Privacy Policy

1. What Data We Collect

Account information

When you sign up: your name, email address, and password (hashed — we never see it in plain text). Authentication is handled by Supabase.

Social media connections

If you connect an Instagram, TikTok, or YouTube account, we receive the OAuth token and the profile data those platforms share with us (typically: username, follower count, and engagement metrics). We do not store your social media passwords.

Deal and brand data

Deal names, brand contacts, payment amounts, deliverables, deadlines, and status updates you enter into the platform. This is your business data and it belongs to you.

Payment information

We collect billing address and the last 4 digits of your card for display purposes. Full card details are processed and stored exclusively by Stripe — we never see or store your full card number.

Usage data

We use Plausible Analytics — a privacy-friendly, cookieless analytics tool. Plausible does not track individuals, does not use cookies, and is GDPR-compliant by design. We see aggregate page views and feature usage, not personal browsing histories.

2. How We Use Your Data

• To provide the service — authenticate your account, store your deals, display your analytics dashboard.
• AI features — when you use pitch generation or AI negotiation, your deal context and brand details are sent to Anthropic's API to generate suggestions. This data is processed per Anthropic's privacy policy.
• To improve the product — aggregated, anonymised usage patterns help us understand which features are valuable.
• Transactional email — account verification, password reset, billing receipts. We do not send marketing email without your explicit opt-in.

We do not sell your data. We do not share your data with advertisers.

3. Third-Party Services

CreatorSuites uses the following sub-processors:

4. Data Storage and Security

Your data is stored in Supabase's EU region (Frankfurt). Supabase uses encrypted storage at rest and in transit. Passwords are hashed using bcrypt — we cannot recover them. Stripe PCI-compliant infrastructure handles all card data.

We apply row-level security (RLS) so that your account data is only accessible to you and to no other CreatorSuites users.

5. Cookies

CreatorSuites uses a single session cookie set by Supabase for authentication — no tracking cookies, no ad pixels. Our analytics tool (Plausible) is fully cookieless. You do not need to accept or decline a cookie banner to use the service.

6. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate data.
• Deletion — request deletion of your account and all associated data.
• Export — download all your deal data in a portable format.
• Restriction / Objection — limit how we process your data in specific circumstances.
• Complaint — lodge a complaint with your local supervisory authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to retain records for legal or financial compliance (e.g. billing records for up to 7 years per tax law).

8. Children

CreatorSuites is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at [email protected] and we will remove the account promptly.

9. Changes to This Policy

We may update this policy when our practices change. We will update the date at the top and, for significant changes, notify you by email. Continued use of CreatorSuites after the updated date constitutes acceptance.

10. Contact

Privacy questions or GDPR requests: [email protected]

General support: [email protected]