Legal
Privacy Policy
Last updated: 2 April, 2026
This Privacy Policy describes how CreatorJot ("we", "us", or "our"), operated at creatorjot.com, collects, uses, stores, and shares information when you use our Service. By creating an account or using CreatorJot, you agree to the practices described in this policy.
For questions or data requests, contact us at support@creatorjot.com.
1. Data We Collect
We collect the following categories of personal data:
1.1 Account Data
Email address (required for all accounts)
Name and profile photo (only if you authenticate via Google OAuth)
1.2 Usage Data
YouTube URLs you submit for processing
AI-generated social media posts produced from your submissions
Platform preferences and tone settings you configure
Credit usage logs tied to your account
1.3 Billing Data
Subscription plan and status
Transaction IDs from DodoPayments
We do not store payment card details. All payment data is handled by DodoPayments.
1.4 Technical Data
IP address and request timestamps
Browser type and operating system
Error logs and stack traces collected via Sentry for debugging purposes
2. Lawful Basis for Processing
We process your personal data on the following legal bases:
Contractual necessity: Processing required to deliver the Service you have signed up for, including account management, content generation, and billing.
Consent: Where you have explicitly agreed to data processing, such as when authenticating via Google OAuth.
Legitimate interests: Security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your rights.
Legal obligation: Where we are required to retain or disclose data under applicable law.
3. Google OAuth and Google API Services
3.1 Data Accessed via Google OAuth
When you sign in with Google, we request access only to your basic profile information (name, profile photo) and email address. We do not request access to Gmail, Google Drive, Google Calendar, or any other Google service or data.
3.2 How Google Data Is Used
Your Google account data is used solely to create and identify your CreatorJot account.
It is not used for advertising, profiling, or any purpose beyond authentication and account display.
It is not sold, shared with third parties for marketing, or used to train AI models.
3.3 Google API Services User Data Policy
CreatorJot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. AI Processing Disclosure
When you submit a YouTube URL, we retrieve the video transcript and send it to one or more AI providers to generate social media content. The AI providers we use are:
Google Gemini (operated by Google LLC)
Anthropic Claude (operated by Anthropic, PBC)
Transcript data is transmitted to these providers solely for the purpose of generating content on your behalf. We do not use your transcript data or generated content to train AI models. Transcript data is not retained by us beyond what is necessary to deliver and display your results within the Service.
Each AI provider processes data under their own terms of service and privacy policies. By using CreatorJot, you acknowledge that transcript content is processed by these third-party AI services.
5. Third-Party Processors
We share data with the following sub-processors only to the extent necessary to operate the Service:
Supabase — database storage, user authentication, and file storage
Railway — cloud infrastructure and backend hosting
Google Gemini — AI content generation from transcript data
Anthropic Claude — AI content generation from transcript data
DodoPayments — subscription billing and payment processing
Resend — transactional email delivery (e.g. generation complete, billing receipts)
Sentry — error monitoring and diagnostics (may include request context and stack traces)
We do not sell your data to any third party. We do not share your data with advertisers or data brokers.
6. Data Retention
Account data and generated content are retained for as long as your account remains active.
Server logs and job queue logs are retained for 90 days, after which they are automatically deleted.
If you request account deletion, your personal data and associated content will be permanently deleted within 30 days of the request.
Billing records may be retained longer where required by applicable financial or tax regulations.
7. Cookies
CreatorJot uses cookies solely for authentication and session management, implemented through Supabase Auth. These cookies are strictly necessary for the Service to function.
We do not use advertising cookies, third-party tracking cookies, or analytics scripts. No data is shared with advertising networks through cookies.
8. Security Measures
We implement the following technical and organisational measures to protect your data:
All data in transit is encrypted using TLS (Transport Layer Security).
Data at rest is encrypted within Supabase infrastructure.
Row-level security (RLS) is enforced at the database level, ensuring users can only access their own data.
Access to production systems is restricted to authorised personnel only.
Error monitoring via Sentry is configured to minimise exposure of sensitive data in logs.
No method of transmission or storage is 100% secure. We will notify affected users in the event of a data breach as required by applicable law.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated personal data.
Data export: Export your generated content directly from your dashboard.
Objection: Object to processing based on legitimate interests.
Restriction: Request that we restrict processing of your data in certain circumstances.
To exercise any of these rights, email support@creatorjot.com. We will respond within 5 business days.
10. International Users and GDPR
CreatorJot is accessible globally. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the right to lodge a complaint with your local supervisory authority.
Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including reliance on Standard Contractual Clauses or adequacy decisions where applicable.
For California residents, we comply with the California Consumer Privacy Act (CCPA). We do not sell personal information as defined under the CCPA.
11. Changes to This Policy
We will notify you by email before any material changes to this Privacy Policy take effect. The current version is always available at creatorjot.com/privacy. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.