shieldPrivacy

Privacy Policy

CleoSocial is committed to protecting your privacy. Learn how we collect, use, and safeguard your information.

Last updated: May 31, 2026

1. Introduction

CleoSocial.app ("CleoSocial," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, username, password, date of birth, and profile information (avatar, bio, location, pronouns, social links).
  • User Content: Posts, photos, videos, comments, messages, and other content you create or share on the Service.
  • Communications: Direct messages you send to other users, and any communications you send to us (support requests, feedback).
  • Payment Information: When you make purchases (Patron Saint subscriptions), payment processing is handled by third-party providers (Stripe, Apple App Store, Google Play Store). We do not directly store your full credit card number or banking details.
  • Survey and Research Data: Information you provide when participating in surveys, contests, or research studies.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, browser type and version, screen resolution, and language preferences.
  • Usage Data: Pages visited, features used, time spent on the Service, click patterns, search queries, and interaction data (likes, comments, shares, bookmarks).
  • Log Data: IP address, access times, referring URLs, and pages viewed.
  • Location Data: Approximate location based on IP address. We do not collect precise GPS location unless you explicitly grant permission.
  • Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies as described in our Cookie Policy.

2.3 Information from Third Parties

  • Authentication Providers: If you sign in using a third-party service (e.g., Google, Apple), we receive your name, email address, and profile picture from that service.
  • Analytics Partners: We may receive aggregated analytics data from third-party analytics providers.
  • Advertising Partners: We may receive information from advertising partners to measure ad effectiveness.

3. How We Use Your Information

We use the information we collect to:

  • Provide and Maintain the Service: Operate, maintain, and improve the Service, including personalizing your experience and delivering content relevant to your interests.
  • Account Management: Create and manage your account, authenticate your identity, and process transactions.
  • Content Moderation: Review content for compliance with our Terms of Service and Community Guidelines, including AI-powered content rating and analysis.
  • Communications: Send you service-related notifications, updates, security alerts, and support messages. With your consent, send promotional communications.
  • Safety and Security: Detect, prevent, and address fraud, abuse, security incidents, and technical issues. Enforce our Terms of Service.
  • Analytics and Research: Understand how users interact with the Service, conduct research, and generate aggregated, de-identified analytics.
  • Advertising: Display relevant advertisements and measure their effectiveness.
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, or governmental requests.

4. How We Share Your Information

We may share your information in the following circumstances:

  • Public Content: Your profile information and public posts are visible to other users and may be indexed by search engines.
  • Other Users: When you interact with other users (messages, comments, likes), those users can see your profile information and the content of your interactions.
  • Service Providers: We share information with third-party vendors who perform services on our behalf, including:
    • Cloud hosting and database: Convex
    • Authentication: Clerk
    • Payment processing: Apple App Store, Google Play Store, and Stripe
    • Content delivery and storage: Amazon CloudFront, Amazon S3, and Bunny CDN
    • AI-powered content moderation: Google Gemini and xAI Grok
    • In-app advertising: Google Mobile Ads (AdMob)
    • Product analytics: PostHog
    • Email delivery and support communications
    Each vendor receives only the data necessary to perform its function under a data processing agreement that prohibits secondary use.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as a business asset.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of CleoSocial.app, our users, or the public.
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

We do not sell your personal information. We share data with service providers only as needed to operate the Service, and we aim to collect less data than other platforms.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account Data: Retained until you delete your account, plus a reasonable period for backup and legal compliance (up to 90 days).
  • User Content: Retained until you delete it or your account, subject to backup retention periods.
  • Usage and Log Data: Retained for up to 24 months for analytics and security purposes.
  • Payment Records: Retained for up to 7 years as required by tax and financial regulations.
  • Security Logs: Retained for up to 12 months for fraud prevention and security monitoring.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication through Clerk with support for multi-factor authentication
  • Regular security assessments and vulnerability testing
  • Access controls and employee training on data protection
  • Rate limiting and abuse prevention systems
  • Server-side input sanitization and content filtering

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Advertising and Analytics

CleoSocial may display advertisements within the Service. Our advertising platform allows businesses to create targeted campaigns based on aggregated, non-personally-identifiable criteria such as interests, demographics, and content categories.

We use analytics tools to understand how users interact with the Service. These tools may use cookies and similar technologies to collect information about your use of the Service.

You can manage your advertising preferences in your account settings under Privacy & Content preferences.

Feed Personalization, Content Controls, and Profiling

CleoSocial gives you direct control over the content you see, in support of your digital wellbeing. We personalize your feed using: (a) content controls you set, including your content-rating ceiling and on/off toggles for sensitive content categories such as Political, Religious, Violence, and Sexual Content; and (b) feedback signals you give, such as tapping “See more” or “See less” on a post, which we associate with attributes of that post (its author, topics/hashtags, and content rating) to rank your feed.

Stated controls are not inferences. When you set a content toggle, you are telling us a preference. We do not treat your use of these controls as a declaration of your personal political opinions, religious beliefs, or sexual orientation, and we do not build a profile of those characteristics from your toggles.

Sensitive-interest inference requires your explicit consent. Some categories relate to topics that privacy laws treat as sensitive or special-category data when used to characterize you. We will not infer and store a profile of your sensitive interests unless you give explicit, separate opt-in consent (GDPR Article 9(2)(a)), which you may withdraw at any time. We do not perform sensitive-interest inference or profiling for users under 18. Any inferred-interest data is kept server-side only; we do not sell it or share it for cross-context behavioral advertising.

Where available, you can see why content is recommended to you, reset your feed-personalization signals, and object to automated profiling in your account settings.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Data Portability: Request a copy of your data in a structured, machine-readable format (GDPR data export).
  • Opt-Out: Opt out of promotional communications, targeted advertising, and non-essential data collection.
  • Restriction: Request restriction of processing of your personal information in certain circumstances.
  • Objection: Object to processing of your personal information based on legitimate interests, including automated profiling and feed personalization.
  • Limit Sensitive Data: Limit the use of sensitive personal information and withdraw consent to any inferred-interest profiling at any time.

To exercise these rights, visit your account Settings or contact us at privacy@cleosocial.app. We will respond to your request within 30 days (or as required by applicable law).

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal information internationally, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your information receives an adequate level of protection.

10. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@cleosocial.app.

Teen Users (Ages 13–17)

CleoSocial is designed with the wellbeing of younger users in mind, and we apply additional protections to accounts belonging to users aged 13 to 17:

  • No personalized advertising: users under 18 are never shown personalized or interest-targeted advertisements, regardless of consent.
  • No sensitive-interest profiling: we do not infer or build profiles of sensitive characteristics (such as political, religious, or sexual-content interests) for users under 18.
  • Content controls and ratings: teen accounts can use our content-rating ceiling and content-category controls, and may be subject to a maturity cap.
  • Parental controls: where enabled, a parent or guardian can apply content-rating limits, daily time limits, and related safeguards to a teen’s account.
  • Data minimization: we aim to collect only the information necessary to provide a safe experience for younger users.

If applicable law in your jurisdiction sets a higher minimum age for consent to data processing, we apply that higher age.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of your personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the rights described in Section 8 above.

Our legal bases for processing your personal information include: your consent, performance of a contract (providing the Service), compliance with legal obligations, and our legitimate interests (improving the Service, preventing fraud, ensuring security).

You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@cleosocial.app
  • Website: https://cleosocial.app