Privacy policy
Last updated: 2026-05-20.
What we collect
When you sign in we receive your email address and display name from our identity provider (signin.0p.studio). When you run a search we record the kind of search, the query string, the resulting count of creators, and the moment the job started and finished. We retain the resulting dataset (the rows you paid for) in encrypted S3 storage so you can re-download it later.
What we don't collect
We don't track you across the web. There are no third-party analytics scripts, no advertising pixels, no session replay. We don't sell, share, or resell the data you discover. Every dataset belongs to the household that paid for it.
Where data lives
Application data (humans, households, subscriptions, jobs, ledger entries) is stored in a single Neon Postgres database hosted in the US. Search results are stored in AWS S3 (us-east-1), encrypted at rest with SSE-S3, and only accessible via short-lived signed URLs tied to your account.
Payments
Stripe processes all card payments and x402 facilitates USDC settlements for our pay-per-call surface. We never see your card number; we receive a customer ID, the line items you bought, and a webhook receipt. Stripe's privacy policy lives at stripe.com/privacy.
The discovered data
The creator profiles we surface are publicly visible on Instagram. We don't bypass authentication, don't pull private profiles, and don't republish anything proprietary. Your use of that data must still comply with applicable laws — CAN-SPAM for email outreach, GDPR/CCPA for any data subjects in those jurisdictions. We provide the tool; you remain the data controller.
Deletion
To delete your account or download your data, open a privacy ticket. We respond within 7 days and complete the deletion within 30.