C
CollabIQ
Terms of ServiceLog In

Privacy Policy

Last updated: March 2026

CollabIQ (“we”, “us”, or “our”) operates the Creator OS platform at collabiq.in. This Privacy Policy explains how we collect, use, and protect your information when you use our platform. If you have questions, contact us at support@collabiq.in.

1. Information We Collect

Account Information

When you create an account we collect your full name, email address, and a hashed copy of your password. We never store your password in plain text.

Instagram Data

When you connect your Instagram account via OAuth we collect profile information (username, biography, follower/following counts, media count), post data (media URLs, captions, timestamps, media type), post performance metrics (reach, impressions, likes, comments, shares, saves, views, watch time), and audience demographics (age/gender distribution, top countries and cities). This data is only collected after you explicitly authorise the connection.

Deal and Revenue Information

We store deal records, pipeline stage history, and revenue figures that you enter manually into the platform. This information is entirely creator-provided; we do not independently verify payments or contract terms.

Brand Enquiry Information

Brands and agencies who submit enquiries through your public portfolio page provide their name, contact details, campaign type, budget range, and a deliverables brief. This information is stored and made visible only to you.

Usage Data

We may collect standard server logs including IP addresses, browser type, pages visited, and feature usage patterns to improve the platform and diagnose issues.

2. How We Use Your Information

  • To provide the Creator OS dashboard, analytics, and deal pipeline.
  • To display your public portfolio page to brands and agencies.
  • To process deal communications via email threading.
  • To generate AI-powered content suggestions and audience quality analysis.
  • To compute Reel Health Scores and compare your performance against benchmarks.
  • To send transactional emails such as enquiry notifications and password resets.
  • To maintain the security and integrity of the platform.

3. Instagram Data

We access your Instagram data exclusively through the official Instagram Graph API, using only the permissions (OAuth scopes) that you grant during the connection flow. Specifically:

  • We only access data available to Business and Creator accounts via Meta's official API.
  • We store periodic metric snapshots to power historical trend charts.
  • We never post, comment, like, or send messages on your behalf without your explicit action.
  • We refresh your data automatically every 4–12 hours to keep analytics current.
  • You can disconnect Instagram at any time from Settings, which immediately stops all new data collection.
  • We encrypt your Instagram access token with AES-256 before storing it.

4. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • Your public portfolio page displays the metrics and content you choose to make public via dashboard settings.
  • Brand enquiry data is visible only to you — brands cannot see other creators' enquiries.
  • We use Anthropic's Claude API for AI-powered insights. Only aggregated metrics are sent; raw Instagram credentials and personally identifiable information are never transmitted.
  • We use Postmark to deliver transactional emails on your behalf.
  • We may disclose information if required by law or to protect the rights and safety of our users.

5. Data Storage & Security

We take reasonable measures to protect your data:

  • Data is stored on Supabase (PostgreSQL) with encryption at rest.
  • Instagram access tokens are encrypted with AES-256 before being stored in the database.
  • All connections between your browser, our servers, and third-party services use HTTPS/TLS.
  • The web application is hosted on Vercel; background processing runs on Railway infrastructure.
  • Passwords are hashed using bcrypt with 12 salt rounds — we cannot recover your password.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. Instagram metric snapshots are retained to power historical analytics features. If you disconnect Instagram from Settings, we stop collecting new data but retain existing snapshots so your trend charts remain meaningful.

To request full account deletion, email us at support@collabiq.in. We will delete your account and associated data within 30 days of your request.

7. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy.

ServicePurpose
Instagram Graph API (Meta)Source of Instagram profile and metrics data
SupabasePostgreSQL database hosting
VercelWeb application hosting
RailwayBackground job processing
Upstash (Redis)Caching and rate limiting
PostmarkTransactional email delivery
Anthropic (Claude API)AI-powered insights and content suggestions
GoDaddyDomain registration

8. Your Rights

  • Access your data — your dashboard shows all collected metrics, deals, and enquiries.
  • Export your data — contact support@collabiq.in to request a data export.
  • Delete your account — contact support@collabiq.in; we will complete deletion within 30 days.
  • Disconnect Instagram — available at any time in Settings → Instagram, stopping all future data collection.
  • Correct inaccurate information — update your account details from Settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For significant changes, we may also notify you by email. Your continued use of the platform after any changes constitutes acceptance of the updated policy.

If you have questions about this policy, email support@collabiq.in.