Last updated: June 28, 2026
This Privacy Policy explains how CuteDyno ("CuteDyno", "we", "us" or "our") collects, uses, shares and protects personal data in connection with the CuteDyno social-media scheduling, publishing, analytics and team-collaboration platform (the "Service") and the websites at cutedyno.com and related sub-domains (the "Site"). It applies to visitors to the Site, account holders, members of customer workspaces, prospects, and anyone else who interacts with us. By using the Site or the Service you acknowledge this Policy. For our contractual terms, see our Terms of Service.
1. Who We Are (Data Controller)
CuteDyno operates the Service from India and acts as the data controller for account, billing, Site analytics, marketing and Service-usage data described in this Policy.
- Contact address: Sunrise Symphony, Newtown AA2B, Kolkata, India 700161
- Email: team@cutedyno.com
For all privacy questions, requests and complaints you can reach us at team@cutedyno.com.
2. The Service in Brief
CuteDyno lets you connect TikTok accounts (available now) and Facebook, Instagram, LinkedIn, and YouTube accounts (rolling out by account access) to centrally schedule, publish, analyse and collaborate on content. The platform includes a calendar and scheduling engine, a media library, a publishing queue, analytics, comments management, team and workspace management, a REST API, an MCP server, and free marketing tools on the Site. Some features depend on your plan and on the platforms available to your account.
3. The Data We Collect
3.1 Account and identity data
- Name, email address, password (stored as a salted hash), profile picture, organisation or workspace name, role, language and timezone preferences.
- If you sign in via Google, the basic profile fields and email returned by that provider.
- Workspace and team membership, invitations sent and accepted, and the permissions granted within a workspace.
3.2 Connected platform data
When you connect a third-party social account to CuteDyno we receive and store, via that platform's API:
- OAuth access and refresh tokens (encrypted at rest), the scopes you granted, the platform username and identifier, and account-level metadata (for example profile picture, follower counts, page IDs and channel IDs).
- Content and engagement data needed to provide the Service: posts you create or schedule, posts already published, comments where you have enabled that feature, post-level analytics (impressions, clicks, reach and similar metrics), and audience-level aggregates the platform exposes.
3.3 Content you upload
Text, images, video, audio, captions, links, hashtags, schedules, comments, approval notes, calendar metadata and any other content you upload to or create within the Service.
3.4 Billing data
Plan, subscription status, invoice history, billing email, billing address and tax identifiers. Card details and bank-account details are collected and stored directly by Stripe; CuteDyno only receives a tokenised reference, the last four digits, the brand, and the expiry month and year.
3.5 Logs, usage and device data
- IP address, user-agent, browser type and version, operating system, device identifiers, referrer URL, language preference, approximate location derived from IP (country or region).
- Application telemetry: pages visited, features used, posts created, published or failed, API calls made, error reports, performance metrics and crash data.
- Session and authentication data, including login timestamps, session tokens and security events (for example password changes).
3.6 Communications and support data
Messages you send to us by email or via support channels; surveys, feedback and feature requests; engagement metrics for marketing emails you receive (open rate, click rate, links clicked).
3.7 Cookies and similar technologies
We use cookies, local storage and similar technologies for authentication, security, preferences and analytics. Categories include strictly necessary, functional and analytics cookies. You can manage non-essential cookies through the in-page consent banner or your browser settings; disabling strictly necessary cookies will break parts of the Service.
4. How We Use the Data and Legal Bases
We process the data described above for the purposes below. Where the GDPR (or UK GDPR) applies, the legal basis for each purpose is shown in brackets.
- Provide the Service — authenticate users, create and manage your account and workspaces, store and publish your content to connected platforms, return analytics, and provide customer support. (Performance of contract.)
- Bill and collect payment — issue invoices, manage subscriptions, prevent payment fraud, comply with tax law. (Performance of contract; legal obligation.)
- Secure the Service — detect and prevent abuse, fraud, account takeover, brute-force attacks, spam and infrastructure attacks; investigate incidents; enforce the Terms. (Legitimate interests in keeping the Service safe; legal obligation.)
- Operate, maintain and improve the Service — debug, monitor uptime, measure performance, and build aggregated usage analytics. (Legitimate interests in running and improving a reliable Service.)
