Gamdo Privacy Policy
Last updated: July 4, 2026
This Privacy Policy describes how EarthMera (“we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you use Gamdo (the “Service”), available at https://gamdo.my. Gamdo is an AI-powered card news generator and publishing tool that, upon your explicit per-post approval, publishes content to social media accounts you own and have connected (currently Instagram and TikTok). The Service also includes tools for managing comments on posts you published: a comment reply workbench and an optional keyword-based direct message auto-reply feature.
This policy applies only to data collected through Gamdo. Other EarthMera products are covered by their own privacy notices.
1. Information We Collect
Account data
- Email address
- Password, stored only as a bcrypt hash (we never store plaintext passwords)
- Optional display name and default brand preferences
Instagram integration data (only when you connect an Instagram account)
- Instagram user ID
- Instagram username (@handle)
- Instagram account type (Business or Creator)
- Long-lived OAuth access token
Instagram comment data (only when you use the comment reply workbench)
- Comments on posts you published: the comment text, the commenter’s @handle, and the comment timestamp, temporarily cached solely to power the comment reply workbench
- Replies you send through the workbench (reply text and time sent)
Cached comments are automatically deleted after 90 days, or immediately when you delete your account. Instagram remains the source of truth: deleting our cache does not delete the comment on Instagram. This feature requires the instagram_business_manage_comments permission.
TikTok integration data (only when you connect a TikTok account)
- TikTok account identifier (open_id)
- TikTok display name
- TikTok profile image URL
- OAuth access token
Service usage data
- Card news content you create (topic, slide text, AI-generated images, layout settings)
- Publishing history (post URLs, scheduled times, publishing status)
- Direct message automation rules you create (trigger keywords, the message template to send, and rule settings)
Automatically collected data
- Server logs (IP address, browser type, timestamps, and request information), used for security and incident response
Other than the cached comments described above, the Service does not collect Instagram or TikTok direct message contents, insights, follower lists, videos, or any data from social media accounts other than your own connected accounts. Incoming comment and message events that trigger an automation rule are processed in real time and are not stored. If an automation rule includes a follow condition, the Service checks in real time whether that specific user follows your account at that moment; the result is not stored, and we never collect or store follower lists. We do not collect sensitive personal information.
2. How We Use Information
- Email, hashed password: account authentication and identification.
- Instagram and TikTok OAuth tokens: publishing card news to your own connected account, executed only upon your individual approval of each post.
- Instagram username and account type; TikTok display name and profile image: displaying the connected account in the UI and confirming that publishing occurs only to the intended account.
- Card news content and publishing history: providing you access to your own creations and history.
- Cached comments: showing comments on your posts in the reply workbench and, only when you request it, drafting a suggested reply with AI.
- Direct message automation rules: sending the message you pre-wrote when a comment on your post matches the keywords you configured.
- Server logs: maintaining account security, detecting misuse, and protecting the reliability of the Service.
We do not use Instagram or TikTok data for advertising, profiling, or training AI models. We use it only to provide the features you request: publishing posts you approved, operating the comment reply workbench, and running the direct message automations you configure.
4. How We Protect Information
- All traffic between your browser, our servers, and third parties uses HTTPS.
- OAuth access tokens are encrypted at the application layer before being stored.
- Passwords are stored as bcrypt hashes.
- Database access is restricted to a least-privilege application user.
No method of transmission or storage is completely secure, but we work to protect your information with appropriate technical and organizational measures.
5. Data Retention
- Account data (email, hashed password, display name, brand preferences): retained for the duration of the active account; deleted within 30 days of account deletion.
- Social media OAuth tokens (Instagram, TikTok):retained while the connection is active and refreshed as needed; promptly revoked and deleted upon disconnection or account deletion. The platform may retain or recognize the token on its own systems until it expires or you deauthorize the Service in the platform’s settings.
- Social account identifier data (user IDs, usernames, account type, profile image URL): retained only while the connection is active; deleted or de-identified within 30 days after disconnection or account deletion, except where retention is required for security or legal compliance.
- Card news content and publishing history (including post URLs and scheduled posts): retained for the duration of the active account; deleted within 30 days of account deletion.
- Cached comments (comment reply workbench): retained for up to 90 days, then automatically deleted. Also deleted immediately upon account deletion.
- Direct message automation rules: retained for the duration of the active account; deleted upon account deletion, or immediately when you delete the rule.
- Server logs: retained for up to 90 days for security and incident response, then deleted.
6. Your Rights and Choices
- Access and correction:you can review and update your account information in the Service’s settings page, or contact us at support@earthmera.com to request access to, correction of, or deletion of your personal information. Depending on where you live, you may have additional rights under applicable data protection law, and we will honor them.
- Disconnecting a social account:remove the Instagram or TikTok integration at any time via the Service’s settings page. The Service promptly revokes and deletes the stored OAuth token. To also revoke access on the platform side, remove the Service from Instagram’s “Apps and websites” settings or TikTok’s “Security > Apps” settings.
- Account deletion:request deletion of your entire Gamdo account at any time via the Service’s settings page. Deletion is processed after a 72-hour grace period during which you may cancel by signing in. After the grace period, all associated user data is removed within 30 days, except where retention is required by law. If you cannot access your account, email support@earthmera.com.
For step-by-step data deletion procedures, see the Gamdo Data Deletion page.
7. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will delete it as quickly as reasonably practical.
8. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. We protect your information as described in this policy regardless of where it is processed.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the “Last updated” date at the top of this page. If we make material changes, we will notify you through the Service or by email.
10. Contact Us
If you have questions or comments about this policy, or wish to exercise your privacy rights, contact us at:
EarthMera
1010 Bedford Avenue #206
Brooklyn, NY 11205, United States
support@earthmera.com