Privacy Policy

1. Introduction

CreatorPlex ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, profile picture (from OAuth providers)
• Content: Images, videos, GIFs, and other media files you upload
• Team Information: Team names, member emails, roles
• Overlay Settings: Names, descriptions, configurations

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent
• Activity Logs: Actions performed, timestamps, IP addresses
• Device Information: Browser type, operating system, device identifiers
• Cookies: Session cookies for authentication

2.3 OAuth Provider Information

When you sign in with Google, we receive basic profile information (name, email, profile picture) as permitted by the OAuth provider and your privacy settings with them.

3. How We Use Your Information

We use your information to:

• Provide the Service: Store and display your overlays, enable team collaboration
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Communicate: Send service updates, security alerts, and support messages
• Security: Detect and prevent fraud, abuse, and security incidents
• Compliance: Meet legal obligations and enforce our Terms

4. Data Storage and Security

4.1 Where We Store Data

• Database: Railway (PostgreSQL, encrypted at rest)
• File Storage: Cloudinary (SOC 2 certified, encrypted)
• Hosting: Vercel (ISO 27001 certified)
• Location: United States data centers

4.2 Security Measures

• Encryption in transit (HTTPS/TLS)
• Encryption at rest (database and file storage)
• Secure authentication (OAuth 2.0)
• Activity logging and monitoring
• Regular security audits

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We never sell your personal information or uploaded content to third parties.

5.2 Service Providers

We share data with trusted service providers who help us operate the Service:

• Cloudinary: File storage and CDN
• Railway: Database hosting
• Vercel: Application hosting
• Google: OAuth authentication (when you choose to use it)

5.3 Team Members

When you share overlays with a team, team members can access that content. You control team membership and access.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights and safety.

6. Your Rights and Choices

6.1 Access and Export

You can access and export your data at any time through your account settings.

6.2 Deletion

You can delete your overlays, team data, or entire account at any time. Upon account deletion, we will remove your personal data within 30 days, except where we must retain it for legal compliance.

6.3 Marketing

We may send you service-related emails. You can opt out of marketing emails but will still receive essential service notifications.

6.4 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

7. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Keep you signed in (essential cookies)
• Preferences: Remember your settings
• Analytics: Understand how the Service is used (aggregated, anonymous)

You can control cookies through your browser settings, but some features may not work without essential cookies.

8. Data Retention

• Account Data: Retained while your account is active
• Uploaded Content: Retained until you delete it
• Activity Logs: Retained based on your subscription tier (30 days to unlimited)
• Deleted Data: Permanently removed within 30 days of deletion request

9. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it promptly.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

11. Third-Party Links

The Service may contain links to third-party websites (e.g., OAuth providers). We are not responsible for the privacy practices of these third parties. Please review their privacy policies.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when this policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

• Email: privacy@creatorplex.io
• Address: [Your Business Address]