Legal

Privacy Policy

This policy describes how CreatorStudio (“we”, “us”) collects, uses, and shares information when you use our websites, applications, and related services (collectively, the “Service”).

Last updated: May 4, 2026. The data controller is Da Vinci Enterprises, Inc., a Wyoming corporation, with its principal place of business at 1309 Coffeen Avenue, STE 1200, Sheridan, Wyoming 82801, USA. For privacy requests, contact [email protected]. For general support, use the contact options in the Service.

1. Information we collect

  • Account and authentication — such as email address and credentials. We use Supabase for authentication and account storage.
  • Profile and preferences — information you add in onboarding or settings (for example display name, creator preferences, or similar fields stored in your profile).
  • Content you provide — scripts, ideas, topics, brand-scan inputs (such as social handles or URLs you submit), generated outputs, and related metadata needed to run features you request.
  • Billing — subscription status and payment-related information processed by Stripe. We do not store full payment card numbers on our servers.
  • Transactional email — delivery and engagement data handled by Resend when we send service emails (for example receipts or account messages).
  • Usage and product analytics when you opt in via our consent banner or dashboard controls, event and usage data may be collected through PostHog and Google Analytics 4 to understand how the Service is used. Session recording is disabled in our PostHog configuration.
  • Diagnostics and security — error reports, performance data, and similar telemetry processed by Sentry to operate and secure the Service. We may also log technical information (such as IP address or user agent) for security, abuse prevention, and troubleshooting.
  • Consent preferences — your analytics choice stored in the sg_consent cookie and, when you are signed in, may be synced to your profile (consent_analytics) so your preference persists across devices.

2. How we use information

We use information to:

  • Provide, maintain, and improve the Service;
  • Process subscriptions and payments, and send related communications;
  • Generate AI outputs you request, including routing requests to AI providers as described below;
  • Measure product usage and improve features when you have consented to analytics;
  • Detect, investigate, and prevent fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our terms.

Where GDPR or similar laws apply, we rely on appropriate legal bases such as performance of a contract (providing the Service), legitimate interests (for example security and service improvement that is not overridden by your rights), consent (for optional analytics), and compliance with legal obligations.

3. AI processing and third parties

To generate scripts, ideas, brand insights, and related content, we send your prompts and relevant context to model providers and infrastructure partners, which may include Anthropic, OpenAI, and integration or routing layers we use to connect to those providers. Those parties process data under their own terms and privacy policies as part of delivering the models. Outputs are generated probabilistically and may be inaccurate or incomplete — you are responsible for how you use them, including anything you publish.

We do not use your content to train public models unless we separately disclose that and, where required, obtain consent. Provider practices may change; we recommend reviewing their policies periodically.

4. Cookies and similar technologies

We use cookies and similar technologies for essential functions (such as keeping you signed in), to remember your analytics consent (sg_consent), and — only if you consent — for PostHog and Google Analytics 4. You can change analytics consent anytime via the banner or, while signed in, in Privacy & Data in your dashboard.

5. Service providers (subprocessors)

We share data with vendors who process it on our behalf. They are contractually required to protect personal data and use it only for the services they provide to us. This includes:

  • Supabase — database, authentication, file storage;
  • Stripe — payments;
  • Resend — email delivery;
  • Sentry — error and performance monitoring;
  • PostHog — product analytics (consent-based);
  • Google — Google Analytics 4 (consent-based);
  • Anthropic, OpenAI — AI inference;
  • Cloud hosting and deployment (for example our application host) — to run the Service infrastructure.

6. Retention

We retain personal information for as long as your account is active or as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Telemetry and logs at subprocessors follow their retention settings. When you use export my data, we generate a downloadable file; the download link is short-lived (on the order of minutes) for security.

7. International transfers

We may process and store information in the United States and other countries where we or our vendors operate. Those countries may have different data protection rules than your country. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers of personal data.

8. Security

We use technical and organizational measures designed to protect your information, including encryption in transit (HTTPS), access controls, and database protections. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export your personal data; object to or restrict certain processing; withdraw consent where processing is based on consent; and lodge a complaint with a supervisory authority.

Signed-in users can exercise many of these rights in Privacy & Data: export a copy of your data, delete your account, and manage analytics consent. You can also contact us at [email protected].

10. California and US state privacy

If you are a California or other US state resident, you may have additional rights under applicable laws (for example, to know categories of personal information collected, to request deletion or correction, and to opt out of certain sharing). We do not sell your personal information for money. To exercise rights, contact [email protected].

11. Children

The Service is not directed at children under 16, and we do not knowingly collect personal information from children under 16. If you believe we have collected such information, contact us and we will take steps to delete it.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we will provide notice as required by law (for example via email or an in-app notice).

See also our Terms of Service.