Privacy & Security
Last updated June 2026
We never see your platform passwords
Creator Atlas never asks for, requests, or stores the password to your YouTube, TikTok, Twitch, Instagram, Steam, Xbox, Epic Games, or any other connected platform account. There is no form anywhere in this product that collects a third-party password.
Account linking uses OAuth
When you connect a platform like YouTube, you are redirected to that platform’s own sign-in and consent screen. You authenticate directly with them, and they issue Creator Atlas a limited, scoped access token — the same OAuth 2.0 standard used by “Sign in with Google” and similar flows. We use the Authorization Code flow with PKCE where the platform supports it.
Tokens are encrypted and never exposed
Access and refresh tokens are encrypted at rest using AES-256-GCM before they are stored in our database, and are only ever decrypted in server-side code for the specific purpose of syncing your analytics. Tokens are never sent to your browser, never logged, and never included in any API response.
You can disconnect or revoke access anytime
From your dashboard, you can disconnect any connected account at any time. Disconnecting immediately revokes our stored tokens. You can also revoke Creator Atlas’s access directly from the third-party platform’s own security settings.
What we store
We store your account details, the profile information you choose to add, normalized analytics snapshots (e.g. subscriber and view counts) pulled from connected accounts, and an audit log of security-relevant actions (such as connecting or disconnecting an account). We do not store raw tokens in audit logs.
Creator visibility
Creators control whether their profile is visible to brands via a setting on their profile page. When visibility is off, brands cannot find or view that creator in discovery.