Privacy Policy

Effective Date: January 1, 2025 | Last Updated: March 2026 Applies to: creativcurrent.com and the CreativCurrent app 1. Overview CreativCurrent ("we," "us," or "our") operates the website at creativcurrent.com and the associated client application (collectively, the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how it is used, and the choices you have. By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service. We collect only what we need to run the Service. We do not sell your data, ever. 2. Data We Collect We collect information in the following categories: Account and Identity — Full name, email address, company name, and company logo, collected via the signup form or Google Sign-In. Billing and Payment — Subscription plan, billing cycle, and a Stripe customer reference ID. We never store raw payment card numbers. Project and Work Data — Creative briefs, deliverable feedback, uploaded brand assets, and file attachments you submit through the app. Messaging Integration — The Slack, Microsoft Teams, Google Chat, or Discord channel URL you provide during onboarding. Scheduling — Meeting dates, times, and notes entered through the in-app scheduler or Calendly. Usage and Technical Data — Log data, browser type, IP address, pages visited, and session duration, collected automatically via cookies and server logs. 3. Google Sign-In (OAuth 2.0) CreativCurrent offers "Sign in with Google" as an authentication option. When you choose this, we request access only to: Your email address — used to create and identify your account Basic profile information — your name and profile picture, used to personalize your dashboard We do not request access to your Google Drive, Gmail, Google Contacts, Google Calendar, or any other Google product. Our use of Google account data is limited strictly to authentication and basic account setup. Information received from Google APIs is used only to authenticate you. It is never shared with third parties for advertising, never resold, and never used to build user profiles beyond what is required to operate the Service. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: https://developers.google.com/terms/api-services-user-data-policy You may disconnect Google authentication at any time from your Account Settings page. Doing so will not delete your account or data — you can set a password to continue accessing the Service with your email address. 4. How We Use Your Data We use the information we collect to: Create and manage your account and subscription Deliver creative services and manage project workflows Process payments and manage your billing through Stripe Send transactional emails (receipts, account notices, project updates) Schedule and facilitate calls and meetings Connect you with your assigned Creative Director via your preferred messaging channel Improve the Service based on how features are used Respond to support requests and inquiries Comply with legal obligations We do not use your data for targeted advertising and we do not sell or rent your personal information to any third party. 5. Sharing and Disclosure We share your information only in the following circumstances: Service providers — Trusted vendors that help us operate, including Stripe for payments, Supabase for database hosting, and Calendly for scheduling. These providers are contractually bound to use your data only to perform services for us. Your team members — If you invite colleagues to your account, they will have access to the shared project workspace. Legal requirements — If required by law, subpoena, court order, or governmental authority. Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy. We never sell, rent, or trade your personal information with third parties for marketing purposes. 6. Third-Party Services The Service integrates with the following third-party providers, each with their own privacy practices: Stripe — Payment processing. Stripe stores your payment details directly. See stripe.com/privacy. Google OAuth 2.0 — Optional authentication. See policies.google.com/privacy. Supabase — Database and file storage, hosted on AWS. See supabase.com/privacy. Calendly — Meeting scheduling. See calendly.com/privacy. Slack / Microsoft Teams / Google Chat / Discord — If you connect a messaging channel, that platform's privacy policy governs messages sent through it. 7. Data Retention We retain your personal information for as long as your account is active or as needed to provide the Service. Account data is retained for 90 days after cancellation to allow reactivation, then deleted upon request. Project files and brand assets are retained for 90 days after account closure unless you request earlier deletion. Billing records may be retained for up to 7 years as required by applicable financial regulations. Anonymized usage data may be retained indefinitely for product analytics. You may request deletion of your account and associated data at any time by contacting us at the address below. 8. Your Rights Depending on your location, you may have the following rights regarding your personal information: Access — Request a copy of the data we hold about you Correction — Ask us to correct inaccurate or incomplete data Deletion — Request that we delete your personal data Portability — Request your data in a portable, machine-readable format Objection or Restriction — Object to or request restriction of certain processing activities Withdraw Consent — Where processing is based on consent (e.g., Google Sign-In), withdraw that consent at any time To exercise any of these rights, contact us at hello@creativcurrent.com. We will respond within 30 days. If you are a California resident, you may have additional rights under the CCPA. We do not sell personal information as defined under the CCPA. 9. Security Our security practices include: HTTPS encryption for all data in transit Encrypted storage for sensitive fields in our database Access controls limiting which team members can view your data Stripe handles all payment card data under their PCI-DSS compliance framework — we never handle raw card numbers No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at hello@creativcurrent.com. 10. Children's Privacy The Service is intended for business use by adults and is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If we learn we have collected data from a child without verifiable parental consent, we will delete it promptly. 11. Policy Changes We may update this policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If we make material changes, we will notify you by email or via a prominent notice within the Service before changes take effect. Continued use of the Service after any update constitutes acceptance of the revised policy. 12. Contact Questions, requests, or concerns? Reach out directly. CreativCurrent St. Augustine, Florida, USA hello@creativcurrent.com