This privacy policy explains how truethinks ltd (“we”, “us”, “our”), operator of the Contentrue platform and its associated brand websites (collectively, the “Service”), collects, uses, stores and protects personal information. We are the data controller for the purposes of the UK GDPR and the Data Protection Act 2018.
1. Information we collect
- Account information — name, email address and authentication credentials when you register as an administrator or connect a brand account.
- Connected platform data — when you connect an Instagram Business/Creator account via Meta’s Instagram Graph API, we receive your Instagram user ID, username, account type and an access token. We use this solely to publish content you schedule through the Service.
- Content you submit — text, images, videos, prompts and any other material you or your team create, upload or generate through the Service.
- Technical data — IP address, browser type, device information, session cookies and log data generated when you use the Service.
- Comments and interactions — if you leave a comment on a brand website, we store the name, email address, comment body and IP address you provide.
2. How we use your information
- To provide, maintain and improve the Service.
- To publish content you schedule to connected third-party platforms (e.g. Instagram).
- To send transactional notifications (e.g. sign-in confirmations, publishing status).
- To detect, prevent and address fraud, abuse and security incidents.
- To comply with our legal obligations.
3. Legal bases (UK GDPR)
We process personal data on the following legal bases: performance of a contract with you; your consent (where required, e.g. for connecting an Instagram account); our legitimate interests in operating a secure platform; and compliance with legal obligations.
4. Sharing with third parties
We do not sell personal data. We share data only with processors necessary to operate the Service, including:
- Meta Platforms, Inc. — Instagram Graph API, for publishing content you have scheduled.
- OpenAI, Google (Gemini) and Wiro — AI providers used to generate textual and visual content on your behalf. Prompts and source images you submit may be transmitted to these providers in accordance with their own policies.
- Cloudflare, Resend and our hosting provider — infrastructure, email delivery and content delivery.
- Competent authorities — where required by law.
5. Instagram data handling
Access tokens obtained through Instagram Graph API are stored encrypted in our database and are used exclusively to publish content to your own connected account. We do not read your private messages, and we do not share Instagram-derived data with any third party other than as strictly required to complete a publishing action. You may revoke our access at any time from your Instagram settings or by disconnecting the account inside the Service admin panel.
6. Data retention
Account and content data are retained for the duration of your use of the Service and for a reasonable period thereafter to comply with legal and operational obligations. Instagram access tokens are retained until you disconnect or the token expires.
7. International transfers
Some of our service providers are based outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.
8. Your rights
Under the UK GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability and to lodge a complaint with the Information Commissioner’s Office (ico.org.uk). To exercise any of these rights, contact us using the details below.
9. Security
We apply industry-standard technical and organisational measures including TLS encryption in transit, hashed credentials, encrypted token storage, role-based access controls and regular backups.
10. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified on this page with an updated revision date.
12. Contact
truethinks ltd
128 City Road, London, EC1V 2NX, United Kingdom
Email: info@truethinks.co.uk
Telephone: +44 77 9314 3501