CreativeOS

Privacy Policy

Last updated: December 20, 2025

1. Introduction

CreativeOS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our creative intelligence platform and related services (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password (encrypted), and company/organization name when you register.
  • Workspace Data: Creative assets, taxonomy configurations, naming templates, and other content you upload or create.
  • Payment Information: Billing details processed securely through our payment processor (we do not store full payment card numbers).
  • Communications: Feedback, bug reports, feature requests, and support inquiries you submit.

2.2 Information from Third-Party Integrations

When you connect third-party services, we collect data necessary to provide our Service:

  • Meta (Facebook) Ads: Ad account information, campaign data, ad creative metadata, and performance metrics (spend, impressions, clicks, conversions).
  • Shopify: Store name, order counts, revenue data, and customer metrics (aggregated, not individual customer data).

We only access data you explicitly authorize through OAuth. We do not access personal messages, posts, or data unrelated to advertising performance.

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, and interactions with the Service.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP address, access times, and referring URLs.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Analyze advertising performance and generate insights
  • Send administrative notifications and updates
  • Respond to support requests and feedback
  • Detect, prevent, and address security or technical issues
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service Providers: Third parties who perform services on our behalf (hosting, analytics, payment processing).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • Legal Requirements: When required by law or to protect our rights and safety.
  • With Your Consent: When you explicitly authorize sharing.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing (bcrypt)
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Encrypted storage of third-party access tokens

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your data at any time (see Section 8). After account deletion, we may retain certain data as required by law or for legitimate business purposes (e.g., fraud prevention) for up to 90 days.

7. Third-Party Integrations

Our Service integrates with third-party platforms (Meta, Shopify). These integrations are governed by their respective privacy policies:

You can disconnect these integrations at any time through your workspace settings.

8. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of data we hold about you
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Revoke Consent: Disconnect third-party integrations

To exercise these rights, contact us at privacy@creativeos.io or use our data deletion request page.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@creativeos.io