- Communicate with you — send service-related messages (receipts, security alerts, post-failure notices, scheduled-post confirmations) and, where you have opted in or where permitted, marketing communications. (Performance of contract; consent or legitimate interests, depending on the message and your jurisdiction.)
- Comply with law — respond to lawful requests, enforce our rights, defend claims. (Legal obligation; legitimate interests.)
We do not use the content of your scheduled posts, your connected-platform content, or your private messages to send you advertising, and we do not sell that data.
5. CuteDyno as Controller vs Processor
For account, billing, Site analytics, marketing and security data, CuteDyno acts as a data controller.
For the content you publish through the Service and the personal data of your audience, followers, customers and message contacts that flows through CuteDyno on your instructions, CuteDyno acts as a data processor on your behalf, and you are the controller. You are responsible for having a lawful basis for that processing, for providing notices and obtaining consents from your end-users, and for honouring their rights. On request we will sign our standard Data Processing Addendum (DPA), which incorporates the EU Standard Contractual Clauses (and the UK Addendum) where relevant; email team@cutedyno.com to request it.
6. Who We Share Data With
We do not sell personal data and we do not rent it to third parties. We share data only with:
- Sub-processors and infrastructure providers — including cloud hosting and storage (including Cloudflare R2), content delivery, database providers, error-monitoring vendors, transactional email providers (Resend), analytics platforms, and payment processors (Stripe). We require these vendors to provide adequate security and to process data only on our instructions and for the agreed purposes.
- Connected third-party platforms — when you schedule or publish content, we transmit it to the platform you selected; when you request analytics, we receive it from that platform. Each platform's own privacy policy governs what it does next.
- Other members of your workspace — content, schedules, comments and approval activity are visible to the other people in the workspaces you join, according to the role and permissions assigned to them.
- Professional advisors — accountants, auditors, lawyers, insurers and similar advisors, under confidentiality.
- Authorities — when we are legally required to disclose data (court order, valid law-enforcement request, regulatory request) or when disclosure is necessary to investigate or prevent fraud, abuse, security threats or harm to people. Where lawful we will attempt to redirect the request to you first.
- Successor entities — in the event of a merger, acquisition, financing, reorganisation or sale of assets, in which case we will require the recipient to honour this Policy or provide notice of any new policy.
7. International Data Transfers
CuteDyno operates from India, and we use sub-processors in the United States, the European Union, the United Kingdom and other jurisdictions. As a result, personal data we process may be transferred to and stored in countries outside your own, including countries that may not have been recognised as providing an adequate level of protection by the European Commission, the UK ICO or other regulators.
Where personal data subject to the GDPR or UK GDPR is transferred to a country without an adequacy decision, we rely on the European Commission Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by additional technical and organisational measures (encryption in transit and at rest, access controls, contractual restrictions on sub-processor use of the data). You may request a copy of the relevant safeguards by emailing team@cutedyno.com.
8. Data Retention
- Account data — kept for as long as your account is active. After account closure, retained for up to 90 days to allow recovery, then deleted or anonymised, except where longer retention is required.
- Scheduled content not yet published — kept until published or until you delete it.
- Published-post records and analytics — kept while your account is active, so historical analytics remain available.
- OAuth tokens — kept while the connection is active; revoked tokens are deleted promptly. You can disconnect a platform at any time from your account settings.
- Billing records — retained for the period required by tax and accounting law in the relevant jurisdictions (typically 7 years).
- Logs — operational and security logs are typically retained for up to 12 months.
- Backups — encrypted backups roll off on their normal schedule (typically within 30–90 days) after deletion from the live system.
Where retention is required for legal, regulatory, dispute-resolution or fraud-prevention reasons, we may keep data longer than the periods above.
9. Security
We maintain administrative, technical and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include: encryption of data in transit (TLS) and of sensitive data at rest; encryption of OAuth tokens; password hashing with a modern algorithm; role-based access controls and least-privilege provisioning; audit logging; vendor security reviews and contractual data-protection commitments; and incident-response procedures. No system is fully secure, and we cannot guarantee absolute security.
