CreoAI Privacy Policy
Effective Date: January 31st, 2022.

This privacy policy explains how we, CreoAI Inc, of 9450 Southwest Gemini Drive
33472, Beaverton, OR 97008 USA
(“CreoAI”, “we”, “us”, “our”) process your personal information (“you”, “your”) when you use our website, app or other services.

PLEASE READ THIS PRIVACY POLICY CAREFULLY

By using the Creo mobile application (the “App”) or the website located at https://withcreo.com/ (the “Website”) (App and Website individually referred to individually as a “Creo Service” or collectively as the “Creo Services”) or otherwise indicating your acceptance (e.g. by clicking tick-box or bottom “agree”), you agree to the following terms of our Privacy Policy, which will bind you at all times and in whatever manner you use the Creo Services.

Please note:

  • Individuals in the European Economic Area (EEA) and the UK should also read our section about “Your EEA & UK Data Privacy Rights”.
  • Individuals in California or Virginia should also read our section about “Your California and Virginia Data Privacy Rights”.
  • Individuals in Nevada should also read our section about “Your Nevada Data Privacy Rights”.
  1. WHO DOES THIS PRIVACY POLICY APPLY TO?
This policy applies to:
  • Directly from you when you provide it to us.
  • Automatically when you use Creo Services.
  • From third parties.
  1. WHAT TYPES OF INFORMATION DO WE COLLECT?
Generally, “personal information”, “personal data” or similar terms refer to any information that identifies you or relates to you. However, the exact meaning of personal information may be determined by the law of the country of your residence.
We will process the following information which may be considered personal information:
Information You Provide To Us Directly
  • **User details.**Your user details when you sign up as a user of Creo Services.
  • Profile Data. Information, including your username and password, content you post and art you have created with us (prior to you deleting them).
  • Details of your request. When you contact or visit us, we may process the details of your request, communications, complaints, or other interaction.
Information We Collect Automatically

  • Transaction information. Transaction information such as your purchases in our app, including date of purchase, currency, amount, payment type, and the last four digits of your card number.
  • Device information. When accessing Creo Services, your device and browser will automatically provide unique information such as account ID, mobile device ID, internet protocol (IP) address, cookie ID or online identifiers, operating system, browser type, time zone setting, location and date and time of access. (If you have provided your consent) IDFA or Android Advertising ID, whichever is applicable to your device. If you want to disable the collection of IDFA and/or Android Advertising ID by Creo Services, please follow in-app instructions.
  • Usage data. Our systems may record usage data about how you navigate and engage with Creo Services, use our features, download materials, security logs will be kept, online activity data such as clickstream data with URLs visited previously, page interaction information (such as scrolling, clicks, and mouse-overs), your preferences (including interests, country and language), and methods used to browse away from Creo Services.
  • Interaction Data. Information you provide to us when you participate in any interactive features of Creo Services, including surveys, contests, promotions, activities or events.
  • Interaction information. When we send you emails or other communications, we may collect technical interaction information, such as open rates and if you clicked on any content.
Information We Obtain From Third Parties

Third party data about you. Third party data about you such as your interaction with our posts and content and ‘likes’ on social media platforms, such as Facebook, Twitter, Instagram, TikTok, profile information, preferences and interests from advertising and analytics partners, information from our suppliers.

We may receive information about you from our analytics service providers with data they collect through Creo Services in accordance with their own privacy policies. A list of the third parties that operate in Creo Services can be found in the Appendix A below.

  1. DATA ACCURACY
We will rely on the information provided by you as accurate, complete, and up to date, and we would be grateful if you could inform us of any changes.

