Privacy Policy

KreatorFlow("we", "us", "our") operates the AI creation platform at kreatorflow.ai. We are the data controller for the personal information you provide when using our service.

Contact us about privacy at: support@kreatorflow.ai

We collect only what is necessary to provide the service:

• Account information — your email address, display name, username, profile bio, and avatar when you create an account.
• Authentication credentials — a securely hashed password (never stored in plaintext), or a Google OAuth token if you choose to sign in with Google.
• Generation data — prompts, settings, and job records created when you use our AI tools. Stored so you can access your history and asset library.
• Uploaded media — reference images or videos you upload as part of your creative workflow. These are stored under your account and are not shared.
• Billing information — credit balance and transaction history. Payment card details are held exclusively by our payment processor (Stripe) and never reach our servers.
• Signup confirmations — age confirmation, legal-policy acceptance timestamp, policy versions, and optional marketing consent.
• Onboarding answers — optional answers you give at sign-up about your usage goals. Used only to personalise your experience.
• Technical data — IP address, browser type, and session tokens (stored as secure HTTP-only cookies). Used to keep your account secure.
• Support messages — content of tickets you submit through our support system.

We use your data only for the following purposes:

• Providing and improving the KreatorFlow platform and its features.
• Processing AI generation requests you initiate.
• Managing your account, credit balance, and subscription through Stripe.
• Authenticating your identity and protecting your account from unauthorised access.
• Sending transactional communications (generation results, billing receipts, support replies).
• Detecting and preventing fraud and policy violations.
• Producing anonymised, aggregated usage statistics to guide product development.

We do not sell your personal data to third parties. We do not use your prompts, uploads, or generated outputs to train AI models without your explicit consent.

When you submit a generation request, your prompt and any settings are processed by the AI systems that power KreatorFlow. Generated output and any reference media you upload are stored securely and associated with your account only. We do not grant third parties access to your generation content beyond what is necessary to complete the request you initiated.

• Session cookie — a secure, HTTP-only cookie that keeps you logged in. It expires when you sign out or after a set period of inactivity.
• Local Storage — used client-side to save your in-progress studio state, workspace scope, draft prompts, settings, and cookie choices so you do not lose work on page refresh.

Analytics and marketing cookies stay disabled unless you choose them in the cookie banner. For details, see the Cookie Policy.

We share the minimum necessary data with the following third parties to operate the service:

• Stripe — payment processing. Stripe receives your email and billing details. Stripe is PCI-DSS compliant and subject to its own privacy policy.
• Cloud infrastructure providers — for hosting, computation, and secure media storage. These providers act as data processors under contractual data processing agreements and may not use your data for any other purpose.
• Law enforcement and regulators — when required by a valid legal order, court order, or equivalent legal process under UK law.

• Account data — retained while your account is active and for up to 30 days following deletion, after which personal data is purged.
• Generated media and uploads — retained until you delete the asset or close your account.
• Financial records — credit ledger and billing history retained for 7 years for legal and accounting compliance.
• Support tickets — retained for 2 years after resolution.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

• Right of access — request a copy of your personal data.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure — request deletion of your account and associated personal data, subject to legal retention obligations.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to restrict processing — ask us to limit how we process your data in certain circumstances.

To exercise any right, email support@kreatorflow.ai. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We implement industry-standard technical and organisational measures to protect your data: TLS encryption in transit, bcrypt-hashed passwords, HTTP-only session cookies, and server-side generation of signed upload URLs so secrets never reach the browser. Access to production data is restricted to authorised personnel only.

No system is completely secure. If you believe your account has been compromised, contact us immediately at support@kreatorflow.ai.

KreatorFlow is not directed at anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will promptly remove it.

We may update this policy. Material changes will be communicated by email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top always reflects the current version.