Legal
Creator Catalyst Privacy Policy
Last updated: April 2026
1. What Data We Collect
Creator Catalyst (operated by Sturdy Thoughts) collects two categories of data depending on how you use the app.
Data you provide directly to us:
- Email address — entered by you in our audit or account creation forms
- Phone number — optionally entered in our audit form for follow-up
- Platform handle — the username you enter manually for your audit
We do not obtain your name or email from Instagram. These are entered by you directly.
Data fetched from Instagram via OAuth (only when you connect your account):
- Instagram username and profile handle
- Biography text
- Follower count
- Profile picture URL
- Bio link / website URL
- Recent post metadata: caption, post type (Reel, Carousel, Video), thumbnail URL, media URL, permalink, video duration, like count, and timestamp — for up to 10 recent posts
We request only the permissions required to generate your Creator Score and AI audit. We use the instagram_business_basic and instagram_business_manage_insights scopes.
Data fetched from YouTube via OAuth (only when you connect your account):
- YouTube channel name and handle
- Channel description / biography
- Subscriber count
- Channel profile photo URL
- Video metadata: title, description, duration, thumbnail URL, and permalink — for up to 10 recent videos
- Channel-level analytics: views, estimated watch time, and subscriber change — used solely to generate your Creator Score
We request only the minimum YouTube permissions required. We use the youtube.readonly and yt-analytics.readonly scopes. We do not access private videos, playlists, or any data beyond what is listed above.
2. How We Use Your Data
We use your data solely to power the Creator Catalyst app:
- To generate your AI Creator Score and profile audit report
- To analyse your recent Instagram or YouTube content using Google's Gemini AI for video content analysis
- To display your YouTube channel statistics, analytics, and video metadata inside your audit results
- To send your audit results and any resources to your email address
- To save your audit history to your dashboard if you create an account
- To improve the accuracy of our scoring framework over time
We do not use your Instagram or YouTube data to train public AI models. We do not use your content or media for our own marketing. Your data is never used for purposes beyond delivering the Creator Catalyst app to you.
3. TikTok API Services
Creator Catalyst uses the TikTok Display API and TikTok Login Kit to authenticate your TikTok account and retrieve profile and video metadata for the purpose of generating your AI-driven Creator Score and audit report.
What we access from TikTok (only when you connect your account):
- user.info.basic — your TikTok display name, bio/description, follower count, and avatar URL
- video.list — metadata from your recent TikTok videos including title, thumbnail URL, view count, like count, share count, and post date (up to 20 recent videos)
We do not access, download, or store your TikTok video files. We request only the minimum permissions required to generate your Creator Score.
We do not sell your TikTok data to third parties. We do not use TikTok data to train AI models or for advertising purposes. All TikTok data is used exclusively to generate your Creator Score and audit report within Creator Catalyst.
By connecting your TikTok account, you agree to be bound by the TikTok Terms of Service. Our use of information received from TikTok APIs also adheres to the TikTok Privacy Policy.
You can revoke Creator Catalyst's access to your TikTok account at any time by visiting TikTok Settings → Security → Manage app permissions and removing Creator Catalyst from the list of connected apps.
4. Data Security & Protection
We take the security of your personal data and platform data seriously. The following mechanisms are in place to protect sensitive information:
Encryption in transit:
All data transmitted between your browser and our servers, and between our servers and third-party APIs (YouTube, Instagram, TikTok, Supabase, Loops), is encrypted using TLS (Transport Layer Security / HTTPS). OAuth tokens and user data are never transmitted over unencrypted connections.
Encryption at rest:
User account data and audit history stored in our database (Supabase) is encrypted at rest. Supabase applies AES-256 encryption to data stored on disk. When you connect a social account (YouTube, Instagram, or TikTok), your OAuth access token and refresh token are securely stored in our database so that you do not need to re-authenticate on every visit. These tokens are stored server-side only, are never exposed to the browser, and are protected by row-level security so only your account can access them. You can delete your stored tokens at any time by disconnecting your account from the Connected Accounts settings page, or by revoking access from the respective platform's security settings.