  1. WHAT INFORMATION DO WE COLLECT AND WHY?
Generally, we will use your personal information to (i) provide Creo Services and enable you to use our service features, (ii) respond to your queries, (iii) develop and promote our organisation and services; (iv) ensure the security and technical availability of Creo Services; and (v) comply with the law.
  1. If you are an individual in the EEA or the UK, we have to inform you about the “legal ground” for us to use your “personal data”. This will typically be the performance of our contract with you (based on our Creo Terms of Use) or our legitimate interest to use your personal data to ensure that Creo Services are provided properly, efficiently, and securely, as is further explained in the table below.
Where we rely on legitimate interests as the legal basis for processing personal data, we have considered whether or not those interests are overridden by the interests or fundamental rights or freedoms of the individuals whose data are being processed and concluded that the processing is, on balance, fair.
We use your information for the following purposes:
  • To assist and contact you in relation to your inquiry or to send you information that you have requested about Creo Services.
  • To register you as a service user when you sign up for Creo Services and to enable you to use Creo Services and its functionalities.
  • To enable you to make purchases through our Creo Services.
  • To fulfill your requests and send you service communications and notifications about matters relevant to your use of Creo Services and your engagement with us, such as information about offers you might be interested in, targeted content, confirmations of donations, details of events, surveys, changes in our terms, etc.
  • To send you promotional information through various marketing channels including post, email, social media and etc. about Creo Services and our organization, reviewing and optimizing campaign performance and profiling information about your interests known, observed, or inferred for direct marketing purposes.
  • To improve and develop Creo Services, including to: obtain feedback; record likes and preferences; conduct statistical analysis; use Google Analytics to understand the demographics of our users; make services and features more relevant; improve user experience; and work with third parties and evaluate data to improve and develop Creo Services.
  • To ensure proper administration of our business, including to: keep appropriate records about how Creo Services are used; resolve complaints; conduct troubleshooting; manage our business relationships and identify opportunities; register interactions with our communications, such as emails; enforce our terms; and debt collection.
  • To engage our third party service providers who may process your information on our behalf to facilitate the provision of Creo Services and the fulfillment of essential service functions, such as web hosting, cloud storage, analytics, payments, plugins, communications, accounting, security and others.
  • To monitor our networks, Creo Services and systems for suspicious activities, test and audit our systems and deploy appropriate security measures.
  • To monitor operations, user activity and networks for fraud prevention and crime detection purposes, including information from third parties who may help us verify your identity or alert us about suspicious activities. Upon sign up, we may ask for your telephone number to send you a verification code.
  • To share information with our group companies.
  • To share data with another organization for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, or similar event relating to our business.
  • To process information as is required for our compliance with the law or to establish, exercise or defend legal claims.
  • To process and share information with other third parties where required by law, such as regulators, and law enforcement agencies, or where mandatory under a court order.
  1. NO PROCESSING OF PAYMENT DETAILS
We will not receive or store any of your payment details, this is fully handled by the relevant payment service provider. If/when you make any purchases, we are notified by the payment processor once the transaction takes place and then ensure you receive your purchase. We do not, however, receive any of your actual payment details or personal data related to the payment. We only keep the data concerning transaction dates, currencies, value, the last four digits of your card number and the subject of the transaction.

