Privacy Policy
Effective: 29 April 2026 · Last updated: 29 April 2026
This Privacy Policy explains how Credtech Solutions (“Credtech”, “we”, “us”, “our”) collects, uses, stores and shares personal information when you use Credtech Trigger (the “Service”), a social-media intelligence platform that helps brands, political campaigns, and corporate clients monitor and analyse public conversation across X (Twitter), Facebook, Instagram, and Threads.
We are committed to protecting your privacy and complying with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (India), Meta Platform Terms, and applicable platform developer policies.
1. Who we are
Data controller: Credtech Solutions
Service: Credtech Trigger (trigger.credtechsolutions.com)
Contact: creativeboyankit@gmail.com
Jurisdiction: India
2. Information we collect
2.1 Information you provide
- Account credentials: name, email address, password (hashed)
- Project configuration: keywords, narrative briefs, exclusion briefs, watchlist handles
- Telegram chat ID for notification routing (optional)
- Communications you send to our support team
2.2 Information from connected platforms
When you authorise Credtech Trigger to connect to your Facebook Page, Instagram Business account, X account, or Threads profile, we receive the following from the relevant platform:
- Facebook / Instagram (Meta): your public profile, email, the list of Pages you administer, posts and comments published on those Pages, post engagement metrics (reactions, comments, shares, impressions), Page audience insights (aggregated), and authentication tokens.
- X (Twitter): public posts that match your configured keywords, post metadata (likes, retweets, views), public author profile fields (handle, name, follower count, verified status), and the URLs of those posts.
- Threads: public posts matching your search criteria and their public author profile fields.
We do not collect: private messages from third parties, password data of platform users, payment information of platform users, or content from non-public accounts.
2.3 Information collected automatically
- Log data: IP address, browser type, device, pages visited, timestamps
- Cookies and similar technologies for session management and authentication
- Usage analytics: features used, fetch frequency, error rates
3. How we use information
| Purpose | Legal basis |
|---|---|
| Provide the Service: ingest, classify, and surface social-media content for your projects | Contract |
| AI-powered sentiment, topic, and entity classification using third-party large-language models | Contract / Legitimate interest |
| Generate analytical reports, dashboards, and Telegram notifications | Contract |
| Authenticate users, prevent abuse, secure the Service | Legitimate interest / Legal obligation |
| Communicate with you about service updates, billing, and support | Contract / Consent |
| Comply with legal obligations and platform terms | Legal obligation |
4. How we share information
We do not sell personal information. We share data only with:
- Sub-processors required to operate the Service: cloud hosting (VPS provider), database (PostgreSQL), AI provider (OpenAI for sentiment and topic classification), Telegram (for notification delivery if you opt in), and email providers.
- Authorised users within your organisation whom you grant access to your projects.
- Legal authorities when required to comply with valid legal process.
- Successors in the event of a merger, acquisition, or asset sale (with notice to you).
Public content fetched from platforms (e.g. tweets, public posts) is processed within your project workspace and is visible only to authorised users you have invited.
5. AI processing & automated decisions
We use OpenAI’s GPT-4o-mini model (or successor models) to classify the sentiment, topic, language, and category of public posts. Inputs to the model are limited to the post text and an anonymised analytical brief; we do not send personally identifiable information about platform users beyond what is publicly visible on the post itself. AI outputs are advisory and do not constitute solely-automated decisions producing legal effects on individuals.
6. Data retention
- Account data: retained while your account is active and for 90 days after closure
- Project tweets and posts: retained for the duration of the project plus 12 months, unless you delete earlier
- Aggregated analytics: retained indefinitely in de-identified form
- Server logs: 90 days
- Authentication tokens: stored encrypted, refreshed per platform policy, revoked on logout or disconnection
7. Your rights
Subject to applicable law, you have the right to:
- Access and obtain a copy of your personal information
- Correct inaccurate or incomplete information
- Delete your information (subject to retention obligations)
- Withdraw consent and disconnect any connected platform at any time
- Object to or restrict processing
- Data portability
- Lodge a complaint with a competent data-protection authority
To exercise these rights, contact us at creativeboyankit@gmail.com. See also our Data Deletion Instructions.
8. Security
We use TLS/HTTPS in transit, AES-256 at rest for sensitive fields (auth tokens), bcrypt password hashing, JWT-based session management with short expiry, role-based access control, and audit logging. We restrict employee access on a need-to-know basis. No security control is perfect; we cannot guarantee absolute security.
9. International transfers
Your data is processed primarily in India (server location: Mumbai). Sub-processors may process data in the United States and the European Union. Where transfers occur, we rely on standard contractual clauses or adequacy mechanisms.
10. Children
The Service is not directed at children under 18 and we do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.
11. Meta-specific disclosures
When you authorise Credtech Trigger via Facebook Login, we request the minimum permissions necessary to operate the Service. We use Meta data only to provide the analytics features you have configured. We do not place advertising on the Service, do not transfer Meta data to advertising networks, do not use Meta data to build user profiles for retargeting, and do not combine Meta data with data sourced from data brokers. Meta data is encrypted at rest and in transit, and is deleted when you disconnect your Page or close your account, in line with our data-retention schedule above.
12. Changes to this policy
We may update this policy. Material changes will be communicated via email and a prominent in-app notice at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent revision.
13. Contact
For privacy questions, data-subject requests, or to disconnect Meta data, write to creativeboyankit@gmail.com.