Privacy Policy

This Privacy Policy explains how Creativly ("we", "us", or "our") collects, uses, stores, shares, and protects information when you use our website, Flow, project workspace, AI generation and editing tools, sessions, assets, uploads, account settings, billing features, and related services (the "Service").

Creativly is designed for creative work with AI models across image, video, audio, and text. Because these workflows involve prompts, uploaded files, generated outputs, provider APIs, credits, sessions, and storage, this policy describes both account data and creative content data.

Account information: name, email address, authentication identifiers, profile settings, plan type, onboarding information, preferences, and support communications.

Creative workspace information: projects, Flow graphs, nodes, prompts, instructions, chat messages, session names, session state, model selections, generation settings, references, edits, exports, generated outputs, uploaded images, uploaded videos, uploaded audio, file names, asset metadata, previews, thumbnails, posters, and related technical data.

Provider and BYOK information: provider selection, saved provider key metadata, key name, provider, status, creation date, last four characters, fingerprints or verification data, acceptance timestamps, and encrypted API key material where you choose to save a key.

Billing and usage information: plan, subscription status, customer identifiers, payment processor records, credit balances, credit reservations, credit ledger entries, invoices, checkout and portal events, storage usage, generation counts, model usage, and usage limits.

Technical and security information: IP address, device and browser information, log data, request metadata, cookies or similar identifiers, error reports, performance data, abuse-prevention signals, authentication events, and security audit data.

Communications: messages you send to support, billing, legal, feedback, or product channels, including attachments and metadata needed to respond.

We use information to provide, operate, maintain, secure, troubleshoot, and improve the Service. This includes saving your projects and sessions, running generations and edits, displaying assets, managing uploads, processing exports, routing jobs to providers, showing credit costs, enforcing quotas, and preserving workflow state.

We use account, billing, and usage information to create accounts, authenticate users, process subscriptions, manage credits, provide invoices and billing support, detect failed payments, prevent abuse, and administer plans.

We use creative workspace information to perform the actions you request, including AI image/video/audio/text generation, editing, transcription, description, prompt assistance, agent workflows, reference processing, file handling, previews, sharing, and downloads.

We use security and technical information to protect users and Creativly, investigate errors, prevent fraud and misuse, enforce acceptable use rules, monitor provider and platform reliability, and comply with legal obligations.

We may use aggregated or de-identified information to understand product usage, improve pricing, capacity planning, reliability, model routing, and feature design. We do not use this to identify you where it has been de-identified.

When you run an AI job, Creativly may send the prompts, instructions, uploaded or referenced assets, generated context, model parameters, and technical metadata needed for that job to third-party AI providers or infrastructure providers.

For platform credit jobs, Creativly uses Creativly-managed provider access where available. For BYOK jobs, Creativly uses the provider key you supplied to perform user-initiated jobs and related status checks for your account.

Third-party providers may process job data under their own terms, privacy policies, safety systems, logging, retention, and abuse-monitoring practices. Creativly does not control provider-side retention or model behaviour. You should review the provider terms that apply to any BYOK key you connect.

Do not submit sensitive personal information, confidential information, regulated data, or third-party content unless you have the rights and authority to do so and are comfortable with the processing required to run the requested AI job.

If you save a BYOK/API key, we store it so you can run supported provider jobs from Creativly. The product is designed to encrypt saved provider keys server-side and to avoid displaying the full key after it is saved.

We use saved keys only to perform user-initiated provider requests, related job status checks, and necessary account or security operations. We store key metadata such as provider, key name, last four characters, status, fingerprint, and acceptance timestamp so you can manage keys and so we can prevent duplicate or unauthorised use.

You can delete saved provider keys from account settings. Deletion stops future Creativly use of that key, but provider-side logs, previous job records, invoices, or other records may remain with the provider according to that provider's policies.

We store uploaded assets, generated artifacts, previews, thumbnails, posters, project records, session state, chat state, and usage records so the Service can work across sessions and devices.