  1. SHARING YOUR INFORMATION WITH THIRD PARTIES
We will generally not share your information except with (i) our third party service providers and advisors who may process personal information on our behalf for the purpose of operation of the Creo Services (e.g., cloud providers), (ii) our advertising, marketing, and analytics partners, as explained above, (iii) our group companies for the purposes set out above, (iv) persons or authorities where we are compelled by law, (v) to the relevant entity in case of a merger, acquisition or collaboration, and (vi) other third parties where you have provided your consent.
  1. HOW WE MAY DISCLOSE YOUR INFORMATION TO THIRD PARTIES
We do not rent or sell your Personal Data to any third parties outside Creo Services or its affiliates(as defined below).
We do not share your personal information except as approved by you or as described below:
  • We may engage other companies and individuals to perform services on our behalf. An example of these services may include analyzing data and providing customer support. These agents and service providers may have access to your personal information in connection with the performance of services for us, and they are bound by appropriate contractual safeguards in place.
  • We may release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organizations for fraud protection. In certain situations, Creo may be required to disclose personal information in response to lawful requests by public authorities or for local law enforcement requirements.
  • We may share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business to another company. You will be notified via email and/or notice on our Sites of any change in ownership.
  • Creo may contain third party tracking and data collection and analytics tools from our service providers. Collection of personal information with such tools is subject to consent from EEA / UK users. A list of the third parties that operate analytical data in Creo can be found in the Appendix A below. Such third parties may use cookies, APIs, and SDKs in Creo to enable them to collect and analyze user and device related data and information on our behalf. The third parties may have access to and collect data and information about you, such as your device identifier, IDFA (Identifier for advertisers), locale (specific location where a given language is spoken), geo-location information, IP address, application usage, access and session times, applications present on the device or in use at a particular time on the device, and your viewing of and interactions with advertising, for the purpose of providing their services, including, for example, enabling, providing and delivering advertising as described in further detail below. The privacy policies of our service providers may include additional terms and disclosures regarding their data collection and use practices and tracking technologies, and we encourage you to check those privacy policies to learn more about their data collection and use practices, use of cookies and other similar tracking technologies.
  • Apple iOS users may opt-in to allow Creo Services to provide data regarding the amount of minutes spent within Creo applications to the Apple iOS “Health” application for display. This data will not be shared with third parties or used for marketing purposes.
  • We may share aggregate or anonymized information about you with advertisers, publishers, business partners, sponsors, and other third parties.
  1. LINKS TO OTHER SITES
For the convenience of our visitors and clients, Creo Services may contain links to other sites, such as those of our partners or vendors, which are subject to different privacy policies. The Policy will not apply to your use of other websites. While we generally try to link only to sites that share similar high standards and respect for privacy, we have no responsibility or liability for the content, products or services offered, independent actions, or the privacy and security practices employed by these other independent sites. We encourage you to ask questions and review the applicable privacy policies found on such other websites, services and applications to understand how your information may be collected and used on these independent sites before disclosing information to third parties.
  1. HOW LONG IS YOUR INFORMATION KEPT?
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
Account deletion. Normally, the retention term would be the term of your account existence. It means that we will retain your Personal Data until you delete your account or request us to delete your data (by contacting us at privacy@withcreo.com). Once we have deleted your Personal Data, you will not be able to exercise the right to access, the right to erasure, the right to rectification, or the right to data portability.
Please note that deletion of App does not imply the deletion of your account and your data
Paint Your Day Content. Content you post and art you have created with us while using Paint your Day feature (collectively referred to as “Paint Your Day Content”) is stored on our servers to be available to you at any time from any device until you decide to delete Paint Your Day Content or your account following in-app instructions or by contacting us at hello@withcreo.com.
Retention to comply with legal obligations. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We may retain your Personal data in connection with your privacy-related requests and communications with us, if any, as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements.
Usage information. We will also retain usage Information for internal analytics purposes. Usage Information is generally retained for a shorter period of time, except when this data is used to improve the functionality of Creo Services, or we are legally obligated to retain this data for longer time periods.
Anonymized Data. Even if we delete some or all of your Personal Data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.
  1. HOW DO WE SECURE YOUR INFORMATION?
We maintain appropriate organizational and technological safeguards to help protect against unauthorized use, access to or accidental loss, alteration or destruction of the personal information we hold. We also seek to ensure our third-party service providers do the same.
