CCreative Agency OS
Privacy Policy

Privacy Policy

Effective date: April 14, 2026 · Last updated: April 14, 2026

This Privacy Policy describes how Creative Agency OS ("Creative Agency OS", "we", "us", or "our") collects, uses, shares, and protects information in connection with the Creative Agency OS platform at caos.business (the "Service"). We built this policy to be readable, specific, and honest about what happens to your data.

1. Introduction

Creative Agency OS is a content management and publishing platform used by brands and agencies to plan, review, schedule, and publish social media content to third-party platforms such as TikTok, Instagram, and Facebook. This policy applies to the caos.business website and the Creative Agency OS application.

By using the Service you agree to the practices described below. If you do not agree, please do not use the Service.

2. Information we collect

Information you provide

  • Account information — your name, email address, organization, role, and password when you create an account.
  • Brand information — the names, logos, brand assets, voice guidelines, and team members you add to each brand workspace.
  • Content — the posts, captions, images, videos, and scheduling data you create, upload, or import into the Service.
  • Communications — messages you send to us at hello@caos.business or through in-product support.

Information collected automatically

  • Log and device data — IP address, browser type, operating system, referring pages, and timestamps of your visits.
  • Usage data — actions you take inside the Service, such as posts created, approvals given, and schedules set.
  • Cookies — we use strictly necessary cookies to keep you signed in and to remember your preferences. We do not use advertising or cross-site tracking cookies.

Information from connected platforms

When you connect a social media account (TikTok, Instagram, Facebook) to a brand workspace, we receive information from that platform's official API as described below.

3. How we use information

We use the information we collect to:

  • Operate, maintain, and improve the Service.
  • Authenticate you and secure your account.
  • Publish the content you schedule to the platforms you have connected.
  • Provide analytics on the performance of content you have published.
  • Respond to your questions and provide support.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell your personal information, and we do not use the content of your posts to train machine learning models.

4. TikTok API data

TikTok platform data

When you connect a TikTok account to Creative Agency OS, we access and handle data through the official TikTok APIs (including the TikTok Login Kit, Content Posting API, and Display API), subject to TikTok's Developer Terms of Service and Community Guidelines.

What we receive from TikTok

  • Your TikTok open ID, union ID, display name, avatar, and basic profile information, so we can identify the connected account inside Creative Agency OS.
  • An access token and refresh token, which we use only to publish content you have scheduled and to read metrics on content you have published through the Service.
  • Metadata about videos you publish through Creative Agency OS, including video ID, caption, upload status, and publishing result.
  • Aggregate insights for posts published through the Service, such as views, likes, comments, and shares.

How we use TikTok data

  • To publish content you have reviewed, approved, and scheduled inside Creative Agency OS.
  • To show you the status and performance of content you have published through the Service.
  • To display the connected account inside the brand workspace so your team knows which account a post will go to.

How we store and protect TikTok data

  • Access tokens and refresh tokens are stored encrypted at rest and transmitted only over TLS.
  • TikTok data is only accessible to the users who are members of the brand workspace the TikTok account is connected to.
  • We do not sell, rent, or share TikTok data with third parties for advertising purposes.
  • We do not use TikTok data to train machine learning or AI models.

How to revoke access

You can disconnect a TikTok account from Creative Agency OS at any time from the brand workspace settings, which revokes our access tokens and stops any further API access. You can also revoke access from within your TikTok account settings at tiktok.com. On disconnection, we delete stored TikTok access and refresh tokens and mark associated TikTok data for deletion in accordance with the retention schedule below.

5. Instagram & Facebook data

When you connect an Instagram or Facebook account through Meta's official Graph API, we receive similar information (account identifiers, access tokens, and post metrics) that we use only to publish and report on content you have scheduled through Creative Agency OS. The same protections described for TikTok data apply to Meta platform data. You can disconnect a Meta account at any time from the brand workspace settings, or revoke access from your Facebook or Instagram account settings.

6. Sharing and disclosure

We share information only in the following limited circumstances:

  • With other members of your brand workspace — the content, comments, and approvals inside a brand workspace are visible to the team members you have invited.
  • With third-party platforms you have connected — when you schedule a post to TikTok, Instagram, or Facebook, the post is sent to that platform's API for publishing.
  • With service providers — we use infrastructure providers for hosting, database, and email delivery. These providers are bound by contract to process data only on our instructions.
  • For legal reasons — we may disclose information if required by law, subpoena, or to protect the rights, property, or safety of Creative Agency OS, our users, or the public.
  • In a business transfer — in the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction; we will notify you before your information becomes subject to a different privacy policy.

7. Data retention and deletion

We keep your information for as long as your account is active or as needed to provide the Service. When you delete your account or disconnect a social media account:

  • Access tokens and refresh tokens for the disconnected account are deleted immediately.
  • Platform-specific data (such as cached post metrics) is deleted within 30 days.
  • Backups containing the deleted data are rotated out within 90 days.

You can request full deletion of your account and associated data at any time by emailing hello@caos.business.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Request deletion of your personal information.
  • Object to or restrict certain processing.
  • Port your personal information to another service.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email hello@caos.business. We will respond within the time required by applicable law.

9. Security

We protect your data with industry-standard measures including TLS in transit, encryption at rest for sensitive tokens, scoped access controls, and regular security reviews. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your information and will notify you of any incident affecting your data as required by law.

10. Children

Creative Agency OS is a business tool intended for use by adults operating on behalf of brands and agencies. The Service is not directed to children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or inside the Service. Your continued use of the Service after an update means you accept the revised policy.

12. Contact us

If you have questions about this Privacy Policy or how your data is handled, please contact us at hello@caos.business.

Creative Agency OS · caos.business