Uploads may be limited by type, size, quota, and plan. The Service currently supports media categories such as image, video, and audio uploads for creative workflows. Files may be validated, scanned, moderated, transformed into previews or thumbnails, and associated with a project or session.

We may remove, quarantine, restrict, or decline to process files or outputs that appear unsupported, unsafe, illegal, abusive, infringing, technically harmful, over quota, or inconsistent with the Service rules.

When you share a project or asset through a link or export, people with access to that link or exported file may be able to view or copy the content according to the sharing settings and the way you distribute it.

Payments, subscriptions, invoices, checkout sessions, billing portal access, and payment method handling are processed by payment providers. Creativly receives billing identifiers, plan status, transaction status, subscription metadata, and related records needed to operate billing and support.

We do not need to store full payment card numbers in the Service. Payment providers may collect and process payment data under their own privacy policies and legal obligations.

We keep credit ledger, plan, invoice, customer, and subscription records as needed for account administration, dispute handling, tax, accounting, fraud prevention, and compliance.

We may use cookies, local storage, session storage, and similar technologies for authentication, security, preferences, app state, provider selection, billing flows, analytics, performance, and product functionality.

Your browser may let you block or delete cookies, but some features may not work correctly without them, including sign-in, account settings, project persistence, provider preferences, and billing flows.

We share information with service providers that help us operate the Service, including AI providers, cloud hosting, storage, databases, authentication, payment processing, email, logging, analytics, security, moderation, and customer support providers.

We may share information when you ask us to, such as when you use sharing links, exports, integrations, provider keys, or support workflows.

We may disclose information if reasonably necessary to comply with law, legal process, provider or payment rules, enforce our Terms, investigate abuse or security issues, protect users or the public, or complete a merger, acquisition, financing, reorganisation, or sale of assets.

We do not sell your personal information in the ordinary sense of exchanging it for money. If our practices change in a way that requires additional notice or choice, we will provide it as required by applicable law.

We keep information for as long as reasonably needed to provide the Service, maintain your account, store your projects and assets, run billing, enforce quotas, troubleshoot issues, protect security, comply with legal obligations, resolve disputes, and preserve business records.

You may delete certain uploads, provider keys, projects, sessions, or your account where those controls are available. Account deletion is intended to remove active account data, project data, sessions, generated artifacts, uploads, provider keys, credit records, and profile records from Creativly-controlled product databases where deletion is technically and legally available.

Some information may remain for a limited period in backups, logs, payment records, provider records, abuse-prevention records, security records, legal holds, or records we are required or permitted to retain. Provider-side deletion depends on the provider and the type of job or data involved.

We use technical and organisational measures intended to protect information, such as access controls, authentication, server-side key handling, encryption for saved API keys, validation of uploads, audit logging, and security monitoring.

No service can guarantee absolute security. You are responsible for protecting your login credentials, provider keys, shared links, exported files, and devices. Tell us promptly if you believe your account, key, content, project, or shared link has been compromised.

Creativly and its providers may process and store information in different countries from where you live. Data protection laws may vary by location. Where required, we use appropriate safeguards for cross-border processing.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent.

You can update some account details, delete saved provider keys, manage billing, delete certain assets, cancel subscriptions, or delete your account through product settings where available. You can also contact us for help with privacy requests.

We may need to verify your identity before fulfilling a request. Some requests may be limited by legal obligations, security needs, provider retention, billing records, backup retention, or the rights and safety of others.

Creativly is not intended for children under 13. Do not use the Service if you are under 13. If you believe a child has provided personal information to Creativly, contact us so we can review and take appropriate action.

We may update this Privacy Policy as the Service, providers, laws, or our practices change. The updated version will be posted on this page with a new last updated date. If changes are material, we will take reasonable steps to provide notice.

For privacy or legal questions, contact legal@creativly.ai. For account, billing, payment, or support questions, contact info@creativly.ai.