Privacy Policy for Creads
Last updated: March 26, 2026
1. Data Controller
Creads ("we", "us", "our") is the data controller responsible for your personal data. Creads is operated from Italy. For any data protection inquiries, please contact us at privacy@creads.studio.
2. Data We Collect
2.1 Personal Data
- Account information: name, email address, profile picture (provided via Google OAuth or magic link sign-in).
- Payment information: processed and stored by Stripe. We store only your Stripe customer ID, not card details.
- Content you create: brand URLs, generated scripts, images, videos, and project configurations.
2.2 Non-Personal Data
- Usage analytics: page views, feature usage, and error reports (collected by PostHog only with your consent).
- Device information: browser type, operating system, IP address (anonymized when possible).
3. Legal Basis for Processing
We process your personal data under the following legal bases as defined by the GDPR:
- Contract performance (Art. 6(1)(b)): to provide our services, process payments, and manage your account.
- Legitimate interest (Art. 6(1)(f)): to improve our services, prevent fraud, and ensure platform security.
- Consent (Art. 6(1)(a)): for analytics and non-essential cookies. You can withdraw consent at any time via the cookie settings in our footer.
4. How We Use Your Data
- Providing and maintaining the Creads platform (generating ads, managing projects).
- Processing payments and managing subscriptions.
- Sending transactional emails (sign-in links, payment receipts).
- Analyzing usage patterns to improve the product (only with consent).
- Providing customer support.
5. Cookies & Tracking
We use a cookie consent banner to give you control over tracking. By default, only strictly necessary cookies are set (authentication session). Analytics cookies (PostHog) are only activated when you click "Accept all". You can change your preference at any time by clicking "Cookie Settings" in the footer.
- Necessary cookies: authentication session, CSRF protection.
- Analytics cookies (consent required): PostHog for usage analytics and error tracking.
6. Third-Party Data Processors
We share data with the following processors to provide our services:
| Service | Purpose | Data shared |
|---|---|---|
| Google AI (Gemini) | Brand analysis, script generation | Scraped website content, prompts |
| fal.ai | Image & video generation | Prompts, reference images |
| ElevenLabs | Voice synthesis | Script text |
| Firecrawl | Website scraping | Brand URLs |
| PostHog | Analytics (with consent) | Usage events, anonymized device info |
| Stripe | Payment processing | Email, payment details |
| Resend | Transactional emails & magic links | Email address |
| AWS (S3) | File storage | Generated images, videos, brand assets |
| Canny | Feedback collection | Name, email, user ID |
| Google OAuth | Authentication | Name, email, profile picture |
7. International Data Transfers
Some of our third-party processors are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.
8. Data Retention
- Account data: retained for the lifetime of your account. Deleted when you delete your account.
- Projects and generated content: retained until you delete the project or your account.
- Payment records: retained as required by applicable tax and accounting regulations (typically 7-10 years).
- Analytics data: automatically anonymized or deleted after 12 months.
- Server logs: retained for up to 90 days for security and debugging purposes.
9. Your Rights Under the GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): request deletion of your personal data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interest.
- Right to restrict processing: request that we limit processing of your data.
- Right to withdraw consent: withdraw consent for analytics at any time via Cookie Settings.
10. How to Exercise Your Rights
You can exercise your rights in the following ways:
- Delete your account: use the "Delete account" option in your account menu. This permanently removes all your data, including brands, projects, generated content, and payment history.
- Manage cookies: click "Cookie Settings" in the footer to change your analytics preferences.
- Email us: for access, rectification, portability, or any other request, email privacy@creads.studio. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Italy, this is the Garante per la protezione dei dati personali.
11. Children's Privacy
Creads is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@creads.studio and we will promptly delete it.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of Creads after any changes constitutes acceptance of the updated policy.
13. Contact Information
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
- Email: privacy@creads.studio
- Website: creads.studio