Privacy Policy

D3 Creator (“D3 Creator”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our website at d3-creator.vercel.app and our related social media analytics services (collectively, the “Service”).

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. This policy is designed to comply with the European Union General Data Protection Regulation (“GDPR”) and the Malaysian Personal Data Protection Act 2010 (“PDPA”), as well as other applicable data protection laws.

1. Information We Collect

We collect the following categories of information when you register for or use the Service:

1.1 Account Information

• Your full name (or display name)
• Your email address
• An encrypted password (we never store plain-text passwords)
• Account preferences and settings

1.2 Connected Social Media Accounts

When you connect a social media account (such as Instagram, Facebook, TikTok, Douyin, or Xiaohongshu / RedNote) to the Service, we collect:

• The OAuth access tokens issued by the platform (for OAuth-based integrations such as Meta and TikTok)
• Your public profile information on that platform (such as username, profile picture, follower count)
• Profile URLs you submit voluntarily (for Douyin and Xiaohongshu)
• Publicly visible posts, engagement metrics, and aggregate analytics data that you have authorized the platform to share with us

We do not access private messages, private posts, or any data the platform has not authorized you to share with us.

1.3 Analytics & Usage Data

• Aggregated metrics about your connected accounts (followers, views, impressions, engagement rate, likes, comments, shares)
• Time-series snapshots of these metrics so we can show you growth charts
• Service usage information (pages visited, features used, session duration) collected through privacy-friendly analytics

1.4 Technical Information

• IP address and approximate location (country / region)
• Browser type and version, device type, operating system
• Log data such as access timestamps and referrer URLs

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and display analytics for your connected social media accounts in your D3 Creator dashboard
• To create and manage your D3 Creator account
• To authenticate you and keep your account secure
• To improve, maintain, and operate the Service
• To respond to your support requests and communicate with you about your account or important service notices
• To detect, prevent, and address technical issues, fraud, or abuse
• To comply with our legal obligations

We process your personal data on the following lawful bases under the GDPR: (a) performance of a contract with you (providing the Service); (b) your consent (where applicable, for marketing communications or optional features); and (c) our legitimate interests in operating, securing, and improving the Service.

3. Third-Party Services We Use

D3 Creator relies on the following third-party services to deliver its features. Each third party is responsible for its own data handling under its own privacy policy.

• Meta Platforms (Facebook & Instagram API) — used to fetch authorized analytics data from your Facebook and Instagram accounts via OAuth.
• TikTok Developer API — used to fetch authorized analytics data from your TikTok account via OAuth.
• Apify — used to fetch publicly available data from Douyin and Xiaohongshu (RedNote) profile URLs you submit. Only public data is accessed; private insights are not available for these platforms.
• Supabase (PostgreSQL hosting) — used to securely store your account information and analytics data. Supabase’s data centers operate in the region we select and follow industry-standard security practices.
• Vercel — used to host the web application and serve it to your browser.

4. Data Storage and Security

Your personal data is stored in a PostgreSQL database hosted by Supabase. We implement appropriate technical and organisational safeguards to protect your information, including:

• Encryption of data in transit using TLS / HTTPS
• Encryption of data at rest at the database provider level
• Passwords stored using one-way cryptographic hashing (bcrypt)
• Access controls and authentication for our administrative systems
• Regular monitoring for security incidents

While we use commercially reasonable efforts to protect your data, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal data for as long as your account remains active. If you delete your account, we will delete or anonymise your personal information within ninety (90) days, except where we are required by law to retain it longer (for example, for tax or accounting purposes).

6. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

• Right to access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate or incomplete personal data.
• Right to deletion (“right to be forgotten”) — you may request that we delete your personal data.
• Right to data portability — you may request to receive your data in a structured, commonly used, machine-readable format.
• Right to restrict or object to processing — you may request that we restrict or stop processing your data in certain circumstances.
• Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time.
• Right to lodge a complaint — you may lodge a complaint with your local data protection authority (in Malaysia, the Personal Data Protection Commissioner).

You can exercise most of these rights directly from your account settings, or by emailing us at privacy@d3-creator.vercel.app. We will respond to your request within thirty (30) days.

7. Disconnecting Social Media Accounts

You may disconnect any connected social media account at any time from your D3 Creator dashboard. Once disconnected, we will revoke the relevant OAuth tokens and stop fetching new analytics data for that account. Historical analytics snapshots already collected may remain in your account until you delete them or delete your D3 Creator account.

You can also revoke our access directly from the social platform’s settings (for example, in your Facebook, Instagram, or TikTok app permissions).

8. Cookies and Tracking Technologies

We use a small number of cookies and similar technologies to operate the Service:

• Strictly necessary cookies — required to keep you logged in and to remember your language and theme preferences. These cannot be disabled.
• Analytics cookies — privacy-friendly analytics to understand how the Service is used in aggregate. No cross-site tracking is performed.

You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent the Service from functioning correctly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union, where our service providers operate. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses to protect your personal data during these transfers.

10. Children’s Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete the information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. For material changes, we will provide a more prominent notice (for example, via email or an in-app notification). Your continued use of the Service after the changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us at: