Privacy Policy

Last updated: June 8, 2026

The following Privacy Policy (the “Policy”) discloses the privacy practices of StarlightIQ, LLC (“Company,” “we,” “our,” and “us”) with respect to https://starlightiq.com and all affiliated sub-domain websites and applications owned or operated by Company, including all content, functionality, and services offered on or through such websites and applications (together, the “Platform”). This Policy is incorporated into and subject to the Company’s Terms of Use, including but not limited to terms waiving liability and requiring arbitration of disputes.

As part of the normal operation of the Platform, we collect and, in some cases, disclose information about you. This Policy describes the information we collect about you and what may happen to that information.

By clicking "I Agree," checking the consent box, or otherwise affirmatively indicating your acceptance during the registration or subscription process, you acknowledge that you have read, understood, and agree to be bound by this Policy. Your click or affirmative action constitutes your express consent to our collection, use, and disclosure of your personal information as described herein.

1. Minors

If you are eighteen (18) years of age or younger, you may not use the Platform for any purpose at any time.

2. Information We Collect

We may collect the following information about you:

  • Account Information. We collect your name, contact information, and other personal and professional information you provide to the Company to register or maintain your account.
  • Demographic Information. We collect information about your age, gender, and other demographics.
  • Device Information. We collect your IP address, operating system and version, and other device information.
  • Commercial Information. The Platform allows you to upload, store, and manage third-party commercial contracts and information regarding your commercial relationships (together, “Uploaded Content”). We collect information from your Uploaded Content, including but not limited to counterparty names, contract terms, deliverables, deadlines, and payment information. See Section 9 of this Privacy Policy for further information and disclaimers about Uploaded Content.
  • Usage Information. We automatically collect information about your usage of the Platform, including your transactions, the features you use, and the time you spend using different components of the Platform.
  • Your Correspondence. If you send us emails, letters, or other personal correspondence, or if other users or third parties send us correspondence about your activities or postings on the Platform, we may collect such information into a file specific to you.
  • Payment Information. To access and use the Platform, you are required to purchase a subscription. In connection with processing your payment, we collect and securely store your payment information, including your name, billing address, credit or debit card number, card expiration date, and any other transaction-related information necessary to complete your purchase. We may also retain records of your transaction history, including payment amounts, dates, and subscription details.
  • Other Personal Information. We may collect other personal information that you voluntarily provide to us in connection with your use of the Platform, such as your biographical information, employment history, educational history, employment preferences, skills and abilities, social media engagement metrics, personal connections, contract terms, and other entertainment industry metrics.
  • Location Information. When you use the Platform, we collect information about your approximate geographic location.

3. How We Collect Your Information

We collect information that you provide to us on the Platform. We also collect information about you through automatic data collection technologies. This information may include device information and usage information. For example, we use "cookies" on certain pages of the Platform. Cookies are small files that can be used to track a user's steps or automatically generate a user's password. Among other things, cookies allow you to enter your password less frequently during a session and can help us provide information targeted to your interests. Cookies are stored on your hard drive, not on the Platform. Most cookies are automatically deleted at the end of a session. Some cookies stay on your computer until you manually delete them. You may decline our cookies if your browser permits, although your use of the Platform may then be restricted.

4. Our Use of Your Information

We may use your information in the following ways:

  • Communication. We use your information to communicate with you about our products and services, including product updates and changes to our policies and terms.
  • Platform Features. We use your information to provide the core functionality of the Platform, including organizing, summarizing, and tracking your commercial relationships.
  • Payment. We use your payment information solely for the purposes of processing your subscription payments, managing your account, and complying with applicable legal and regulatory requirements.
  • Promotion. We use your information to enhance our marketing and promotional efforts, improve our content and services, and offer new services and promotions to you that are targeted to your interests. You may opt out of promotional communications at any time by following the unsubscribe instructions in any marketing email or by contacting us directly.
  • Research. We use your information for research, surveys, product testing, and troubleshooting to help us operate and improve our products and services.
  • Artificial Intelligence. Except as provided in Section 9 of this Policy, we use your information for the training, development, and deployment of artificial intelligence systems accessible only to the Company.
  • Terms of Use Fulfillment. We use your information to carry out our obligations and enforce our rights arising from the Terms of Use, including for billing and collection.
  • Dispute Resolution. We use your information to resolve disputes, troubleshoot problems, and enforce our Terms of Use.

