Content Synergy Orchestrator (CSO) / IGTK Privacy Policy

Last updated: December 24, 2025

This Privacy Policy explains how Content Synergy Orchestrator ("CSO", "IGTK", "we", "us") collects, uses, and shares information when you use our web application, APIs, and related services (the "Services"). By using the Services you consent to the practices described here.

1. Information We Collect

1.1 Account & Contact Data

• Name, email, company and role when you sign up or contact support.
• Authentication credentials (hashed) and session identifiers.

1.2 Connected Platform Data

When you connect Instagram, TikTok, or other social accounts via OAuth we receive:

• OAuth tokens and associated metadata (user ID, scopes, expiration times).
• Profile information (e.g., username, avatar) allowed by the platform.
• Content metadata (e.g., captions, media IDs, engagement stats) required to power synchronization features. We do not collect passwords for third-party platforms.

1.3 Usage Data

• Log files, device/browser type, IP address, timestamps, feature usage, error reports.
• Optional analytics events used to improve performance and stability.

1.4 Support Data

• Any information you provide in support tickets, feedback forms, or usability research sessions.

2. How We Use Information

• Authenticate you and maintain sessions.
• Connect to platform APIs to sync, transform, and localize your content.
• Provide analytics, health checks, and notifications about sync status.
• Monitor and secure the Services (fraud, abuse, rate-limit enforcement).
• Improve product features and plan roadmaps.
• Communicate updates, security alerts, and legal notices.

3. Legal Bases (EEA/UK)

We rely on the following legal bases under the GDPR:

• Performance of a contract (providing the Services you request).
• Legitimate interests (product improvement, security, preventing abuse).
• Consent (marketing communications where required).

4. Sharing & Disclosure

We do not sell personal data. We may share information with:

• Cloud hosting, storage, and analytics providers processing data on our behalf under confidentiality agreements.
• Platform partners (Meta, TikTok, etc.) strictly within API scope requirements.
• Professional advisors (legal, accounting) under confidentiality.
• Authorities if required by law or to protect rights, property, or safety. If the company undergoes a merger, acquisition, or asset sale, we will notify users before data is transferred or becomes subject to a different policy.

5. Data Retention

• OAuth tokens and related metadata are retained only while your account remains connected; you can revoke access at any time.
• Account information is retained while your subscription is active and for up to 12 months afterward unless deletion is requested earlier.
• Logs and analytics data are retained for up to 24 months for security and auditing.

6. Security

We implement administrative, technical, and physical safeguards, including:

• Encryption in transit (HTTPS) for all network traffic.
• Encrypted storage for secrets and tokens.
• Role-based access controls and audit logging for staff access. Despite our efforts, no system is completely secure; please protect your credentials and notify us of suspected incidents.

7. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete personal data.
• Receive a copy of your data in portable format.
• Object to or restrict certain processing activities.
• Withdraw consent at any time (this will not affect processing already performed). Requests can be submitted to privacy@cso-platform.com. We will respond within 30 days.

8. Children

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided data, contact us for deletion.

9. International Transfers

Data may be stored in the United States or other countries where we or our service providers operate. We use standard contractual clauses or equivalent safeguards for cross-border transfers when required by law.

10. Third-Party Links & Integrations

This policy does not cover third-party websites or services that may be linked from CSO. Their privacy practices are governed by their own policies.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notice with the effective date. Continued use of the Services signifies acceptance of the updated policy.

12. Contact Us

For privacy questions or requests:

• Email: privacy@cso-platform.com
• Mailing: CSO Privacy, 88 Townsend St, Suite 400, San Francisco, CA 94107, USA