Privacy Policy

Effective Date: 24 May 2025

This Privacy Policy ("Policy") explains how Cila ("we," "us," or "our") collects, uses, stores, and discloses Personal Information when you access or use the Cila software-as-a-service platform ("Service"). By creating an account or otherwise using the Service, you confirm that you have read, understood, and agree to the practices set out below.

1. Scope of Service and eligibility

Cila is intended for professional use.

  • Instagram connections require a Business or Creator account
  • TikTok connections may be Personal or Business accounts

The Service is not directed to children under thirteen years of age. We do not knowingly collect data from children. If such data is discovered, we erase it without undue delay.

2. Information we collect

We collect only the Personal Information needed to provide and improve the Service.

  • Account details: Name, email address, and the Instagram or TikTok usernames you connect
  • Social-media content: Posts, videos, reels, captions, and related metadata that you expressly authorise us to access through the official Instagram and TikTok APIs
  • Usage data: Log files, feature interactions, counts of saved items, and other diagnostic information generated through your use of the Service
  • Storage preference: By default, content stays in your Cila dashboard. You may at any time export specific items or bulk selections to a destination you control such as Google Drive, Dropbox, or a direct download to your device using the buttons provided in the Service. No data is transferred to third-party storage unless you initiate the export.

3. Purposes and legal bases for processing

Performance of our agreement with you

  • Deliver and safeguard the Service
  • At your direction, save and display the content you authorise in your dashboard
  • When you export or download, move only the items you select to the destination you specify

Legitimate interests

  • Respond to support requests and send critical service communications
  • Review anonymised, aggregate usage data to keep the Service reliable, secure, and useful
  • Develop new features and future products that streamline business workflows, always using aggregated or de-identified information only

We do not sell Personal Information or permit its use for advertising by unrelated parties.

4. Data storage, retention, and deletion

All content and usage data are encrypted at rest and stored on Google Cloud servers located in the United States. Google Cloud maintains ISO 27001, SOC 1 Type II, and SOC 2 Type II certifications, and we control the encryption keys that protect your data.

We retain this data for up to ninety days from the date of collection unless you export it, request extended retention in writing, or ask for earlier deletion (see Section 7). After the retention period ends, the data are irreversibly deleted from active systems and, within a reasonable time, from backups.

5. Disclosure of Personal Information

We disclose Personal Information only to:

  • Service providers that process data on our behalf under written agreements imposing confidentiality and security obligations
  • Competent authorities when required by law or valid legal process
  • A successor entity in connection with a merger, acquisition, or sale of assets, subject to confidentiality safeguards
  • Third parties you expressly authorise

We may publish statistics that are aggregated and de-identified so they cannot reasonably be used to identify you.

6. International data transfers

Because our primary storage is in the United States, your Personal Information will be transferred to and processed in the United States, a jurisdiction that may have data-protection laws different from those in your region. We rely on Standard Contractual Clauses approved by the European Commission and comparable safeguards under other regimes to ensure an adequate level of protection consistent with this Policy and applicable law.

7. Your rights

Subject to applicable law, you have the right to access, correct, erase, or port your Personal Information, and to object to or restrict certain processing. You may exercise these rights by emailing yuka@cila.app. We respond within one calendar month unless a shorter period is required by law.

8. Security measures

We implement technical and organisational measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include HTTPS encryption in transit, encryption at rest, role-based access controls, multi-factor authentication, continuous monitoring, and periodic penetration testing. Although no online system is completely secure, we employ industry-standard safeguards and Google Cloud's advanced security framework to keep your data safe.

9. Changes to this Policy

We may amend this Policy from time to time. Material revisions are announced in the Service or by email at least seven days before they take effect, unless a shorter period is required to comply with law.

10. Contact

For any questions, requests, or concerns about this Policy or how we handle your Personal Information, please contact us:

Email: yuka@cila.app

Postal:
Parcel Locker 10317 00861
6 Walker Street
Rhodes NSW 2138
Australia