We will endeavour to use the least amount of personal information as is required for each purpose. We will employ pseudonymisation and anonymisation techniques, where appropriate.
Our staff will access your personal information on a “need to know” basis.
Unfortunately, the transmission of personal data through the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to or stored on our IT system, and any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorized access.
  1. WHERE IS YOUR INFORMATION PROCESSED?
We may transfer your personal information to our group companies, suppliers and other third parties in countries different to your country of residence.
In addition, data may be transferred to our subsidiaries or processors in third countries or subcontractors of our processors in third countries.
Some of our group companies and the third parties described in this Privacy Policy that provide services to us under contract, are based in other countries that may not have privacy and data protection laws equivalent to those of the country in which you reside. If you are using Creo Services in the UK or EEA, in the event your personal information is transferred, stored or processed outside of the UK or EEA, we will ensure – if and as required by applicable laws - that any such transfer meets the requirements of the General Data Protection Regulation (“GDPR”) or UK General Data Protection Regulation (“UK GDPR”) (as applicable), or that the transfer is otherwise subject to prescribed safeguards such as approved ‘Standard Contractual Clauses’. We will take all steps reasonably necessary to ensure that your personal information is treated securely and, as applicable, in accordance with this Privacy Policy, GDPR, UK GDPR and Data Protection Act 2018. You can obtain more details of the protection given to your personal data when it is transferred outside the EEA or the UK by contacting us at privacy@withcreo.com.
  1. OUR POLICY REGARDING CHILDREN
We appreciate the need to provide extra privacy protections to users who are children. Creo Services are intended for general audiences over the age of 18 years (or of age of legal majority where you live, if different). We do not knowingly collect or solicit personal information from or direct or target interest based advertising to anyone under the age of 18 or knowingly allow such persons to use Creo Services. If you are under 18, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 18 may provide any personal information. In the event that we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the age of 18, please contact us.
  1. ELECTRONIC COMMUNICATIONS
By using Creo, you also agree to receive electronic communications from us, including via email, push notifications and by posting notices on Creo. The communications between you and us may take place via electronic means, whether you use Creo or send us emails, or whether we post notices on Creo or communicate with you via email. These communications may include notices about Creo and the Purchased Content and are part of your relationship with us. For contractual purposes, you: (i) consent to receive communications from us in an electronic form; and (ii) agree that all terms and conditions, agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that such communications would satisfy if it were to be in writing. The foregoing does not affect your statutory rights. Communications from us and our affiliated companies may include but are not limited to: operational communications concerning your Account or the use of Creo (e.g., technical and security notices, updates to this Privacy Policy and Creo Terms of Use), and updates concerning new and existing features (e.g., changes/updates to features of Creo and their scope, prices of in-app subscriptions).
You may opt-out of receiving promotional emails from us at any time through any of the following methods:
  • by following the opt-out links in any promotional email sent to you; or
  • through Creo settings on your mobile device; or
  • by contacting us at any time at hello@withcreo.com
You may opt-out of push notifications by changing the settings on your mobile device.
  1. CONTACT US
Please email us if you have any queries or concerns about how we use your personal information. We will try to resolve your query without undue delay.E-mail: privacy@withcreo.com
  1. UPDATES
This Privacy Policy may change from time to time, and we encourage you to review it periodically. Some changes do not require your consent: for example, when we add a new purpose of processing that is compatible with the existing purposes, or the new processing activity that falls under the users’ reasonable expectation. However, if the changes made may pose risk to your rights and freedoms e.g., by including a new purpose of the processing that is not compatible with the existing purposes of processing, a new legal basis, a new category of personal data to be collected or a new data subject, all of which are not reasonably expected by the users, we will ask for your consent to those changes separately from this Policy. If you did not receive a request for your consent to the changes or refused to give consent, those changes will not apply to you. That fact can negatively affect some of Creo Services provided to you in case those services inevitably include consent to the changes.
  1. YOUR CALIFORNIA AND VIRGINIA DATA PRIVACY RIGHTS
Residents of California and Virginia may have statutory rights under state comprehensive privacy law including the rights specified below. You can exercise these rights by contacting us at privacy@withcreo.com.
  • Right to request the categories of Personal Information collected about you. Creo will provide, where relevant and required by law, the types of data we collect.
  • Right to request the categories of sources from which your Personal Information is collected. Creo will provide, where relevant and required by law, the types of tools and organizations we use to collect data.
  • Right to request the business or commercial purpose for collecting your Personal Information. Creo will provide, where relevant and required by law, the purposes to collect data.