5. Our Disclosure of Your Information to Third Parties

Except as provided in Section 9 of this Policy, we may disclose and sell aggregated information about our users without restriction, including to advertisers and analytics companies. We may also disclose any categories of personal information about you as follows:

  • Law Enforcement. We may disclose any information about you to law enforcement, regulatory bodies, or other government officials as we, in our sole discretion, believe necessary or appropriate, in connection with an investigation of fraud, intellectual property infringement, or other activity that is illegal or may expose us to legal liability.
  • Legally Required Disclosure. We may disclose any information about you as required by law to consumer reporting agencies, attorney general offices, or any other body mandated by applicable law.
  • Service Providers. We may disclose your personal information to service providers that help deliver our products or services to you, including but not limited to payment processors, our insurers and brokers, our bank(s), and external auditors. Where practicable, we will anonymize this information. Service providers are contractually required to keep your personal information confidential and use it only for the purposes for which it is disclosed to them.
  • Successors. We may share your personal information with a buyer or other successor in the event of a merger, restructuring, reorganization, or other sale or transfer of our assets, whether as a going concern or as part of bankruptcy, liquidation, or a similar proceeding, in which your personal information is among the assets transferred.
  • Other. We may disclose your personal information for any other purpose with your consent.

6. Data Retention

We will keep your personal information while you have an account with us or while we are providing products or services to you. Thereafter, we will keep your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. When it is no longer necessary to retain your personal information, we will securely anonymize or delete it in accordance with applicable law.

7. Consent Records

We maintain records of your consent to this Policy, the Terms of Use, and any other consent you agree to, including the date and time of your acceptance, the version of the record to which you consented, and your identifying account information. These records are retained for the purpose of demonstrating your informed consent and may be used as evidence in any dispute between you and the Company.

8. Data Security

We use commercially reasonable practices that are consistent with standards in the industry to protect your personal information from accidental loss or destruction or from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee that your personal information collected by the Platform will remain private. For example, third parties may unlawfully intercept or access transmissions or private communications. We limit access to your personal information to those who have a genuine business need to access it. We also have procedures in place to address any suspected data security breach. We will notify you via email of a suspected data security breach where we are legally required to do so. We cannot guarantee that a breach will not occur.

9. Uploaded Content

YOU ARE SOLELY RESPONSIBLE FOR ENSURING THAT YOU HAVE THE RIGHT TO PROVIDE ANY AND ALL UPLOADED CONTENT TO THE PLATFORM, AND THAT YOUR PROVISION OF UPLOADED CONTENT, AND OUR COLLECTION AND USE THEREOF PURSUANT TO THIS PRIVACY POLICY, DOES NOT VIOLATE ANY LAW OR ANY CONTRACTUAL, INTELLECTUAL PROPERTY, OR OTHER LEGAL RIGHT OF ANY THIRD PARTY. IF OUR USE OF YOUR UPLOADED CONTENT FOR THE PURPOSES OF (a) THE DISCLOSURE AND SALE OF AGGREGATED DATA OR (b) THE TRAINING OF ARTIFICAL INTELLIGENCE, WOULD VIOLATE ANY LAW OR ANY CONTRACTUAL, INTELLECTUAL PROPERTY, OR OTHER LEGAL RIGHT OF A THIRD PARTY, YOU MUST OPT OUT OF SUCH USE WHEN PROVIDING YOUR UPLOADED CONTENT. As set forth more fully in the Terms of Use, the Company has no liability for any damages, losses, liabilities, or claims arising from or relating to your provision of Uploaded Content and the Company’s collection and use thereof.

10. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to access, correct, update, or delete your personal information; the right to restrict or object to certain processing of your personal information; the right to data portability; and the right to withdraw consent where processing is based on consent. To exercise any of these rights, please contact us using the information provided below. We will respond to your request in accordance with applicable law.

11. Changes to the Policy

We may revise and update the Policy from time to time in our sole discretion. For material changes, we will provide notice via email and a prominent notification on the Platform when you next log in, and we will require you to accept the updated Policy before continuing to use the Platform. For non-material changes, we will post the updated Policy and update the “Last Updated” date above, and your continued use of the Platform constitutes your acceptance.

12. Contact Us

If you have any questions about this Policy or the information we hold about you, please contact us by mail or email at:

StarlightIQ, LLC · hello@starlightiq.com · [mailing address — to be added] · [phone — to be added]

Additional Disclosures for Connected Social Platforms & Privacy Rights

The following platform-specific and regional disclosures supplement the Policy above and govern data we obtain from social platforms you connect, our subprocessors, and your rights under applicable privacy laws.

Data we receive from connected social platforms

When you connect a social account, we store an OAuth access token (and, where applicable, a refresh token) plus only the fields we display. Per platform:

  • Instagram (Graph API): Business/Creator account id, username, follower count, media count, and per-post insights (reach, impressions, engagement).
  • Facebook (Pages API): Pages you manage, page id, name, follower count, and page-level insights.
  • YouTube Data API + YouTube Analytics API: channel id, channel title, subscriber count, video id/title/description/thumbnail, and aggregate analytics (views, watch time, engagement). StarlightIQ does not request the monetary-revenue scope in its current release.
  • TikTok (Login Kit + Display API): open_id, username, display name, avatar, follower/following/likes counts, and video metadata/stats returned by the video.list endpoint.
  • X (Twitter): user id, username, public profile fields, and public tweet metrics when the feature is enabled.
  • LinkedIn (Sign In with LinkedIn / OpenID Connect): sub (id), name, email, profile picture.

