creatorCX← Return to app
Draft — pending final legal review. Some sections still contain placeholders to complete with counsel (registered DMCA agent, custodian of records, addresses).

Privacy Policy

Last updated: June 25, 2026

This Privacy Policy explains how Aspargo LLC ("Company," "we," "us," or "our") collects, uses, stores, and discloses information in connection with CreatorCX (the "Service").

This Service is a private content-management tool for individual creators. We are not a public platform — your account and content are not visible to other users unless you choose to share access (a feature not currently offered).

1. Information We Collect

1.1 Information you provide directly

  • Account information: email address, display name, creator name, password (handled by our authentication provider; we do not store raw passwords).
  • Profile information: timezone, brand notes, and any other profile fields you fill in.
  • Content you upload: photos, videos, GIFs, audio, titles, descriptions, notes, tags, and any other metadata you attach to your content.
  • Planning and tracking data: posts you draft or log, platforms you configure, captions, scheduling information, and performance metrics you manually enter (such as views, revenue, or subscriber counts you report from third-party platforms).
  • Communications: anything you send us, such as support requests.

1.2 Information collected automatically

  • Usage data: pages/features accessed, actions taken within the Service, timestamps.
  • Device/technical data: IP address, browser type, operating system, collected through standard web request logs and our hosting/infrastructure providers.
  • Cookies: we use cookies or similar technologies strictly necessary to operate the Service (such as maintaining your login session). We do not currently use advertising or cross-site tracking cookies.

We do not currently use third-party analytics or advertising trackers. If this changes, we will update this Policy and, where required by law, request your consent.

2. How We Use Information

We use the information described above to:

  • provide, operate, and maintain the Service (including storing and displaying your content back to you);
  • authenticate your account and enforce access controls so that only you can access your content;
  • generate thumbnails, previews, and derived files necessary for the Service to function;
  • respond to support requests and communicate with you about the Service;
  • maintain the security and integrity of the Service, including detecting and preventing abuse;
  • comply with legal obligations.

We do not sell your personal information or Your Content. We do not use Your Content to train any artificial intelligence or machine learning model. We do not share Your Content with any third party except as described in Section 4 below.

3. How Information Is Stored and Protected

  • Your account data and content metadata are stored in a managed Postgres database operated by our infrastructure provider, Supabase, Inc. ("Supabase").
  • Your uploaded media files are stored in private object storage operated by Supabase. Files are not publicly accessible; access requires an authenticated, time-limited signed link generated by the Service on your behalf.
  • Access to your data is restricted using row-level security so that, under normal operation, only your authenticated account can read or write your own records.
  • The Service's application code is hosted by Vercel Inc. ("Vercel").
  • No method of storage or transmission is perfectly secure. While we use industry-standard practices to protect your information, we cannot guarantee absolute security.

4. How Information Is Shared

We disclose information only in the following circumstances:

  • Infrastructure subprocessors: Supabase (database, authentication, file storage) and Vercel (application hosting). These providers process data on our behalf, under their own security and privacy commitments, solely to provide the underlying infrastructure for the Service. A current list of subprocessors is available at [SUBPROCESSORS PAGE / on request].
  • Automated safety screening: uploaded images and video are automatically screened against known child-sexual-abuse-material (CSAM) hash databases (such as PhotoDNA or a comparable provider) before being made available in your library. This is a legal and safety requirement of operating the Service, not optional, and applies to all uploads regardless of content type.
  • Legal and safety reporting: where we have actual knowledge of apparent CSAM, we are required by 18 U.S.C. § 2258A to report it, and to preserve associated content and account information, to the National Center for Missing & Exploited Children (NCMEC) via its CyberTipline, and/or to law enforcement. We do not provide advance notice to the account holder in these circumstances.
  • Legal requirements: if required to do so by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.
  • Business transfers: if the Company is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
  • With your direction: if you explicitly direct us to share specific information (for example, a future feature allowing you to export or share data with a third-party tool).

We do not otherwise share your personal information or Your Content with any third party, including advertisers.

5. Data Retention

We retain your account information and content for as long as your account is active. If you delete a piece of content, we mark it as deleted and remove it from normal use; underlying files may persist for a limited period in backups or deletion-processing queues before being permanently removed. If you delete your account, we will delete or anonymize your personal information and content within a reasonable period, except where we are required to retain it by law or need to retain limited records to resolve disputes or enforce our agreements.

6. Your Choices and Rights

  • Access and correction: you can access and update most of your account and content information directly within the Service.
  • Deletion: you may request deletion of your account and associated data by contacting hello@creatorcx.app. We will process deletion requests as described in Section 5.
  • Data portability: you may request an export of your content and data by contacting us.

If you are located in a jurisdiction that provides additional statutory privacy rights (such as the EU/UK GDPR or US state privacy laws), you may also have rights to object to or restrict certain processing, or to lodge a complaint with a supervisory authority. Contact us at hello@creatorcx.app to exercise any of these rights.

7. Children's Privacy

The Service is not directed to, and may not be used by, anyone under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from someone under 18, we will delete it promptly.

8. International Data Transfers

Our infrastructure providers may process or store data in regions other than your own. By using the Service, you understand that your information may be transferred to and processed in a country with different data protection laws than your own.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (such as by email or in-app notice) before the changes take effect.

10. Contact

Questions about this Privacy Policy can be sent to hello@creatorcx.app.