Privacy Policy

1. Data Controller Information

CreativeBuzz ("we", "us", or "our") is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your data in an open and transparent manner.

• Company: CreativeBuzz
• Registered in: England and Wales
• Data Protection Contact: hello@creativebuzz.co

2. Data We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, and password when you create an account
• Profile Information: Any additional information you add to your profile
• Content Data: Briefs, Brand Voice Profiles, and other inputs you submit to generate content
• Generated Content: Creative Kits and other outputs generated through the Service
• Payment Information: Billing details processed securely through Stripe (we do not store full payment card details)
• Communications: Messages, feedback, and correspondence you send to us

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain technical information:

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies and Similar Technologies: As described in our Cookie section below

2.3 Information from Third Parties

We may receive information about you from third parties:

• Payment Processors: Transaction confirmations and fraud prevention data from Stripe
• Analytics Providers: Aggregated usage insights

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

3.1 Contract Performance (Article 6(1)(b))

Processing necessary to provide the Service you have requested, including:

• Creating and managing your account
• Processing your content generation requests
• Handling subscription billing and payments
• Providing customer support

3.2 Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests, provided these are not overridden by your rights:

• Improving and developing our Service
• Analysing usage patterns and trends
• Preventing fraud and ensuring security
• Marketing our services to existing customers

3.3 Consent (Article 6(1)(a))

Where we rely on your consent:

• Sending marketing communications (where not covered by legitimate interests)
• Using certain non-essential cookies
• Processing special categories of data (if applicable)

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.4 Legal Obligation (Article 6(1)(c))

Processing necessary to comply with legal obligations:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Complying with court orders

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Processing content generation requests and delivering Creative Kits
• Storing and managing your content, templates, and Brand Voice Profiles
• Processing payments and managing subscriptions
• Providing technical support and customer service

4.2 Service Improvement

• Analysing usage patterns to improve features and user experience
• Training and improving our AI models (using anonymised and aggregated data only)
• Conducting research and development
• Testing new features and functionality

4.3 Communications

• Sending service-related notifications (account updates, security alerts)
• Responding to your enquiries and support requests
• Sending marketing communications (with your consent or under legitimate interests)
• Providing important updates about our Terms or Privacy Policy

4.4 Security and Compliance

• Detecting and preventing fraud, abuse, and security incidents
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting our rights and the rights of our users

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data in the following circumstances:

5.1 Service Providers

We engage trusted third-party companies to perform services on our behalf:

• Stripe: Payment processing (USA, EU Standard Contractual Clauses in place)
• OpenAI: AI content generation (USA, Data Processing Agreement in place)
• Cloud Hosting: Server infrastructure and data storage
• Email Services: Transactional and marketing email delivery
• Analytics: Usage analysis and performance monitoring

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose your data when required by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Requests from law enforcement or government authorities
• Protection of our legal rights or defence against claims
• Prevention of fraud, security threats, or illegal activities

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate data protection (as determined by the UK Government)
• Standard Contractual Clauses: UK-approved international data transfer agreements
• Supplementary Measures: Additional technical and organisational safeguards where necessary

You may request information about international transfers and safeguards by contacting us.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Generated Content: Retained until you delete it or close your account
• Billing Records: Retained for 7 years as required by UK tax law
• Usage Logs: Retained for 12 months for security and analysis purposes
• Marketing Preferences: Retained until you unsubscribe or withdraw consent
• Support Communications: Retained for 3 years for quality and training purposes

After retention periods expire, data is securely deleted or anonymised.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you and information about how we process it.

8.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data or completion of incomplete data.

8.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes collected.

8.4 Right to Restrict Processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of data.

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests, including profiling, and to direct marketing.

8.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our content generation does not make such decisions.

8.8 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@creativebuzz.io. We will respond within one month of receiving your request. This period may be extended by two months for complex requests, in which case we will inform you.

We may request identity verification before processing your request. There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide functionality, remember your preferences, and understand how you use our Service.

9.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, load balancing). Cannot be disabled.
• Functional Cookies: Remember your preferences and settings (language, theme).
• Analytics Cookies: Help us understand how visitors use our Service (page views, navigation patterns).
• Marketing Cookies: Track advertising effectiveness and enable targeted advertising.

9.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Service. You can also manage cookie preferences through our cookie consent banner.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access with principle of least privilege
• Authentication: Secure password hashing, optional two-factor authentication
• Monitoring: Security logging, intrusion detection, and regular audits
• Infrastructure: Secure cloud hosting with regular security updates
• Staff Training: Regular data protection and security awareness training

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to the address associated with your account
• Updating the "Last updated" date at the top of this policy

We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@creativebuzz.io. We will try to resolve your concern.

You also have the right to lodge a complaint with the UK supervisory authority:

• Information Commissioner's Office (ICO)
• Website: https://ico.org.uk
• Helpline: 0303 123 1113

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: hello@creativebuzz.co
• Data Protection Enquiries: hello@creativebuzz.co