  • Right to request the categories of third parties to whom Personal Information is disclosed, and the categories of Personal Information disclosed. Creo will provide, where relevant and required by law, information regarding the other organizations that may receive your Personal Information.
  • Right to request the specific pieces of Personal Information collected about you. Creo will provide, where relevant and required by law, your Personal Information.
  • Right to request that Personal Information collected about you be deleted. We may keep Personal Information for legal reasons but will accommodate deletion requests when required. Please be aware that erasing some Personal Information may affect your ability to Use Creo.
  • Request that your inaccurate Personal Information be corrected. If you believe your Personal Information is not correct you may provide Personal Information to replace the erroneous data.
  • Request that Creo does not sell or share your Personal Information. Each state may interpret a “sale” of Personal Information differently, however, if you are a resident of the states above or Nevada and request that your Personal Information not be sold Creo will honor that request. Individuals in California may request their information not be shared with any third party.
  1. YOUR NEVADA DATA PRIVACY RIGHTS
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to privacy@withcreo.com. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
  1. YOUR EEA & UK DATA PRIVACY RIGHTS
This section provides further disclosures and describes the rights in relation to your personal data that you may have under GDPR if you are an individual in the EEA or UK GDPR if you are an individual in the UK.
A. Personal data
“Personal data” means any information relating to an identified or identifiable natural person; such person is known as a ‘data subject’. In practice, almost all information relating to you will be your personal data.
B. How do we process your information and why?
We will process your personal data as “controller” for the purposes and on the legal grounds for processing set out above.We will update you about any new purposes of processing your personal data from time to time, and we will obtain your prior consent for such new purposes where we are required to do so at law.
C. Data subject rights
Subject to certain exemptions, limitations and appropriate proof of identity, as a data subject, you will generally have numerous rights in relation to your personal data that you may exercise with the controller, including the following:
  • Right to information about matters set out in this policy. You may also contact us for further details about our retention policy and international data transfers.
  • Right to make an access request to receive copies of personal data, as well as to share your personal data with other parties.
  • Right to rectification of any inaccurate or incomplete personal data.
  • Right to withdraw consent previously provided, without affecting the lawfulness of our processing based on consent before its withdrawal.
  • Right to object to our processing of personal data for direct marketing purposes, or that is based on our legitimate interests, and any automated decision-making and profiling.
  • Right to erasure of personal data, in certain circumstances.
  • Restriction on the processing of personal data in certain circumstances.
  • Right to data portability from one service provider to another, where applicable.
  • Right to lodge a complaint with your country’s supervisory authority. Subject to the GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authority here, and the UK’s supervisory authority (ICO) here.
All requests will be processed in a timely manner, generally within one month. If we cannot process your request within this period we shall explain why and process it as soon as possible thereafter. You can exercise these rights directly with us by submitting a request at privacy@withcreo.com. Please note that these rights are not absolute and we may be entitled (or required) to refuse requests where exceptions apply.
D. Data retention
Generally, we will keep your personal information in accordance with our retention rules but often earlier deletion will be mandated by our retention policy. We delete most of your information after you delete your account, unless we are required to keep it for longer for legal purposes. Your communication history with others (including photographs posted in the chat and comments functions) may be retained but on an anonymous basis if reasonably possible. Some anonymized data may be retained in analytics systems for data analytics purposes. Please get in touch for more information.
APPENDIX A: ANALYTICS AND OTHER SERVICE PROVIDERS We use your information to perform our own analytics and to enable analytics provided by third parties and other essential functions. We use analytical information for supporting business analysis and operations, business intelligence, product development, improving Creo Services, personalizing content, providing advertising, and making recommendations. In order to learn about how your information is used by our analytics service providers, you can follow the hyperlinks in the list below to each provider’s privacy notice.
  • Amplitude Amplitude is an analytics service provided by Amplitude Inc. (US)
  • AppsFlyer AppsFlyer is an analytics service provided by Appsflyer Ltd (Israel)
  • Meta Ads Network Meta Ads Network is an analytics service provided by Meta Platforms, Inc. (US) that connects data from the Meta advertising network with actions performed on this Application.
  • Firebase Firebase is an analytics service provided by Google Inc. (US) You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google.
  • OneSignal OneSignal is a marketing service that provides mobile push notification solutions by OneSignal, Inc (US).
  • Sentry Sentry provides real-time error tracking for your web apps, mobile apps and games, which gives developers the insight needed to reproduce and fix crashes.
  • Google Analytics Google Analytics is an analytics service provided by Google Inc. (US)