1. Introduction

Creft ("the Service") is a content creation and publishing platform that lets creators generate short-form video content from their cloud-stored photos and publish it to their connected social media accounts. This policy explains what information we collect, how we use it, and the choices you have.

2. Information We Collect

Account and authentication data

• Email address you sign in with.
• OAuth access and refresh tokens for third-party services you connect (Google Drive, TikTok). These are stored encrypted at rest and used only to perform the actions you request.
• Basic profile information returned by connected services (TikTok username, avatar, Drive folder names).

Content you create

• The generated videos, image decks, captions, and publishing history associated with your channels.
• References (identifiers) to the cloud photos you select as source material. We do not copy your cloud photos into our systems — we stream them during generation.

Technical data

• Server and application logs (request paths, status codes, timing).
• Error reports that help us fix bugs.

3. How We Use Information

• To authenticate you and carry out the actions you request.
• To generate, store, and publish the content you produce with Creft.
• To keep the Service secure, reliable, and compliant.
• To communicate with you about your account and material changes.

We do not sell your personal information. We do not use your content to train machine-learning models.

4. Sharing and Disclosure

We share information only in these cases:

• With services you connect. Publishing to TikTok, for example, requires sending your content through TikTok's API under their terms.
• With infrastructure providers. Cloud hosting, database, and email providers acting as processors on our behalf under appropriate agreements.
• To comply with law. When required by valid legal process, always challenging overbroad requests.

5. Data Retention

Account data is kept for as long as your account is active. Generated content and publishing logs are retained until you delete them or close your account. OAuth tokens are deleted immediately when you disconnect the corresponding service.

6. Your Choices

• Disconnect any connected service from the Channels page at any time.
• Delete individual posts or whole channels from the app.
• Close your account and request full deletion by emailing us.

7. Security

We use HTTPS everywhere, encrypt tokens and credentials at rest, and follow industry-standard practices for access control. No system is perfect — if we ever become aware of a breach affecting your data, we will notify you promptly.

8. International Users

The Service may be operated from the United Kingdom or other countries where our infrastructure providers host data. By using Creft you consent to your information being processed in those locations.

9. Children

Creft is not directed at children under 13 (or under 16 in the EU/UK), and we do not knowingly collect their personal information.

10. Changes to This Policy

We will update this page as the Service evolves. When changes are material we will notify you via the app or by email.

11. Contact

Questions about this policy? Email privacy@creft.social.