Privacy Policy

1. Introduction

Welcome to CreatorBlade ("we," "our," "us," or "the Company"). We operate the website creatorblade.com (the "Site") and provide creator tools and related services (collectively, the "Service"). We are committed to protecting your privacy and personal information in compliance with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws worldwide.

This Privacy Policy explains what information we collect, how we use and share it, your rights regarding your data, and how to contact us. By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

Data Controller: CreatorBlade is the data controller responsible for your personal data. For all privacy inquiries, contact us at support@creatorblade.com.

2. Legal Bases for Processing (GDPR)

We process your personal data only when we have a lawful basis to do so under the GDPR:

• Consent (Art. 6(1)(a)): When you opt in to marketing communications, cookie tracking, or newsletter subscriptions.
• Contractual Necessity (Art. 6(1)(b)): To provide the Service you requested — including account creation, subscription management, credit purchases, and tool access.
• Legitimate Interests (Art. 6(1)(f)): For fraud prevention, security, analytics, and service improvement, where our interests do not override your fundamental rights.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, tax requirements, and legal obligations.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Create an account: Name, email address, profile picture (via OAuth providers such as Google)
• Purchase a subscription or credits: Payment information is processed directly by our payment processor (Stripe) — we do NOT store your full credit card number, CVV, or banking details on our servers
• Use AI-powered tools: Text prompts, keywords, and content inputs you submit for AI processing
• Contact us: Name, email, subject, and message content via our contact form
• Subscribe to newsletters: Email address
• Connect third-party accounts: YouTube channel data accessed via the YouTube Data API (see Section 3.4)

3.2 Information Collected Automatically

When you access our Service, we automatically collect:

• Device Information: Browser type and version, operating system, device type, screen resolution
• Network Information: IP address, approximate geographic location (city/country level)
• Usage Data: Pages visited, time spent on pages, click patterns, features used, tools accessed, credit consumption history
• Referral Data: Referring website URL, search terms used to find our Site
• Performance Data: Page load times, errors encountered, crash reports

3.3 Cookies and Tracking Technologies

We use the following types of cookies:

• Strictly Necessary Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional Cookies: Remember your preferences (theme, language). You can disable these in your browser settings.
• Analytics Cookies: Help us understand usage patterns (e.g., Google Analytics). Processed with your consent.
• Advertising Cookies: Used by Google AdSense and other ad networks to serve relevant ads. Processed with your consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect functionality.

3.4 YouTube API Data

If you connect your YouTube channel, we access data through the YouTube Data API v3 subject to YouTube's Terms of Service and Google's Privacy Policy. We may access:

• Public channel statistics (subscriber count, video count, total views)
• Public video metadata (titles, descriptions, tags, view counts)
• Channel analytics data (if authorized by you)

You can revoke our access at any time via Google Security Settings.

4. How We Use Your Information

We use your information for:

• Service Delivery: To operate, maintain, and provide our tools, calculators, and AI features
• Account Management: To create and manage your account, process subscriptions, and track credit usage
• Payment Processing: To process purchases, issue refunds, and manage billing through third-party payment processors
• AI Processing: To process your inputs through AI models (OpenAI, etc.) to generate content — your prompts may be sent to third-party AI providers
• Customer Support: To respond to inquiries, troubleshoot issues, and provide assistance
• Communications: To send transactional emails (account confirmations, password resets, purchase receipts) and, with your consent, marketing emails
• Analytics: To analyze usage patterns, improve our tools, and develop new features
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

5. AI Data Processing

• We do not use your AI inputs to train our own models
• AI-generated outputs are not stored permanently unless you explicitly save them to your account
• We do not guarantee that third-party AI providers will not use anonymized data for model improvement — please review their respective privacy policies
• Do NOT submit sensitive personal information, trade secrets, or confidential data to our AI tools

6. Advertising and Third-Party Services

We use third-party advertising services, including Google AdSense, to display advertisements on our website. These services may use cookies and similar technologies to collect information about your visits to this and other websites to provide relevant advertisements.

Google AdSense: Google uses cookies to serve ads based on your prior visits. You can opt out of personalized advertising by visiting Google Ads Settings.

Other Third-Party Services We Use:

• Stripe: Payment processing — see Stripe Privacy Policy
• Google Analytics: Website analytics — see Google Privacy Policy
• OpenAI: AI content generation — see OpenAI Privacy Policy
• Supabase: Database hosting — see Supabase Privacy Policy
• Vercel: Website hosting — see Vercel Privacy Policy

7. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information to third parties. We may share your information only in the following limited situations:

• Service Providers: Third-party vendors who perform services on our behalf (payment processing, hosting, analytics, AI processing, email delivery) under contractual data protection obligations
• Legal Requirements: When required by law, subpoena, court order, or governmental request, or when necessary to protect our rights, safety, or property
• Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of all or substantially all of our assets — you will be notified via email or prominent notice
• With Your Consent: When you have given us explicit, informed consent
• Aggregated/De-identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our hosting providers and third-party services operate. These countries may have data protection laws different from your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or your explicit consent. By using our Service, you acknowledge these transfers.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active and for 30 days after deletion request to allow recovery
• Transaction Records: Retained for 7 years for tax and legal compliance purposes
• Contact Messages: Retained for 2 years, then automatically deleted
• Usage Analytics: Retained in aggregated, anonymized form indefinitely; identifiable data deleted after 26 months
• AI Tool Inputs/Outputs: Not stored permanently unless explicitly saved by you; temporary processing logs deleted within 30 days
• Marketing Consent Records: Retained for 3 years after last interaction or until you withdraw consent

10. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• TLS/SSL encryption for all data in transit
• Encryption at rest for sensitive stored data
• Bcrypt hashing for passwords (never stored in plain text)
• Rate limiting and IP-based abuse prevention
• Regular security audits and vulnerability assessments
• Access controls — only authorized personnel access personal data

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay (within 72 hours of becoming aware) as required by the GDPR. We will also notify the relevant supervisory authority. Notification will include the nature of the breach, data affected, likely consequences, and measures taken to address the breach.

12. Your Rights

12.1 Rights Under GDPR (EU/EEA/UK Residents)

Under the GDPR, you have the right to:

• Access (Art. 15): Request a copy of all personal data we hold about you
• Rectification (Art. 16): Request correction of inaccurate or incomplete data
• Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Restriction (Art. 18): Request restriction of processing in certain circumstances
• Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing
• Lodge a Complaint: File a complaint with your local supervisory authority

12.2 Rights Under CCPA/CPRA (California Residents)

Under the CCPA/CPRA, California residents have the right to:

• Know: What personal information we collect, use, and disclose
• Delete: Request deletion of your personal information
• Opt-Out of Sale: We do NOT sell your personal information
• Non-Discrimination: Exercise your rights without discriminatory treatment
• Correct: Request correction of inaccurate personal information
• Limit Use of Sensitive Data: Limit how we use sensitive personal information

To exercise any of these rights, email us at support@creatorblade.com with "Privacy Rights Request" in the subject line. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

13. Children's Privacy

Our Service is not directed to children under the age of 16 (or 13 in jurisdictions where the minimum age is lower under COPPA). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without verified parental consent, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@creatorblade.com.

14. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no uniform standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we respect your ability to manage cookies and tracking through your browser settings and the consent mechanisms we provide.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be indicated by an updated "Last updated" date at the top of this page. For material changes, we will provide notice through a prominent notice on our Service or by sending you an email. Your continued use of the Service after changes are posted constitutes acceptance of the revised Privacy Policy.

16. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us: