Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect information provided by your authentication provider (Google or GitHub), including your name, email address, and profile information. We do not collect or store your authentication provider passwords.

Usage Data

We automatically collect certain information when you use our Services, including your IP address, browser type, operating system, referring URLs, pages visited, and timestamps of interactions. This helps us understand how our Services are used and improve the experience.

Content You Provide

When you use our AI development platform, we process the prompts, tasks, code, and other content you submit to the Services ("User Content"). This processing is necessary to provide the Services to you.

Billing Information

Payment processing is handled by Stripe. We do not directly collect or store your credit card numbers or bank account details. We receive limited billing information from Stripe, such as the last four digits of your card, card brand, and billing address.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Services
• Process your transactions and manage your account
• Improve, personalize, and expand our Services
• Communicate with you about updates, security alerts, and support matters
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and abuse
• Comply with legal obligations

3. AI and Your Data

When you use our AI development features, your prompts and tasks are sent to third-party AI model providers (via OpenRouter) to generate responses. These providers process your inputs in real-time and are contractually prohibited from using your data for training purposes.

We may use aggregated, anonymized usage statistics (such as total request volume, average response times, and error rates) to improve platform performance. This aggregated data cannot be used to identify you or reconstruct your User Content.

4. Data Sharing and Third Parties

We share your information only with the following categories of third parties, and only as necessary to provide our Services:

We do not sell your personal information. We may disclose information if required by law, legal process, or to protect the rights, property, or safety of CR8U, our users, or the public.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Infrastructure hosted on AWS (US East region) with industry-standard security controls
• Regular security reviews and vulnerability assessments
• Access controls and authentication for all internal systems
• SOC 2 ready security practices

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide you with our Services. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

User Content (prompts, code, and tasks) processed through our AI features is not retained after the session ends, except for usage metadata (such as timestamps and token counts) which is retained for billing and analytics purposes.

Billing records are retained for the period required by applicable tax and accounting laws.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal information we hold about you
• Correction — Request correction of inaccurate or incomplete information
• Deletion — Request deletion of your personal information and account
• Export — Request a portable copy of your data in a machine-readable format
• Opt-out — Opt out of non-essential communications at any time

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

8. Children's Privacy

Our Services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected].

9. Cookies and Tracking Technologies

When you first visit our site, a cookie consent banner allows you to accept or decline optional cookies. You can change your preferences at any time. We categorize cookies as follows:

Necessary Cookies (Always Active)

These cookies are essential for the site to function and cannot be disabled. They include authentication session cookies (AWS Cognito), bot detection cookies (Cloudflare __cf_bm), and cookie consent preferences stored in your browser.

Analytics Cookies (Optional)

If you consent, we use Google Tag Manager and Google Analytics to understand how visitors interact with our site. These services may set cookies to collect anonymized usage data such as pages visited, session duration, and referral source. You can decline analytics cookies without affecting site functionality.

Marketing Cookies (Optional)

If you consent, marketing cookies may be used for conversion tracking and to measure the effectiveness of our communications. You can decline marketing cookies without affecting site functionality.

The following third-party services may set cookies or process network data when you use our Services:

10. International Data Transfers and GDPR

Our Services are hosted in the United States (AWS US East region). If you access our Services from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your information will be transferred to, stored, and processed in the United States.

Legal Basis for Processing (GDPR Article 6)

• Contract performance — Processing necessary to provide the Services you requested
• Legitimate interests — Security, fraud prevention, and service improvement
• Consent — Where specifically requested for optional features
• Legal obligation — Tax, accounting, and regulatory compliance

Additional Rights for EEA/UK Residents

In addition to the rights listed in Section 7, residents of the EEA and UK have the following rights under GDPR:

• Right to restrict processing of your personal data
• Right to object to processing based on legitimate interests
• Right to data portability in a machine-readable format
• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection supervisory authority

Data Processors

Your data may be processed by the following sub-processors, all of which are bound by data processing agreements: Amazon Web Services (infrastructure, US), Supabase (database, US), Stripe (payments, US), OpenRouter (AI inference), Cloudflare (CDN and security, global), and Google (analytics, with consent). To exercise your rights, contact [email protected]. We will respond within 30 days as required by GDPR Article 12.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: