Privacy Policy

Information you provide directly:

• Account information: Name, email address, password, and profile details when you create an account.
• Billing information: Payment method details (processed and stored by our third-party payment processor, not stored on our servers).
• Content you create: Pitch decks, moodboards, contracts, invoices, timelines, review comments, and any other content you upload or create through the Service.
• Communications: Messages you send to us via email, support channels, or in-app feedback.
• Job applications: Name, email, portfolio URL, and cover letter when applying through our careers page.

Information collected automatically:

• Usage data: Pages visited, features used, click patterns, session duration, and interaction data.
• Device information: Browser type, operating system, device type, screen resolution, and language preferences.
• Log data: IP address, access timestamps, referring URLs, and error logs.
• Cookies and similar technologies: We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and analyze usage. See Section 7 for details.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send billing-related communications
• Authenticate your identity and secure your account
• Send transactional emails (e.g., password resets, contract signature notifications, review comments)
• Provide customer support and respond to inquiries
• Analyze usage patterns to improve the Service and develop new features
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use Your Content to train AI models.

When you use AI-powered features (deck generation, content assistance, storyboards), your input prompts are sent to third-party AI service providers for processing. These providers process your inputs solely to generate the requested output and are contractually prohibited from using your data for model training or any other purpose.

We do not store AI prompts or outputs beyond what is necessary to display results to you within the Service. AI-generated content you save becomes part of Your Content and is subject to the same protections.

We may share your information in the following limited circumstances:

• Service providers: We work with trusted third-party providers for hosting (Vercel, Supabase), email delivery (Resend), payment processing (Stripe), analytics, and AI processing. These providers access your data only to perform services on our behalf and are bound by confidentiality obligations.
• Collaboration and sharing: When you share content via client portals, review rooms, or share links, the recipients you designate will be able to view the shared content. You control what is shared and with whom.
• Contract and signature counterparties: When you send a contract for signature, the recipient will see the contract content, your name, and your email address as the sender.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your information is subject to a different privacy policy.

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with hashed passwords
• Row-level security policies on our database
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to user data
• Security headers (HSTS, X-Content-Type-Options, X-Frame-Options) on all pages

No system is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Your Content: Retained while your account is active. Deleted within 30 days of account deletion, unless you have exported it.
• Contract audit trails: Retained for 7 years after contract execution for legal compliance purposes, even after account deletion.
• Billing records: Retained as required by tax and financial regulations (typically 7 years).
• Usage analytics: Aggregated and anonymized analytics data may be retained indefinitely.

We use the following types of cookies and similar technologies:

• Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
• Functional cookies: Remember your preferences and settings (e.g., theme, language).
• Analytics cookies: Help us understand how you use the Service so we can improve it. We use privacy-respecting analytics tools.

We do not use advertising or cross-site tracking cookies. We do not participate in ad networks or sell data to advertisers.

You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Export: Export your data in a portable format (PDF, PPTX, CSV, JSON) at any time through the Service.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing of your data for certain purposes.
• Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@creatify.app. We will respond within 30 days.

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you have signed up for.
• Legitimate interest: Processing necessary for our legitimate business interests (e.g., security, analytics, service improvement), balanced against your rights.
• Consent: Where you have given explicit consent (e.g., marketing communications).
• Legal obligation: Processing required to comply with applicable law.

Data transfers outside the EEA are conducted using Standard Contractual Clauses or other approved transfer mechanisms. You have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected.
• Right to delete: You may request deletion of your personal information.
• Right to opt-out: We do not sell personal information. If this ever changes, we will provide an opt-out mechanism.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To make a CCPA request, contact us at privacy@creatify.app.

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@creatify.app.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: