Privacy Policy.

Effective · February 27, 2026  ·  Last Updated · February 27, 2026

Creators Concierge, LLC (“Creators Concierge,” “we,” “us,” or “our”) operates the website creatorsconcierge.com and the Creators Concierge business portal (collectively, the “Platform”). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our portal, or engage with our services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

1. Information We Collect

We collect information that you provide directly to us, information collected automatically when you use our Platform, and information obtained from third-party sources with your authorization.

a. Information You Provide Directly

• Account Information: Name, email address, and profile details when you create an account or are invited to the Platform.
• Contact Form Submissions: Name, email address, user type (creator, brand, automotive, roster request, or other), and message content when you submit our contact form.
• Creator/Talent Profile Data: Biography, profile photos, social media links, rate cards, media kits, audience demographics, and portfolio content provided by managed talent.
• Brand Information: Company name, campaign details, preferences, and feedback provided by brand partners.
• Financial Information: Payment details, invoicing information, and tax documentation (e.g., W-9 forms) necessary for business transactions.
• Communications: Records of correspondence between you and Creators Concierge, including emails and in-platform messages.
• Booking & Scheduling Data: Information provided when scheduling calls or meetings through our booking system, including your name, email, date/time preferences, and meeting notes.

b. Information Collected Automatically

• Log Data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
• Session Data: Authentication tokens and session identifiers necessary for secure platform access.
• Audit Logs: Records of user actions within the portal for security, compliance, and troubleshooting purposes.

c. Information from Third-Party Sources

• Social Media Analytics: With your explicit authorization via OAuth, we access publicly available and authorized social media metrics from platforms including Instagram, Facebook, TikTok, YouTube, and Twitch (detailed in Sections 4–6).
• Financial Transaction Data: With authorization, bank transaction data obtained through our Plaid integration for the sole purpose of reconciling business payments (detailed in Section 8).

2. How We Collect Information

We collect information through the following methods:

• Direct Input: When you fill out forms, create profiles, or communicate with us.
• OAuth Authorization: When you grant us permission to access your social media or calendar accounts through industry-standard OAuth 2.0 authentication flows. You are always redirected to the third-party platform’s own authorization page, and we never see or store your third-party passwords.
• Automated Collection: Through server logs and session management when you access the Platform.
• API Integrations: Through authorized API calls to third-party platforms after you have granted explicit permission.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Talent Management: To manage creator profiles, track deliverables, negotiate deals, and provide comprehensive talent representation services.
• Brand Partnerships: To match brands with appropriate talent, manage campaigns, and facilitate collaborations.
• Analytics & Reporting: To provide creators and our team with insights into social media performance, audience demographics, and engagement metrics to inform campaign strategy.
• Financial Operations: To process invoices, track payments, manage payouts to talent, and maintain accurate financial records.
• Scheduling & Booking: To facilitate meeting scheduling between our team, talent, and brand partners.
• Communications: To send transactional emails (booking confirmations, payment notifications) and respond to inquiries via AWS Simple Email Service (SES).
• Platform Security: To maintain audit logs, prevent unauthorized access, and ensure the integrity of our Platform.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Social Media Platform Data & OAuth Integrations

A core function of our Platform is providing talent management services to social media creators. To deliver these services effectively, we integrate with several social media platforms using industry-standard OAuth 2.0 authorization protocols.

How OAuth Works on Our Platform

• When a managed creator chooses to connect a social media account, they are redirected to the respective platform’s official authorization page (e.g., Facebook Login, TikTok Login Kit, Google OAuth).
• The creator reviews the specific permissions being requested and explicitly grants or denies access.
• We never receive, see, or store your social media passwords. Authentication is handled entirely by the third-party platform.
• Creators can revoke access at any time, both through our Platform and through the respective social media platform’s settings.
• All OAuth access tokens are encrypted at rest using AES-256-GCM encryption.

Data We Access

When a creator authorizes a social media connection, we access the following types of data:

• Follower and subscriber counts
• Post engagement metrics (likes, comments, shares, views)
• Impressions and reach data
• Audience demographics (aggregated age, gender, and geographic data provided by the platform)
• Top-performing content metrics
• Basic profile information (username, profile photo, account type)

What We Do NOT Do

• We do not post, publish, or modify content on your behalf without your explicit instruction.
• We do not access your private messages or direct messages.
• We do not access your personal contacts or friend lists.
• We do not sell, license, or distribute your social media data to third parties.
• We do not use your data for advertising, ad targeting, or marketing to third parties.
• We do not use your data to build user profiles for purposes unrelated to our talent management services.
• We do not transfer data to data brokers or ad networks.

5. Meta (Facebook & Instagram) Data Usage

This section specifically addresses our use of data obtained through Meta Platforms, Inc. (“Meta”) APIs, including the Instagram Graph API and Facebook Graph API, in compliance with the Meta Platform Terms and Meta Developer Policies.

Purpose of Meta Data Access

We access Meta platform data solely for the purpose of providing talent management and analytics services to creators who are contractually represented by Creators Concierge. Specifically, we use Meta data to:

• Track and report on Instagram and Facebook audience growth and engagement for managed talent.
• Provide performance analytics that inform campaign strategy and brand partnership negotiations.
• Generate media kits and performance reports that help creators secure and fulfill brand deals.
• Monitor deliverable performance for active brand campaigns.

