Privacy Policy

1. Information We Collect

• Account information you provide — email address, optional display name, and a securely hashed password. If you sign in with a third-party identity provider, we receive your name and verified email only.
• Connected social account credentials issued through OAuth, stored encrypted at rest and used solely to publish content on your behalf to the accounts you have explicitly connected.
• Content you create or interact with through the Service — articles you select, carousels we generate for you, and a history of which connected accounts you published to.
• Billing information processed by our payment provider. Card details are never stored by Carogen.
• Marketing consent records (timestamp, source, IP, user-agent) retained while your account is active to demonstrate compliance with anti-spam laws.
• Operational analytics — pages visited, errors encountered, request timing — used to monitor service health. We do not use third-party advertising trackers.

2. How We Use Your Information

• To operate the Service and generate content on your behalf.
• To publish to connected social accounts when you ask us to.
• To process subscriptions, credit purchases, and refunds.
• To send transactional email such as verification, password reset, and billing receipts.
• To send marketing email only if you have opted in. You can opt out at any time.
• To detect and prevent fraud, abuse, and platform-policy violations.
• To improve the Service using aggregated, anonymized usage data.

3. Security

We use industry-standard encryption in transit and at rest, follow recognized password-hashing standards, and limit internal access to personal data on a need-to-know basis. No method of transmission or storage is 100% secure, but we work to protect your information using commercially reasonable measures.

4. Data Retention

• Personal data is retained for as long as your account exists.
• When you delete your account, personal data is removed promptly. Records required for legal, tax, accounting, or fraud-prevention reasons may be retained for the period required by applicable law.
• Aggregated, de-identified analytics may be retained indefinitely.

5. Service Providers

We rely on trusted third-party providers to host the Service, deliver email, process payments, and provide AI capabilities. These providers process personal data only as needed to deliver their services and under contractual confidentiality and security obligations. We do not sell your personal information.

6. Your Rights

• Access, correct, or delete your personal data.
• Opt out of marketing email at any time — one-click from any marketing email or via your account preferences.
• Disconnect connected social accounts at any time.
• Request a copy of your data in a portable format.

Use the controls in your account or contact us to exercise these rights.

7. Cookies

Carogen uses only essential cookies for session authentication and your theme preference. We do not set third-party advertising cookies.

8. Children's Privacy

The Service is not intended for individuals under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has signed up, please contact us and we will delete the account.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be announced by email or by a banner inside the Service. Continued use after a change takes effect constitutes acceptance.

10. Contact

Questions or concerns about this policy? Use the contact form.