Privacy Policy

We collect information you provide directly, information generated through your use of the Platform, and data retrieved from third-party platforms you authorize — including Meta (Facebook & Instagram) and TikTok.

We use the information we collect solely to operate, improve, and support the JewelTag CRM platform. Specifically, we use your data to:

• Operate the Platform and provide all requested features, including social media publishing, CRM management, and inventory tracking.
• Publish content to your connected Facebook, Instagram, and TikTok accounts strictly at your instruction.
• Retrieve social media performance analytics (impressions, reach, engagement) to populate your dashboard.
• Send automated birthday and marketing notifications to your customers as configured by you within the Platform.
• Generate business intelligence reports, sales analytics, and staff performance summaries.
• Send transactional communications such as receipts, invoices, and account security alerts.
• Provide customer support and respond to your inquiries and requests.
• Detect fraud, prevent unauthorized access, and protect the security of the Platform.
• Comply with legal obligations and enforce our Terms of Service.

We do not use your data for advertising, profiling, or any purpose unrelated to providing the JewelTag CRM service to you.

JewelTag CRM integrates with third-party social media platforms to allow you to publish content and view performance analytics directly from your CRM dashboard. The following principles govern all social media data handling:

• Authorization-only access: We only access your social media accounts with your explicit authorization via OAuth. You can revoke access at any time.
• Token storage: Access tokens issued by Meta and TikTok are encrypted at rest (AES-256) and in transit (TLS 1.3). They are stored per-tenant and never shared between accounts.
• Minimal scope: We request only the permissions necessary to perform the actions you have authorized — publishing content and reading analytics. We do not request access to your direct messages, followers lists, or personal profile data beyond what is required.
• No resale: Social media data retrieved on your behalf is used exclusively to power your dashboard. We do not aggregate, sell, or share this data with any third party.
• Disconnection: When you disconnect a social media account, all associated access tokens are immediately and permanently deleted from our systems.

Connected platforms:   Facebook  Instagram  TikTok

When you connect your Facebook Page or Instagram Business account to JewelTag CRM, we access your account via the Meta Graph API under the following permissions:

• pages_manage_posts / instagram_content_publish: To publish photos, videos, and text posts to your Facebook Page and Instagram Business account at your direction.
• pages_read_engagement / instagram_manage_insights: To retrieve post performance metrics (likes, comments, reach, impressions) for display in your analytics dashboard.
• pages_show_list / instagram_basic: To identify and confirm which Facebook Pages and Instagram accounts are connected to your CRM.

Data retrieved via Meta APIs is stored only as long as needed to display analytics within your dashboard. Raw API responses are not retained beyond 90 days. You may request deletion of all Meta-sourced data at any time by contacting info@jeweltag.us.

When you connect your TikTok account to JewelTag CRM, we access your account via the TikTok Content Posting API under the following scopes:

• user.info.basic: We retrieve your TikTok open_id, display name, and profile avatar solely to confirm and display the connected account within your dashboard. We do not access your followers, following list, or any private profile information.
• video.publish: We use this scope to upload and publish videos to your TikTok profile on your behalf, strictly when you initiate a post from the JewelTag CRM Social Media Studio.

We collect and store only the minimum TikTok data necessary to provide the posting feature:

• Your TikTok open_id (a platform-generated identifier) and display name are stored to identify your connection.
• Your TikTok access token and refresh token are encrypted and stored securely per your tenant account.
• We do not store the content of videos after they have been successfully published to TikTok.
• We do not access your TikTok inbox, comments, followers, or any data beyond the scopes listed above.

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• Service Providers: Trusted infrastructure partners including cloud hosting (AWS), payment processors (Stripe), email delivery (AWS SES), and SMS (AWS SNS). These partners are contractually bound to protect your data and may only use it to provide services to JewelTag CRM.
• Third-Party Platforms (Meta & TikTok): When you publish content, we transmit your content and access token to the respective platform API on your behalf. Their use of that data is governed by their own privacy policies.
• Legal Compliance: When required by law, court order, subpoena, or government authority, or to protect the rights, property, or safety of JewelTag CRM, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of company assets, with prior notice to affected users.
• With Your Explicit Consent: In any other circumstance where you have specifically authorized us to share your information.

We implement industry-standard technical and organizational safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction:

• Encryption at rest: All sensitive data, including OAuth tokens, credentials, and customer records, are encrypted using AES-256.
• Encryption in transit: All data transmitted between your browser and our servers is protected with TLS 1.3.
• Multi-tenant isolation: Your data is logically separated from other tenants using database-level isolation. No tenant can access another tenant's data.
• Access controls: Access to production systems is restricted to authorized personnel using multi-factor authentication and role-based access controls.
• Automated backups: Your data is backed up daily with 30-day encrypted retention.
• Security monitoring: We employ continuous monitoring, intrusion detection, and regular vulnerability assessments.

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how the Platform is used. We use the following categories:

• Essential Cookies: Required for authentication, session management, and core Platform functionality. These cannot be disabled.
• Preference Cookies: Remember your settings and customizations (e.g., dashboard layout, display language) to improve your experience.
• Analytics Cookies: Help us understand how users interact with the Platform so we can improve features and performance. You may opt out via your account settings.

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings at any time.

Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all users regardless of jurisdiction:

To exercise any of these rights, contact our Data Protection Officer at info@jeweltag.us. We will respond within 30 days. EU residents also have the right to lodge a complaint with their local supervisory authority.

We retain your data for as long as your account is active or as needed to provide the service. Specific retention periods:

• Account and CRM data: Retained for the duration of your subscription plus 30 days after cancellation, then permanently deleted.
• Social media access tokens (Meta & TikTok): Retained until you disconnect the account or cancel your subscription, at which point they are deleted immediately.
• Social media analytics data: Raw API response data retained for up to 90 days; aggregated dashboard metrics retained for up to 24 months.
• Transaction and billing records: Retained for 7 years as required by applicable financial regulations.
• Security and access logs: Retained for 12 months for fraud detection and security purposes.

You may request early deletion of your data at any time by contacting info@jeweltag.us, subject to any legal retention obligations.

JewelTag CRM is a business tool intended solely for use by adults aged 18 and over. We do not knowingly collect or solicit personal information from individuals under the age of 18. If you become aware that a minor has provided us with personal information, please contact us immediately at info@jeweltag.us and we will take prompt steps to delete such information.

If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a privacy concern, please contact us through any of the following channels: