Privacy Policy

At CreativAI, we are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, process, and safeguard your information when you interact with our platform, services, and applications. Our dedicated Data Protection Team ensures full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws worldwide.

CreativAI serves as the data controller for personal data collected through our services. Our Data Protection Officer (DPO) and specialized privacy team monitor all data processing activities to ensure compliance with international privacy standards. You can contact our Data Protection Team at privacy@creativai.com for any privacy-related inquiries or to exercise your data protection rights.

We process your personal data based on the following legal grounds under GDPR: (1) Contractual necessity for service provision, (2) Legitimate interests in improving our services and preventing fraud, (3) Legal compliance with applicable regulations, and (4) Your explicit consent for specific processing activities. You may withdraw consent at any time where processing is based on consent.

• Service delivery and account management
• Platform security and fraud prevention
• Customer support and technical assistance
• Service improvement and feature development
• Legal compliance and regulatory reporting
• Marketing communications (with your consent)

We do not sell your personal data. We may share data with trusted service providers who assist in delivering our services, including cloud hosting providers, payment processors, and analytics services. All third-party processors are bound by strict data processing agreements and must comply with applicable privacy laws. We may also disclose data when required by law or to protect our legitimate interests.

We implement industry-standard security measures including end-to-end encryption, secure data transmission (TLS 1.3), access controls, regular security audits, and employee privacy training. Our infrastructure follows ISO 27001 security standards and undergoes regular penetration testing. We maintain incident response procedures and will notify relevant authorities and affected individuals of any data breaches as required by law.

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Account data is retained while your account is active and for up to 2 years after account deletion. Usage data is typically retained for 3 years for analytics purposes. You can request earlier deletion of your data subject to legal and operational requirements.

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Complaint: Lodge complaints with supervisory authorities

We use essential cookies for platform functionality, analytics cookies to understand usage patterns, and preference cookies to remember your settings. You can manage cookie preferences through your browser settings. Some features may not function properly if you disable certain cookies. We do not use cookies for cross-site tracking or advertising purposes.

Your data may be processed in countries outside your residence, including the United States and European Union. We ensure adequate protection through Standard Contractual Clauses, adequacy decisions, or other approved transfer mechanisms. All international transfers comply with applicable data protection laws.