Subprocessors and data sharing

We share data with service providers who process it on our behalf under written agreements:

  • Supabase — authentication and primary database hosting. Privacy policy.
  • Vercel — application hosting and edge delivery. Privacy policy.
  • Resend — transactional email delivery. Privacy policy.
  • Anthropic — AI assistance features (only the content you submit to an AI tool is sent; it is not used to train models under our API agreement). Privacy policy.
  • Google Cloud (Imagen) — optional AI image generation. Privacy notice.
  • Sentry — error monitoring. Privacy policy.

Platform-specific compliance

Google / YouTube

StarlightIQ's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. See the policy at developers.google.com/terms/api-services-user-data-policy. Our use of YouTube data is also governed by the YouTube API Services Terms of Service. You can revoke StarlightIQ's access at any time at myaccount.google.com/permissions. By using StarlightIQ's YouTube integration you also agree to the YouTube Terms of Service , and your data is handled in accordance with the Google Privacy Policy.

Meta (Instagram & Facebook)

Data obtained from Instagram and Facebook is used solely to power the features you see in StarlightIQ (profile display, audience analytics, content history). We comply with the Meta Platform Terms and Developer Policies. Request deletion of platform-sourced data at any time on our Data Deletion page.

TikTok

Our integration complies with the TikTok Developer Terms of Service and the TikTok Developer Platform Guidelines. We request only the minimum scopes needed (user.info.basic, user.info.profile, user.info.stats, video.list) and retain no data beyond what you can see in the dashboard.

X (Twitter)

Our use of X data is governed by the X Developer Agreement and Policy. If you delete a post on X, we will delete our cached copy of that post within 24 hours of the deletion being discoverable via the X API.

LinkedIn

Our use of LinkedIn data complies with the LinkedIn API Terms of Use. We use the Sign In with LinkedIn (OpenID Connect) product and collect only profile identity fields (sub, name, email, picture).

Platform data retention specifics

  • OAuth tokens — retained only until you disconnect the platform or delete your account.
  • Raw YouTube content (video metadata, titles, descriptions, thumbnails) — refreshed or deleted within 30 days, in line with the Google Limited Use policy.
  • Raw Instagram and TikTok post records — the same 30-day refresh-or-delete cap applies.
  • Aggregated / derived metrics — retained for 24 months, then rolled up into monthly summaries.
  • Audit and security logs — retained for 12 months.

EU / UK and California privacy rights

Under the GDPR and UK GDPR, the legal bases on which we rely are: contract (to deliver the service), consent (to connect each social platform, for optional email marketing, and for non-essential cookies), legitimate interest (security, fraud prevention, and product analytics, balanced against your rights), and legal obligation (tax, accounting, and lawful requests). You may access, correct, erase, restrict, object to, or port your data, and withdraw consent at any time, and you may lodge a complaint with your local supervisory authority.

Under the California Consumer Privacy Act (CCPA / CPRA), California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to opt out of the “sale” or “sharing” of personal information, and to be free from discrimination for exercising these rights. To exercise any of these rights, email hello@starlightiq.com.

How to delete your data

  • In-app: Settings → Delete account (preferred; self-service).
  • By email: hello@starlightiq.com with the subject “Delete my data”.
  • Via the Meta data-deletion callback URL we register with Meta. See our Data Deletion page for details and a status-check link.

Deletion is normally completed within 30 days. Backups that contain your data are overwritten on a rolling basis and fully purged within 90 days.

International transfers

StarlightIQ is operated from the United States. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum, together with supplementary safeguards (encryption in transit and at rest).

Cookies

  • Authentication cookies — set by Supabase Auth (HTTP-only) so your session persists. Strictly necessary.
  • OAuth anti-CSRF cookies oauth_state_<platform> and oauth_pkce_twitter protect you while connecting a social account. HTTP-only, 10-minute lifetime. Strictly necessary.
  • Analytics / telemetry — used in aggregate to understand product usage and improve the app.

Security measures

  • All traffic to StarlightIQ is encrypted in transit (TLS 1.2+).
  • Data is encrypted at rest in Supabase-managed Postgres and Vercel storage.
  • OAuth state is signed with HMAC-SHA256 and verified on callback.
  • Access to production infrastructure is restricted to authorized personnel with multi-factor authentication.