Privacy Policy

Last updated: February 17, 2026

This Privacy Policy describes how Creator.ai ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website, platform, and services (collectively, the "Service"). By accessing or using the Service, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and password when you create an account.
• Profile Information: Display name, profile photo, and preferences you choose to provide.
• Mission Data: Goals, objectives, context information, and any other content you submit to our AI analysis service ("Missions").
• Payment Information: Billing address and payment method details. Payment card numbers are processed directly by our payment processor (Stripe) and are never stored on our servers.
• Expert Information: If you apply as an Expert, we collect professional credentials, domain expertise, interview transcripts, frameworks, and calibration data.
• Communications: Messages you send to us, feedback, and support requests.
• Connected Services: If you connect third-party services (Google, Notion, etc.), we receive and store OAuth tokens necessary to perform authorized actions on your behalf.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, mission activity, timestamps, and interaction patterns.
• Device Information: Browser type, operating system, device type, screen resolution, and IP address.
• Cookies and Similar Technologies: We use cookies, local storage, and IndexedDB for authentication persistence, preferences, and analytics. See Section 7.
• Log Data: Server logs including IP addresses, access times, request details, and error logs.
• Metadata: We collect metadata about your interactions with the Service, such as the number of Missions created, agent configurations used, quality tiers selected, session durations, and feature usage patterns. This metadata is used to improve the Service and does not include the substantive content of your Missions.

1.3 Information from Third Parties

• Authentication Providers: When you sign in via Google or Apple, we receive your name, email, and profile photo from those providers.
• Payment Processor: Stripe shares transaction status and limited billing details necessary to manage your account.

2. How We Use Your Information

• To provide, maintain, and improve the Service, including AI-powered analysis and deliverables.
• To process your Missions through our AI agent system and deliver results.
• To build and maintain your persistent knowledge context across Missions (to improve future results).
• To process payments, manage credits, and handle subscriptions.
• To match Missions with qualified Experts and process Expert reviews.
• To send transactional communications (mission status, account changes, receipts).
• To send marketing communications (only with your opt-in consent; you may unsubscribe at any time).
• To detect, prevent, and address fraud, abuse, and security issues.
• To comply with legal obligations.
• To enforce our Terms of Service.

3. AI Processing and Your Data

Your Mission data is processed by third-party AI models (including but not limited to models from Anthropic, DeepSeek, and other providers) to generate analysis and deliverables. By using the Service:

• You acknowledge that your Mission content is sent to third-party AI providers for processing.
• We select AI providers that contractually commit not to use your data for model training. Creator.ai itself does not use your Mission content or deliverables to train AI models. If you wish to opt out of any anonymized, aggregated data usage for service improvement, contact privacy@creator.ai.
• AI-generated outputs are provided as informational analysis only and do not constitute professional advice (legal, financial, medical, or otherwise).
• We track token usage and costs per Mission for billing and transparency purposes.
• Your persistent knowledge context is stored in our database and used solely to improve your future Mission results.

4. How We Share Your Information

We do not sell your personal information. Your Mission content and deliverables are confidential and will not be shared with, or made accessible to, other customers. We share information only in these circumstances:

• AI Providers: Mission content is sent to AI model providers for processing. These providers are bound by data processing agreements.
• Experts: If an Expert reviews your Mission, they receive the AI analysis and deliverables (not your personal account information) to provide their review.
• Payment Processor: Stripe receives payment information necessary to process transactions.
• Cloud Infrastructure: We use Google Cloud Platform to host and operate the Service. Data is processed and stored on GCP infrastructure.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is subject to a different privacy policy.
• With Your Consent: We share information for any other purpose with your explicit consent.

5. Data Retention

• Account Data: Retained for as long as your account is active. You may request deletion at any time.
• Mission Data: Retained for as long as your account is active. Mission history contributes to your knowledge context.
• Knowledge Context: Your persistent knowledge graph is retained while your account is active and deleted upon account deletion.
• Payment Records: Retained for 7 years as required by tax and accounting regulations.
• Server Logs: Retained for up to 90 days for security and debugging purposes.
• Deleted Accounts: Upon account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) and at rest.
• Firebase Authentication with secure token management.
• Role-based access controls.
• Regular security reviews.
• API key management through secure admin infrastructure (not in source code).

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Cookies and Tracking

We use the following technologies:

• Essential Cookies/Storage: Required for authentication (Firebase Auth uses IndexedDB), session management, and security. Cannot be disabled.
• Functional Cookies: Remember your preferences (e.g., quality tier selection, display settings).
• Analytics: We may use analytics services to understand usage patterns. These can be opted out of.

We do not use third-party advertising trackers.

7.1 Do-Not-Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Since there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to them. However, we do not engage in cross-site tracking of our users, and we do not use third-party advertising trackers.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data and account.
• Portability: Request your data in a portable format.
• Objection: Object to processing of your personal data for certain purposes.
• Restriction: Request restriction of processing under certain circumstances.
• Withdraw Consent: Withdraw consent for marketing communications at any time.

To exercise these rights, contact us at privacy@creator.ai. We will respond within 30 days.

9. California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale of personal information (we do not sell personal information); and (d) not be discriminated against for exercising your rights. To make a request, contact privacy@creator.ai.

10. Other U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have additional rights, including:

• The right to confirm whether we are processing your personal data.
• The right to access, correct, and delete your personal data.
• The right to obtain a copy of your personal data in a portable format.
• The right to opt out of the processing of your personal data for targeted advertising (we do not engage in targeted advertising), the sale of personal data (we do not sell personal data), or profiling in furtherance of decisions that produce legal or similarly significant effects.
• The right to appeal a denial of a privacy request.

To exercise these rights, contact us at privacy@creator.ai. We will respond within the timeframe required by your state's applicable law. If we deny your request, you may appeal by contacting us at the same email address.

11. European Residents (GDPR)

If you are in the European Economic Area, our legal bases for processing are: (a) performance of our contract with you (providing the Service); (b) our legitimate interests (improving the Service, security); and (c) your consent (marketing communications). You have the rights described in Section 8 above. Our data processing for AI analysis is based on your explicit consent when you submit a Mission. You may contact our data protection contact at privacy@creator.ai.

12. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

13. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Creator.ai
Email: privacy@creator.ai