Privacy Policy

Privacy Policy

Effective Date: June 18, 2026

Curae, LLC (“Curae,” “we,” “our,” or “us”) provides influencer-marketing and social-content software. This Privacy Policy explains what information we collect, where it comes from, how we use it, who we share it with, how long we keep it, and the choices and rights you have.

Scope. This policy applies to all of the following, together the “Services”:

  • our marketing website at www.curaesocial.com;
  • the Curae Social web application;
  • our mobile applications (iOS and Android);
  • the artificial-intelligence (“AI”) content tools within the Services (an AI assistant and image, video, and audio generation);
  • our integrations with third-party social media platforms (Instagram, TikTok, and LinkedIn);
  • our integrations with e-commerce and advertising platforms (Shopify and Amazon); and
  • our communications with you (email, push notifications, and in-product messaging).

1. Information We Collect

1.1 Account and identity information

When you register or use the Services, we collect your name, email address, and password, and optionally your phone number and mailing address (street, city, state, ZIP, country). We store your role, account status, profile picture/avatar, notification preferences, email opt-out preference, and timestamps including your last-seen time. Passwords are stored only in hashed form; we do not store your password in plain text.

1.2 Business and brand information

For business and brand accounts we collect your company name, description, location, website, pricing preferences, and the social media handles and follower counts you provide. Where you connect or identify a social account, we may also store profile details retrieved from that platform (for example, an Instagram profile name, username, biography, profile picture, follower count, and media count).

1.3 Creator and influencer information

For creators/influencers and for influencers participating in a campaign, we collect portfolio items (images, titles, descriptions), the platforms and identifiers used for a campaign, agreed pricing and amounts spent, promo/discount codes (including auto-generated codes and the corresponding Shopify discount or Amazon attribution identifiers), content requirements (hashtags, mentions), publication scheduling, workflow status, and payment status and references.

1.4 Campaign information

We collect the campaign details you create, including campaign name, type, status, budget and fees, brand information, goals, do’s and don’ts, target platforms, schedules, logos and hero images, and promo-code configuration.

1.5 Attributed post and performance information

For posts you choose to track in a campaign, we collect the post URL and platform identifier and may cache the post’s caption, thumbnail, author username, and posting time, along with performance metrics (views, likes, comments, shares, and where available impressions/reach). We also store verification details (whether required hashtags, mentions, or codes matched; who submitted and verified or rejected a post; and timestamps).

1.6 Payment information

Payments and creator payouts are processed by Stripe. We do not store, view, or retain full payment-card or bank-account numbers on our servers. We store Stripe identifiers and status flags (for example, account IDs, customer IDs, payment-intent IDs, and payout-eligibility flags) needed to operate billing and payouts.

1.7 Commerce information (Shopify and Amazon)

When you connect a Shopify store or an Amazon seller/advertising account, we collect the store/account and sales data described in Sections 5.4 and 5.5. For Shopify orders, any customer email address is converted to a pseudonymous hash on receipt; we do not store the original customer email address. For Amazon, we collect only aggregated sales and advertising-attribution data and do not receive customer order details or customer contact information.

1.8 Uploaded content

We collect the content you upload or create in the Services — images, videos, documents, captions, scripts, and other materials — for use in your campaigns and posts.

1.9 AI prompts and generated outputs

When you use our AI tools, we collect the prompts, chat messages, instructions, business/brand context, and any reference images or media you provide, together with the outputs the AI generates (text, images, video, audio) and related job metadata. These inputs and outputs are sent to our AI providers (Section 4.3) and are stored in our systems.

1.10 Device and push-notification information

If you enable push notifications, we collect and store a device push token (Firebase Cloud Messaging) associated with your account and email so we can deliver notifications.

1.11 Logs, usage, and activity information

We record activity within the Services for security, troubleshooting, and product operation. This includes activity events (such as logins/logouts, page views, campaign and profile changes, AI usage, and posting actions), and for those events we capture your IP address, browser/device user-agent, timestamps, and related metadata. We retain these activity records for as long as needed for security and operational purposes.

2. Sources of Information

We obtain information from the following sources:

  • You, when you register, fill in forms, upload content, configure campaigns, use AI tools, or communicate with us.
  • Connected platforms, when you authorize a connection and we retrieve profile data, content, and performance metrics through that platform’s API (Instagram, TikTok, LinkedIn, Shopify, Amazon).
  • Brands and creators you work with, who may provide information about you or about a campaign in which you participate.
  • Service providers, such as our payment processor and our analytics/data providers, who return information to us (for example, payment status, or public post metrics).
  • Public and third-party sources, including public post data retrieved through third-party data providers (for TikTok and Instagram public post lookups, and for LinkedIn post engagement) and influencer-discovery results retrieved through a discovery provider. These results can include information about individuals, such as public profile details and, in some cases, contact details.