Access controls:
- Row-level security (RLS) is enforced in Supabase so users can only access their own data
- API keys and service credentials are stored as environment variables and never exposed to the client
- Only authorised application code can read or write to the database
Minimal data collection:
We apply the principle of data minimisation — we request only the OAuth scopes necessary to generate your Creator Score and audit, and we do not store any data beyond what is required to operate the service.
AI/ML model training disclosure:
We do not use your YouTube, Instagram, or TikTok data to train any AI or machine learning model, including any internal or third-party models. Data sent to Google Gemini for video analysis is used solely to generate your audit report in real time and is governed by Google's API usage policies. No user content is retained by us for model training purposes.
5. Data Sharing
We do not sell, rent, or trade your Instagram data, TikTok data, YouTube data, or personal information to any third party.
We share data only with the following essential service providers, strictly to operate the Creator Catalyst platform:
- Supabase — our database host, used to store your audit history and account data
- Loops — our email provider, used to deliver your audit results and creator resources
- Google Gemini — AI model used to analyse video content; your video metadata is sent to Gemini solely to generate your audit report
- TikTok API Services — used to fetch your profile and video metadata when you connect your TikTok account, exclusively to generate your Creator Score and audit report
- YouTube API Services (Google) — used to fetch your channel data and analytics when you connect your YouTube account, exclusively to generate your Creator Score and audit report
Each provider is bound by their own data processing terms and applicable data protection law. We do not grant them permission to use your data for their own purposes.
6. YouTube API Services
Creator Catalyst uses YouTube API Services provided by Google to authenticate your YouTube account and retrieve channel metrics, video metadata, and analytics data for the purpose of generating your AI-driven Creator Score and audit report.
By connecting your YouTube account, you agree to be bound by the YouTube Terms of Service. Our use of information received from YouTube APIs also adheres to the Google Privacy Policy.
What we access from YouTube:
- Channel statistics: subscriber count, total view count, and video count
- Channel metadata: channel name, handle, description, and profile photo
- Video metadata: titles, descriptions, durations, thumbnails, and permalinks for recent videos
- Channel-level analytics: estimated watch time and subscriber change over time
When you connect your YouTube account, your OAuth access token and refresh token are stored securely server-side in our database to allow repeat audits without requiring re-authentication on each visit.
We do not sell this data to third parties. We do not use YouTube data to train AI models or for advertising purposes. All YouTube data is used exclusively to generate your Creator Score and audit report within Creator Catalyst.
You can revoke Creator Catalyst's access to your YouTube data at any time by visiting your Google Security Settings and removing Creator Catalyst from the list of connected apps.
7. Data Retention
We retain your audit data and email address for as long as your account is active, so we can provide you with historical tracking and score comparisons over time.
Instagram media URLs (thumbnails, video CDN links) are temporary by nature — they expire after a short period and are not permanently stored by us beyond your active session.
OAuth access tokens for connected social accounts (YouTube, Instagram, TikTok) are retained in our database for as long as your account remains connected. Tokens are automatically refreshed when they expire. If you disconnect a platform from your Connected Accounts settings, or if you delete your account, all stored tokens for that platform are permanently deleted from our database.
If you request account deletion, your personal data and audit history will be permanently removed from our active databases within 30 days.
8. How to Request Data Deletion
You have the right to request deletion of your personal data and any platform data associated with your Creator Catalyst account at any time.
To delete your data, you can:
- Email us at sturdythoughtss@gmail.com with the subject line “Data Deletion Request”. Include the email address or platform handle associated with your Creator Catalyst account. We will confirm deletion within 30 days.
- Use the “Delete Account” option inside your Creator Catalyst dashboard settings, which will immediately remove your account and associated data.
To revoke Creator Catalyst's access to your Instagram account, visit your Instagram settings under Apps and Websites and remove Creator Catalyst from the list.
To revoke Creator Catalyst's access to your TikTok account, visit TikTok Settings → Security → Manage app permissions and remove Creator Catalyst from the list.
To revoke access to your YouTube account, visit your Google Security Settings and remove Creator Catalyst from the list of connected apps.