10. Your Rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you and receive a copy in a portable format;
- request correction of inaccurate or incomplete data;
- request deletion of your data, subject to retention obligations;
- object to or restrict certain processing, including direct marketing;
- withdraw consent where processing is based on consent (without affecting the lawfulness of processing already carried out);
- opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising — CuteDyno does not sell personal data and does not share it for cross-context behavioural advertising as those terms are defined under the California Privacy Laws;
- lodge a complaint with your supervisory authority (in the EU or UK) or with the Data Protection Board of India where applicable.
Most account changes can be made by signing in to your account and editing your profile, billing or workspace settings, or by disconnecting a platform from the integrations page. To exercise rights that cannot be handled in-product, email team@cutedyno.com. We will respond within the timeframe required by applicable law (typically 30 days, extendable for complex requests). We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.
11. Google API Services and YouTube Data
CuteDyno's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect a YouTube channel, we request access only to the scopes needed to schedule and publish videos on your behalf:
- youtube.readonly: to identify your connected channel (name, channel ID and profile image), list your videos, and check upload status.
- youtube.upload: to upload videos you schedule through CuteDyno to your YouTube channel.
- yt-analytics.readonly: to show basic channel analytics (views, likes, comments, watch time) in your CuteDyno dashboard.
We use this Google user data solely to:
- display your connected YouTube channel in the CuteDyno dashboard;
- publish video content that you create, schedule and approve within CuteDyno;
- show channel and video performance metrics for your connected YouTube account;
- maintain your connection (including securely storing OAuth tokens and refreshing access tokens as needed).
We do not use Google user data for advertising, retargeting, interest-based profiling, data brokerage, credit decisions, or any purpose unrelated to providing CuteDyno's scheduling features. We do not sell Google user data. We do not allow humans to read your Google user data except when necessary for security investigations, to comply with applicable law, or with your explicit permission for support.
OAuth tokens and channel metadata are stored securely and deleted when you disconnect your YouTube channel from CuteDyno. Disconnecting in your CuteDyno dashboard revokes our access via Google's OAuth revocation endpoint. You can also remove CuteDyno's access at any time from your Google Account permissions page. Your use of YouTube features is also subject to the YouTube Terms of Service and the Google Privacy Policy.
12. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the "California Privacy Laws") gives you the rights summarised in Section 10, including the right to know what categories of personal information we collect about you and the purposes for which we use them (described in Sections 3 and 4), the right to delete, the right to correct, the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights. CuteDyno does not sell personal information and does not share it for cross-context behavioural advertising. To exercise your California rights, email team@cutedyno.com.
13. India (Digital Personal Data Protection Act)
Where India's Digital Personal Data Protection Act, 2023 ("DPDP Act") applies, CuteDyno handles personal data in accordance with its requirements. You have the right to access information about personal data we process about you, request correction or erasure where applicable, nominate another individual to exercise your rights in certain circumstances, and raise grievances with us. Requests and grievances should be sent to team@cutedyno.com.
14. Children
The Service and the Site are intended for business use and are not directed to children. We do not knowingly collect personal data from children under the age of 18. The Service is not designed for, marketed to, or directed at children under 13 within the meaning of the U.S. Children's Online Privacy Protection Act ("COPPA"), the EU GDPR's children's-data protections, or comparable laws in other jurisdictions. If you are a parent or guardian and believe a child has provided us with personal data, please contact us at team@cutedyno.com and we will delete it.
15. Marketing and Cookie Choices
You can unsubscribe from marketing emails at any time using the unsubscribe link in any such email. Unsubscribing from marketing does not stop transactional and account-related emails, which are necessary while your account is active. You can manage cookie preferences via the consent banner on the Site (where displayed) or your browser settings.
16. Third-Party Sites and Services
The Site and the Service link to and integrate with third-party services. Their handling of your data is governed by their own privacy policies, not this one. We encourage you to review the privacy policy of any platform you connect to CuteDyno, including the Google Privacy Policy for YouTube integrations.
17. Changes to this Policy
We may update this Privacy Policy from time to time. If a change is material we will provide reasonable notice (for example by email or in-product notice) before it takes effect. The date the Policy was last updated is shown at the top of this page; we encourage you to review it periodically.
18. Contact Us
For privacy questions, requests, or complaints, email team@cutedyno.com, or write to us at:
- CuteDyno — Sunrise Symphony, Newtown AA2B, Kolkata, India 700161