3. How We Use Information

We use information to:

  • Operate the Services — create, secure, and maintain your account and provide the features you use.
  • Publish content — publish or schedule posts to your connected accounts, but only when you explicitly direct it.
  • Provide analytics and attribution — generate dashboards, campaign attribution, and post-performance and sales-performance reporting.
  • Run campaigns — manage influencer participation, promo codes, scheduling, and payouts.
  • Provide AI generation — produce the text, images, video, and audio you request.
  • Process payments — handle subscriptions, campaign payments, and creator payouts through Stripe.
  • Communicate with you — send transactional emails, push notifications, in-product messages, and (unless you opt out) re-engagement or product emails.
  • Maintain security and integrity — authenticate users, prevent abuse, and troubleshoot.
  • Comply with law and enforce our terms.
  • Improve the Services — understand usage and improve features.

We do not sell your personal information for money.

4. How We Disclose Information

We disclose information in the following ways. We do not sell your personal information for money.

4.1 To service providers (processors)

We share information with vendors that process data on our behalf to provide the Services. These include providers of:

  • payment processing (Stripe);
  • cloud hosting, database, and email-delivery infrastructure (Amazon Web Services, including its email-sending service);
  • push notifications (Google Firebase Cloud Messaging);
  • email marketing / list management (Flodesk) — we send your email address, name, business name, and website so you can be added to the appropriate audience;
  • AI and media generation (see Section 4.3); and
  • public-metrics and influencer-discovery data providers (see Section 4.4).

4.2 To connected platforms

When you connect and use a platform, we send that platform what is necessary to perform your request (for example, the content you publish and the captions and settings you choose). Your use of each platform remains governed by that platform’s own terms and privacy policy.

4.3 To AI providers

To provide AI features, we send your prompts, instructions, business/brand context, and any reference media you supply to our AI providers, and we receive the generated outputs. Our current AI providers are OpenRouter (which routes requests to underlying model providers, including Google models), Google (video generation), and FAL.AI (video, audio, text-to-speech, and lip-sync).

4.4 To data providers (public metrics and discovery)

To report on post performance and to support influencer discovery, we use third-party data providers that retrieve publicly available information:

  • public post lookups for TikTok and Instagram (used to retrieve public post details and engagement counts);
  • LinkedIn post engagement (LinkedIn does not provide member engagement metrics through its API, so we retrieve public post engagement through a data provider); and
  • influencer discovery (to return public profile information matching your search).

4.5 For legal reasons and business transfers

We may disclose information to comply with law or legal process, to protect rights and safety, and in connection with a merger, acquisition, financing, or sale of assets.

5. Platform-Specific Disclosures

The information we access depends on the platform you connect and the permissions you grant when you authorize the connection. In general, we ask only for the access needed to publish the content you create, to read performance metrics for that content, and — for commerce platforms — to attribute sales to your campaigns.

5.1 Instagram (Meta)

When you connect an Instagram professional account and grant the permissions we request, we access your Instagram profile details (such as account ID and username); publish photos, videos, and reels you create in Curae Social at your request; and read insights and engagement metrics for that content (such as reach, impressions, likes, and comments) from the official API. See Section 6 for how we handle deletion of Instagram (Meta) data.

5.2 TikTok

When you connect your TikTok account and grant the permissions we request, we access your TikTok profile (open ID, display name, avatar); publish videos and photos, or save drafts, at your explicit request; and read your videos’ engagement metrics (views, likes, comments, shares). Where the official metrics are unavailable for a public post, we may retrieve public engagement counts through a third-party data provider.

5.3 LinkedIn

When you connect your LinkedIn account and grant the permissions we request, we access your basic LinkedIn profile (member ID, name, and email) and publish posts you create at your request. LinkedIn does not provide member post-engagement metrics through its API; where you track a LinkedIn post, we retrieve its public engagement through a third-party data provider.

5.4 Shopify

When you connect your Shopify store and grant the permissions we request, we access your store profile (store name, ID, currency, plan), product catalog (titles, handles, images, status), and order and sales data (order totals, subtotals, discounts, refunds, currency, payment status, line-item quantities, and discount codes used). To attribute orders without retaining customer contact details, any customer email on an order is converted to a pseudonymous hash on receipt; we never store the original email. When you grant the discount-management permission, and only at your direction, we create and deactivate discount (promo) codes on your store. We do not create or modify orders, change inventory, or write customer records. We also receive order events and Shopify’s compliance notifications by webhook (see Section 6).

5.5 Amazon

When you connect your Amazon account (through Login with Amazon, and Amazon Selling Partner access where you grant it), we access your advertising profile and advertiser information; Amazon Attribution performance metrics for the tracking links you generate (clicks, detail-page views, add-to-cart events, attributed purchases, attributed sales and units, new-to-brand and brand-halo metrics, and any Brand Referral Bonus); and aggregated, per-product (per-ASIN) daily sales and traffic figures. We do not access order-level data, customer contact details, shipping addresses, or other customer personal information from Amazon, and we do not write campaign or product data back to Amazon.

6. Data Retention and Deletion

We retain information for as long as needed to provide the Services and for the legitimate and legal purposes described in this policy.

Platform data uses different deletion treatment by platform, because each platform sets its own requirements:

  • Instagram (Meta): When you disconnect, delete your account, or when we receive a Meta data-deletion request, we delete the post-level Instagram data we obtained, including the associated engagement metrics, the cached content (captions, thumbnails, author usernames), and the stored performance snapshots. We honor Meta’s data-deletion callback and provide a confirmation/status reference.
  • TikTok and LinkedIn: When you disconnect, we delete stored access credentials and remove cached platform-served content (captions, thumbnails, author usernames). We retain the engagement metrics and post references for posts already attributed to a campaign so the brand’s campaign reporting is preserved.
  • Shopify and Amazon: When you disconnect, we delete the stored access/refresh credentials so we can no longer access the store or account. We retain aggregated sales and attribution metrics already attributed to a campaign for reporting. This retained data does not contain readable customer contact information; Shopify customer email addresses are retained only as pseudonymous hashes. We do not receive customer personal information from Amazon.

Shopify compliance. We honor Shopify’s mandatory compliance webhooks (the customer data-request, customer-redact, and shop-redact notifications). When a merchant uninstalls Curae or a shop-redact request is received, we delete the stored access credentials for that store. Because any customer email obtained from a Shopify order is hashed on receipt and the original is never stored, we do not retain readable customer personal information from your store.

7. Your Choices and Rights

Access and correction. You can review and update your account information in your account settings.

Disconnect a platform. You can disconnect any connected platform at any time in your settings; we then apply the deletion treatment described in Section 6.

Account deletion. You can request deletion of your account. When you delete your account, we delete or de-identify your personal information, subject to the limited retention described in Section 6 and any retention required by law. If you are the sole owner of a business account, deleting your account also deletes that business and its associated data; if others share the business, we remove your association and retain the business for the remaining owners.

Communication preferences. You can opt out of non-transactional emails; transactional and service messages are necessary to operate the Services.

Verified privacy requests. You may submit access, correction, or deletion requests by contacting us (Section 11). We will verify your identity before acting on a request and will respond within a reasonable time and as required by applicable law.

8. State Privacy Rights

Depending on your state of residence, you may have rights to access, correct, delete, or obtain a copy of your personal information, to opt out of certain processing, and to not be discriminated against for exercising these rights. To exercise any right, contact us as described in Section 11; we will verify your request before responding.

9. Data Security

We use safeguards designed to protect your information, including:

  • Encryption in transit — information transmitted between your device and our Services is protected using TLS;
  • Connected-account credential protection — OAuth access and refresh tokens are encrypted at rest;
  • Password protection — account passwords are stored using a one-way password-hashing algorithm; and
  • Access controls — we limit internal access to personnel who need it to operate and support the Services.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Other Important Information

Children. The Services are intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18, and we will delete such information if we learn we have it.

U.S. availability. The Services are intended for users in the United States and are operated from infrastructure located in the United States. Some service providers may process limited data elsewhere in accordance with their own terms.

Cookies and tracking. Our web and mobile applications use browser local storage to keep you signed in and to operate the Services, and do not use third-party advertising or analytics trackers (such as Google Analytics or a Meta Pixel). Our marketing website (www.curaesocial.com) is hosted on a third-party website platform (Wix), which may set cookies and collect standard analytics about visits to the site; please review that platform’s cookie and privacy practices for more information.

Updates to this policy. We may update this policy to reflect changes in our features or legal requirements. If we make material changes, we will notify you, for example by email to the address on your account. Please review this policy periodically.

11. Contact Us

If you have questions or want to exercise a privacy right, contact us at:

Email: kaitlin@curaesocial.com

Mailing Address: Curae, LLC, 412 Olive Ave, Suite 312, Huntington Beach, CA 92648