🔒 Our Privacy CommitmentCreatorFinder AI takes your privacy seriously. This policy explains what data we collect, how we use it, and how we protect it. We follow a minimal data principle and never sell user data.
1What We Collect
| Data Type | How Collected | Purpose |
| Email address (optional) | Voluntarily entered on the payment page | Send activation code backup email |
| Payment reference number | Alipay / WeChat Pay callback | Order verification & refund processing |
| Activation code | System-generated | Subscription status verification |
| Fast Analyze request log | When extension calls Fast Analyze (creator handle/URL + timestamp) | Usage quota enforcement & abuse prevention; deleted after 90 days |
| Password hash and salt | Created after email-code verification during first-time setup or password reset | Authenticates the account; the plaintext password is never stored |
| Session token | Generated on our server after successful login | Authenticates subscription status; stored locally in chrome.storage.local and on our server; invalidated on logout, password reset, or after 30 days |
| Anonymous device identifier | For guest searches, the extension creates a SHA-256 summary from limited browser and device environment characteristics, and the server issues a signed device cookie | Limits the guest allowance per device; raw characteristics are not sent to the server |
| Local extension data | When user operates on TikTok / Instagram / YouTube pages | Stored locally on your device only — we cannot access it |
We do not collect: your real name, ID number, bank card number, raw hardware serial numbers, general browsing history, or any personal information beyond the above.
2How the Chrome Extension Handles Data
The CreatorFinder AI extension runs locally in your browser. Below is a complete description of every data-touching behaviour:
- Content script injection: The extension injects a content script into TikTok, Instagram, and YouTube pages, as well as certain bio-link pages (e.g. linktr.ee, beacons.ai, carrd.co and similar). On these pages the script reads publicly visible page text and link elements to extract creator handles, bios, follower counts, and contact links. No data is sent to our servers during this step.
- Background tab — bio link email extraction: When a creator's profile contains an external bio-link (e.g. a link-in-bio page), the extension may open that URL in a hidden background browser tab to scan visible text for a contact email address. The tab is closed automatically within seconds. This behaviour is limited to a pre-approved allowlist of bio-link domains and never accesses arbitrary URLs.
- Scroll trigger on TikTok profiles: To load video-grid metrics (views, likes, etc.), the extension may programmatically scroll a TikTok profile page. No data is transmitted during this action.
- Local storage: All collected creator information (handles, emails, metrics) is stored in your browser's
chrome.storage.local and is never uploaded to our servers.
- Guest device verification: For guest searches, the extension converts limited browser and device environment characteristics into an irreversible SHA-256 summary locally. The server also issues a signed, HTTP-only device cookie. These identifiers prevent reinstalling the extension from resetting the guest allowance; raw characteristics are not uploaded.
- Subscription authentication: You normally log in with your email and password. First-time password setup and password resets require a one-time code sent to your email. Passwords are processed with scrypt and a random salt; only the resulting hash and salt are stored. After login, a session token is stored in
chrome.storage.local and on our server. Sessions expire after 30 days, logout, or password reset.
- Fast Analyze: When triggered, the extension sends the creator's profile URL or handle and a timestamp to our server for enriched data parsing. Results are returned immediately; we do not persistently store creator profile content beyond the request log (deleted after 90 days).
- AI analysis: Gemini and DeepSeek are provided through CreatorFinder's backend. The extension does not ask you to store OpenAI or Claude API keys.
- Apify enrichment (optional): Apify requests are made by CreatorFinder's backend using a server-managed token. The extension does not ask you to store an Apify API token.
- Data export: CSV / Excel exports are generated locally and downloaded directly to your device, never passing through our servers.
3Data Sharing
We do not sell, rent, or share your personal data with any third parties, except:
- Payment processing: Alipay and WeChat Pay receive necessary payment information during transactions, subject to their respective privacy policies
- Legal requirements: We may disclose necessary information to law enforcement when explicitly required by applicable law
4Data Storage & Security
- Server data is stored on cloud servers in mainland China, transmitted via HTTPS encryption
- Passwords are protected with scrypt and a unique random salt; plaintext passwords are never stored
- Email verification codes are stored as keyed hashes, never in plaintext
- Payment reference numbers are used only for order verification — full payment account numbers are never stored
- Fast Analyze request logs (creator URL/handle + timestamp) are automatically deleted after 90 days
5Cookies & Tracking
This payment website does not use cookies for tracking, third-party ad tracking, or user behaviour analytics. No Google Analytics, Facebook Pixel, or similar tracking code is integrated.
6Your Rights
You may exercise the following rights at any time by email:
- Access: Ask what data we hold associated with your email
- Deletion: Request deletion of your email and order records (does not affect activation code validity)
- Correction: Correct identifiable information such as your email address
Email: support@creatorfinder-sub.com — we will respond within 7 business days.
7Minors
This Service is not intended for users under 18. If you are a minor, please use it with a guardian or have a guardian make the purchase on your behalf.
8Governing Law
This Privacy Policy is governed by the laws of the People's Republic of China. For users located in the European Economic Area or the United Kingdom, we additionally commit to handling personal data in accordance with the principles of the General Data Protection Regulation (GDPR). For users located in California, we additionally comply with the California Consumer Privacy Act (CCPA).
9Policy Updates
This Privacy Policy may be updated as the service evolves. Major changes will be noted at the top of this page with an updated date and communicated to subscribers via in-extension notification or email.