Social To Posts

Privacy Policy

Last updated: July 13, 2026

1. Scope

This Policy describes how 9D CREATIVE OFFICE (the "Operator") handles information in connection with Social To Posts (the "Service").

2. Information we collect

  • Account information such as your name, email address, and authentication information
  • Your Google account identifier, verified email address, and name when you choose Google authentication
  • The name, URL, and connection information of a registered WordPress site
  • Connection status, selected Instagram media IDs, import results, and error logs sent by the WordPress plugin
  • Instagram user ID, username, posts, images, videos, captions, timestamps, and access tokens
  • Subscription status, payment identifiers, and Service usage history
  • Access, device, and browser logs needed for security, fraud prevention, and troubleshooting

We do not collect or store your Instagram password. The WordPress plugin sends your plugin-account password for authentication during setup but does not retain it in WordPress. When Google authentication is used, Google passwords, access tokens, and ID tokens are not stored in WordPress.

3. Purposes of use

  • Authenticating users, providing the Service, and managing subscriptions
  • Retrieving, caching, and importing Instagram posts authorized by the user
  • Responding to inquiries, incidents, security issues, and misuse
  • Sending essential notices about incidents, maintenance, or material Service changes
  • Complying with law and enforcing the Terms of Service

4. External services and recipients

To provide the Service, we may transmit information as necessary to Meta Platforms and Instagram, the user's WordPress site, Stripe, Google, Resend, Supabase, Vercel, and other hosting or infrastructure providers. We do not sell personal information. We disclose information to another party only as needed to provide the Service, with consent, or as required by law.

Essential email delivery uses Resend. The recipient email address, name, subject, message body, and delivery result may be transmitted and retained as necessary. Promotional email, if introduced, will use separate consent and unsubscribe controls.

The WordPress plugin sends information to the Service API only when an administrator performs an operation such as setup, connection, status checking, synchronization, import, or billing management.

5. Retention and security

We retain information only for as long as needed for the purposes described above and delete or anonymize it when it is no longer required, except where law requires retention. Instagram access tokens are encrypted, and we apply reasonable access controls and other security measures.

6. Your rights and deletion

You may disconnect Instagram at any time. Disconnection removes the stored Instagram access token, connected-account information, and cached posts. See the data deletion instructions.

You may request deletion of your Service account from the account-deletion screen after signing in. An active paid subscription must first reach the end of its current billing period. Personal and linked data, including a Google account identifier, will be deleted, while records required for law, accounting, security, or operational auditing may be retained in anonymized form or under the payment provider's policy.

Posts, images, and custom fields already imported into WordPress remain on the user's WordPress site and are not automatically deleted when the Service subscription or Instagram connection ends.

7. Changes to this Policy

We will publish updates to this Policy through the Service. Material changes will be communicated by a reasonable method before or when they take effect.