creo·ai ← Back to app
Draft notice: This document is a starting point and has not yet been reviewed by legal counsel. The final version will be published before paid users sign up.

Privacy Policy

Last updated: 2026-04-11

1. What this policy covers

This policy describes what personal data creo·ai collects when you use the Service, how we use it, who we share it with, and the rights you have over it.

2. Data we collect

When you create an account and use the Service, we collect:

  • Account data: email address, password hash (managed by our auth provider, not stored in plaintext), and an internal user ID.
  • Usage data: the searches you run, the parameters you submit, the KOLs you save to your library and shortlist, and the templates you save.
  • Billing data: remaining credit balance and transaction history (top-ups and, in the future, payment metadata).
  • Technical data: IP address, browser user agent, and request timestamps. We use these for rate limiting, abuse prevention, and debugging.
  • Cost data: per-call records of usage tied to your account, used to bill you accurately.

We do not collect or store payment card numbers, bank account details, or government IDs.

3. KOL data

The Service helps you discover social media creators ("KOLs") by performing natural searches across publicly available platform data — the same hashtag pages, search results, and profile information any visitor can see without logging in. Information surfaced includes username, display name, public bio, follower counts, and aggregate engagement metrics drawn from each creator's recent public posts.

We do not access private messages, private accounts' followers, content from accounts set to private, or any data behind a login wall. We do not bypass any platform's access controls.

KOLs themselves are not customers of creo·ai. If you are a KOL and want your public profile information removed from our aggregated index, please contact us using the address below and we will remove it within 30 days.

4. How we use your data

  • To provide the Service: run your searches, store your library, calculate your balance.
  • To bill you accurately based on actual usage costs.
  • To enforce rate limits and detect abuse.
  • To send essential transactional emails (signup confirmation, password resets) — never marketing without your explicit consent.
  • To improve the Service through aggregated, de-identified analytics.

5. Service providers

To operate the Service we rely on a small set of service providers covering authentication, infrastructure, AI processing, email delivery and (when enabled) payments. We share with each provider only the minimum data needed to deliver their part of the Service, and each is bound by their own privacy practices. We will publish a detailed list of providers on request — contact us using the address below.

6. Cookies & storage

We use browser local storage to maintain your login session. We do not use third-party advertising or tracking cookies.

7. Data retention

We keep your account data for as long as your account is active. When you delete your account (via the "Delete my account" button on the Stats page), we permanently remove all your account data, search history, library, and credit balance from our database and from our authentication provider.

Anonymized aggregate analytics (e.g. "the Service ran N searches on date X") may be retained indefinitely as they cannot be linked back to you.

8. Your rights

Depending on your jurisdiction (GDPR for EU/UK users, CCPA for California users, PIPL for Chinese users, and similar laws elsewhere), you may have the right to:

  • Access the personal data we hold about you. (Your library and history are visible in the app; export buttons are available on the My KOLs page.)
  • Correct inaccurate data — contact us using the address below.
  • Delete your account and data — use the "Delete my account" button on the Stats page, or contact us.
  • Object to certain processing activities.
  • Withdraw consent for non-essential processing at any time.

[TODO: lawyer review — explicit GDPR/CCPA/PIPL language for compliance.]

9. Children

The Service is not intended for users under 18. We do not knowingly collect personal data from children.

10. International transfers

[TODO: lawyer review — describe where data is stored and the legal mechanism for cross-border transfers if applicable.]

11. Changes to this policy

We may update this policy from time to time. Material changes will be flagged in the app. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Privacy questions or data requests: [TODO: privacy contact email].