Privacy Policy

CountX ("we", "us", "our") operates the website countx.io and provides a social media analytics, content management, and publishing platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

By using CountX, you agree to the collection and use of information in accordance with this policy.

When you connect your social media accounts through our Service, we may collect:

• Instagram & Meta Data: Profile information (username, biography, profile picture, follower/following counts), media data (posts, reels, stories), and performance insights (reach, impressions, engagement, views).
• Facebook Page Data: Page name, page ID, connected Instagram accounts, and page-level engagement metrics.
• YouTube Data: Channel information, video metadata, and analytics.
• TikTok Data: Profile information, video metadata, and performance metrics.
• Account Information: Email address, name, and organization details provided during registration.
• Published Content: Media files (images, videos) uploaded through our publishing features for distribution to connected social media platforms.

We use the collected data exclusively to:

• Display analytics dashboards and performance metrics for your social media accounts.
• Publish content (photos, reels, stories) to your connected Instagram accounts on your behalf.
• Provide content management and scheduling features.
• Generate performance reports and trend analysis.
• Improve and maintain the Service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Consent: You explicitly authorize access to your social media data through the OAuth consent flow.
• Contract: Processing is necessary to provide the Service you subscribed to.
• Legitimate Interest: To maintain security, prevent fraud, and improve the Service.

Your data is stored on secure servers within the European Union (AWS eu-central-1, Frankfurt). In the production CountX application, we retain social media analytics and account data for up to 12 months to provide historical reporting, trend analysis, and operational support.

Upon account deletion or explicit deletion request, we delete the associated data within 30 days. When you disconnect a social media account, we stop collecting new data and retain existing historical data for up to 12 months unless you request earlier deletion.

Uploaded media files used for content publishing are stored temporarily and deleted within 7 days after publishing.

We share data only with the following categories of service providers:

• Meta Platforms, Inc. — To access Instagram and Facebook APIs on your behalf.
• Cloud Infrastructure: Neon (PostgreSQL database), Cloudflare (CDN & storage), Vercel (hosting) — all with EU data processing agreements.
• Payment Processors: BOG Bank and NOWPayments — for subscription billing and renewals (we do not store full card details).

We do not transfer data outside the EU/EEA without adequate safeguards.

Under GDPR, you have the right to:

• Access your personal data we hold.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten").
• Restrict processing of your data.
• Data Portability — receive your data in a machine-readable format.
• Object to processing based on legitimate interest.
• Withdraw Consent at any time by disconnecting your accounts or contacting us.

To exercise any of these rights, contact us at privacy@countx.io.

You can request deletion of your data at any time by:

• Disconnecting your social media accounts within the Service.
• Deleting your CountX account in the settings.
• Sending a request to privacy@countx.io.
• Using our Data Deletion page.

We will process deletion requests within 30 days and provide confirmation.

We use essential cookies to maintain your session and authentication state. We do not use third-party advertising trackers or analytics cookies.

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.3), access control, and regular security audits. OAuth tokens are encrypted before storage.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice in the Service. Continued use after changes constitutes acceptance.

If you have questions about this Privacy Policy, contact us at: