Privacy Policy

Last updated: April 3, 2026

crafters.social ("we", "our", "the service") helps artisans and creators publish their work on social media. This policy explains what data we collect, why, and what we do (and don't do) with it.

The short version: We collect only what's needed to run the service. We don't sell your data. We don't share it with "partners." We don't use it for advertising. Your materials are yours.

1. What we collect

• Account information — your name, email address, and a hashed password. We need this so you can log in.
• Social media connections — when you connect Instagram, YouTube, TikTok, or Facebook, we store OAuth access tokens so we can post on your behalf. We store your platform username and account ID to show which accounts are connected.
• Media you upload — photos and videos you send us for processing. These are stored on our servers temporarily while we create content from them, then deleted after processing is complete.
• Processed content — the videos, images, captions, and hashtags our AI creates from your materials. These are stored until you delete them or they are published.
• Task data — your instructions, titles, platform preferences, and scheduling choices.

2. What we do with your data

One thing: run the service. Specifically:

• Process your uploaded media into social-media-ready content using AI
• Post that content to your connected social media accounts on your behalf
• Show you the results in your dashboard

That's it.

3. What we don't do with your data

• We don't sell your data to anyone
• We don't share your data with third-party "partners" or advertisers
• We don't use your materials to train AI models
• We don't track you across other websites
• We don't show you ads
• We don't send marketing emails to your contacts

4. Third-party services

When you connect a social media account, we interact with that platform's API to publish content on your behalf. Each platform has its own privacy policy:

• Instagram / Facebook — Meta Privacy Policy
• YouTube — Google Privacy Policy
• TikTok — TikTok Privacy Policy

We use AI (Anthropic's Claude) to analyze your media and generate captions. Your materials are sent to the AI for processing only. Anthropic does not use API inputs to train their models.

5. Data storage and security

• Your password is hashed with Argon2 — we cannot read it
• Social media tokens are stored encrypted in our database
• Uploaded media is deleted from our servers after processing
• All connections use HTTPS
• Our servers are located in European Union

6. Your rights under GDPR

We operate in the European Union and comply with the General Data Protection Regulation (GDPR). As a user, you have the following rights:

• Right of access — you can request a copy of all personal data we hold about you
• Right to rectification — you can ask us to correct any inaccurate data
• Right to erasure ("right to be forgotten") — you can request that we delete all your data. We will remove your account, uploaded media, processed content, posts, and social account connections permanently
• Right to data portability — you can request your data in a machine-readable format
• Right to restrict processing — you can ask us to stop processing your data while keeping your account
• Right to object — you can object to any processing of your data
• Right to withdraw consent — you can disconnect social accounts or delete your account at any time. No explanation needed

To exercise any of these rights, email privacy@crafters.social. We will respond within 30 days.

7. Legal basis for processing

Under GDPR, we process your data based on:

• Contract performance (Art. 6(1)(b)) — processing your media and posting to social platforms is the service you signed up for
• Consent (Art. 6(1)(a)) — you explicitly connect each social account via OAuth and choose which platforms to post to

We do not process data based on "legitimate interest" for marketing or profiling. We have no interest in your data beyond delivering the service.

8. Data retention

• Uploaded media — deleted from our servers immediately after processing is complete
• Processed content — retained until you delete it or delete your account
• OAuth tokens — retained while the social account is connected. Deleted immediately when you disconnect
• Account data — retained until you request account deletion

9. Data transfers

Your data is stored on servers in the European Union. When we post content to social platforms on your behalf, that content is sent to the platform's servers (which may be outside the EU) — this is inherent to the service you're using. We use Anthropic's Claude API for AI processing; Anthropic processes data under their privacy policy and does not retain API inputs.

10. Cookies

We use a single authentication cookie to keep you logged in. No tracking cookies, no analytics cookies, no third-party cookies. Under GDPR, this cookie is exempt from consent requirements as it is strictly necessary for the service to function.

11. Changes to this policy

If we change this policy, we'll update the date at the top. For significant changes, we'll notify you by email.

12. Contact and supervisory authority

Questions about your privacy? Email us at privacy@crafters.social

If you believe we're not handling your data correctly, you have the right to lodge a complaint with your local data protection authority (supervisory authority) in your EU member state.