Privacy Policy

Last updated: May 26, 2025

Introduction

Welcome to Kresta, a university project designed to demonstrate social media management capabilities. This Privacy Policy explains how we collect, use, and protect your information when you use our educational platform. As this is a university project, data handling practices are implemented for demonstration and learning purposes.

Information We Collect

Personal Information

  • Username and email address (for account creation)
  • Password (encrypted using bcrypt hashing)
  • Profile pictures (stored via Cloudinary)
  • Account creation date and activity timestamps

Social Media Data

  • Instagram account information (when you connect your account)
  • Facebook page data (for Instagram business account access)
  • Instagram posts, comments, and engagement metrics
  • Media content uploaded for social media publishing
  • Access tokens (encrypted and stored securely)

Usage Data

  • Session information and login activity
  • Workspace and task management data
  • Analytics and performance metrics
  • Notification preferences and history

How We Use Your Information

We use your information for the following educational and demonstration purposes:

  • Providing access to the Kresta platform features
  • Managing user accounts and authentication
  • Enabling social media content publishing and analytics
  • Facilitating workspace collaboration and task management
  • Demonstrating social media management capabilities
  • Generating educational insights and analytics

Third-Party Services

Kresta integrates with the following third-party services:

Instagram Basic Display API & Graph API

Used for accessing Instagram account data, publishing content, and retrieving analytics. Your Instagram access tokens are encrypted before storage.

Facebook Graph API

Used for OAuth authentication and accessing Instagram business accounts through Facebook pages. Data is handled according to Facebook's privacy standards.

Cloudinary

Used for secure media storage and management. Profile pictures and uploaded media files are stored on Cloudinary's secure servers.

MongoDB

Used as our primary database for storing user information, preferences, and application data in a secure, encrypted format.

Data Security

We implement several security measures to protect your data:

  • Password Security: All passwords are hashed using bcrypt encryption
  • Token Encryption: Social media access tokens are encrypted using AES encryption via Crypto-JS
  • Secure Sessions: User sessions are managed securely with MongoDB session storage
  • HTTPS: All data transmission is secured with HTTPS encryption
  • Access Control: Role-based access control for workspace and premium features
  • Data Validation: Input validation and sanitization to prevent security vulnerabilities

Your Rights

As a user of this educational platform, you have the following rights:

  • Access: View your personal data stored in your profile
  • Update: Modify your username, email, and profile information
  • Delete: Request account deletion (removes all associated data)
  • Disconnect: Unlink social media accounts at any time
  • Export: Download your data (feature available in profile settings)
  • Opt-out: Manage notification preferences

Data Retention

As this is a university project, data retention policies are designed for educational purposes:

  • User accounts and data are retained until manually deleted by the user
  • Session data expires after 1 hour of inactivity
  • Social media tokens are refreshed as needed for continued access
  • Uploaded media files are stored securely on Cloudinary
  • Analytics data is aggregated for demonstration purposes

Educational Purpose Disclaimer

Important Notice

Kresta is developed as a university project for educational and demonstration purposes. While we implement industry-standard security practices, this platform is not intended for commercial use. Users should be aware that this is an academic project and should use appropriate discretion when sharing sensitive information.

Cookie Policy

We use cookies and similar technologies for:

  • Session management and user authentication
  • Maintaining user preferences and settings
  • Ensuring platform functionality and security
  • Analytics and performance monitoring

Changes to This Policy

We may update this Privacy Policy as the project evolves. Any changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

Contact Information

For questions about this Privacy Policy or your data, please contact us through:

  • University project supervisor or instructor
  • Project documentation and repository
  • Platform feedback features

Technical Implementation

This platform is built using modern web technologies including Node.js, Express, MongoDB, and integrates with Instagram and Facebook APIs. All code is developed following security best practices appropriate for an educational project.