Meta Data Handling Commitments

• We access only the minimum data necessary to provide our stated services.
• We request only the permissions (scopes) required for reading analytics and insights data.
• Meta data is never sold, sublicensed, or transferred to any third party for purposes unrelated to providing our services.
• We do not use Meta data for surveillance, unauthorized profiling, or discrimination of any kind.
• We do not use Meta data to build independent databases of user information unrelated to our services.
• We comply fully with Meta’s Platform Terms, Developer Policies, and all applicable data use restrictions.
• Upon account disconnection or at user request, Meta platform data is deleted from our systems within 30 days, except where retention is required by law.
• We implement reasonable security measures, including AES-256-GCM encryption of access tokens and secure server infrastructure, to protect Meta data from unauthorized access.

User Control Over Meta Data

Users who have connected their Instagram or Facebook accounts can:

• Disconnect their Meta accounts from our Platform at any time through their portal settings.
• Revoke our app’s access through Meta’s own settings at facebook.com/settings.
• Request deletion of all Meta-sourced data by contacting us at hello@creatorsconcierge.com.
• Request a copy of the Meta data we hold about them.

6. Additional Third-Party Platform Integrations

TikTok

We integrate with TikTok via TikTok Login Kit and the TikTok Business API to access authorized analytics data for managed creators. We comply with TikTok’s Developer Terms of Service and only access data that creators have explicitly authorized. Data accessed includes follower counts, video performance metrics, and engagement analytics.

YouTube

We use the YouTube Data API v3 to access authorized channel analytics for managed creators. Our use of YouTube data is subject to the YouTube Terms of Service and Google Privacy Policy. Data accessed includes subscriber counts, view metrics, and engagement data. Users can revoke access through Google Security Settings.

Twitch

We integrate with the Twitch API to access authorized channel data for managed creators. We comply with Twitch’s Developer Agreement and only access data including follower counts and viewer metrics that creators have authorized.

7. Google Calendar Integration

Our Platform includes a scheduling and booking feature that integrates with Google Calendar. This integration is used solely for managing appointments between our team, talent, and brand partners.

Scope of Access

• We request only minimal permissions: the ability to check free/busy status (calendar.freebusy) and manage events we create (calendar.events.owned).
• We can only see and manage calendar events that our application creates. We cannot access your other personal or business calendar events.
• We only create, edit, and cancel calendar events. We never delete calendar events.

Google API Services User Data Policy Compliance

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google Calendar data to provide and improve our scheduling functionality.
• We do not transfer Google Calendar data to third parties except as necessary to provide our service.
• We do not use Google Calendar data for advertising purposes.
• A human only reads Google Calendar data when necessary to provide support requested by the user, for security purposes, or to comply with applicable law.

8. Financial Data & Plaid Integration

Our Platform uses Plaid, Inc. (“Plaid”) to facilitate secure connections to bank accounts for the purpose of reconciling business payments and tracking financial transactions.

• Plaid is used exclusively for Creators Concierge’s own business bank accounts, not for the personal bank accounts of talent, brands, or other users.
• We access only transaction sync data for the purpose of matching incoming payments from brand partners to invoices and tracking outgoing payments to talent.
• Plaid access tokens are encrypted at rest using AES-256-GCM encryption.
• Your use of Plaid is also subject to the Plaid End User Privacy Policy.

9. Data Sharing & Disclosure

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: We share data with trusted third-party service providers who assist us in operating our Platform, including cloud hosting (Microsoft Azure), email delivery (AWS SES), database management, and financial processing (Plaid). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Brand Partners (Limited): For managed talent, we share limited profile and performance data with brand partners solely for the purpose of facilitating brand deals and campaigns, and only with the talent’s knowledge and consent as part of our talent management services.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or government regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of Creators Concierge, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections described in this policy.

10. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained for the duration of the business relationship, plus a reasonable period thereafter for legal and compliance purposes.
• Social Media Analytics: Retained for as long as the social media account is connected. Upon disconnection, data is deleted within 30 days unless retention is required by law.
• Financial Records: Retained for a minimum of 7 years as required by tax and financial regulations.
• Audit Logs: Retained for 2 years for security and compliance purposes.
• Contact Form Submissions: Retained for 1 year after the last communication.

11. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: AES-256-GCM encryption for sensitive tokens and credentials at rest. TLS/HTTPS encryption for all data in transit.
• Authentication: Passwordless magic link authentication with JWT tokens and secure refresh token rotation.
• Access Controls: Role-based access control (RBAC) ensuring users only access data appropriate to their role.
• Audit Logging: Comprehensive audit trails of all data access and modifications.
• Infrastructure Security: Hosted on Microsoft Azure with enterprise-grade security controls, including network isolation, DDoS protection, and regular security updates.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing and maintaining reasonable safeguards.

12. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal retention requirements.
• Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
• Opt-Out: Disconnect your social media accounts or revoke third-party integrations at any time.
• Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at hello@creatorsconcierge.com. We will respond to your request within 30 days.

13. Children’s Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at hello@creatorsconcierge.com.

14. International Data Transfers

Our Platform is hosted and operated in the United States. If you are accessing the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our Platform, you consent to the transfer of your information to the United States.

15. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, disclose, and sell.
• The right to request deletion of your personal information.
• The right to opt out of the sale of your personal information. We do not sell your personal information.
• The right to non-discrimination for exercising your privacy rights.

To exercise these rights, please contact us at hello@creatorsconcierge.com.

16. European Data Subject Rights (GDPR)

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Our lawful basis for processing personal data includes consent, contractual necessity, and legitimate interests in providing talent management services.

To exercise your GDPR rights or to lodge a complaint, please contact us at hello@creatorsconcierge.com.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you via email or through a notice on our Platform. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: