Privacy Policy
Last updated: April 2026
This Privacy Policy describes how CreatorOS (“we”, “us”, “our”), operated by CreatorOS, collects, uses, stores, and protects your personal data.
This policy is compliant with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Digital Personal Data Protection Act, 2023 (DPDP Act).
1. Data We Collect
From Creators:
- Full name, email address, phone number
- Username and profile information
- Bank account details and PAN number (for payouts and TDS)
- GST number (if provided)
- Profile photo and content you upload
- Payment account information (stored by payment providers — we do not store card or UPI details)
From Buyers:
- Name and email address
- Phone number (if provided at checkout)
- Transaction details (product purchased, amount, date)
From All Users:
- IP address and approximate location
- Browser type and device information
- Pages visited and time spent (via analytics)
- Cookies and similar tracking technologies
2. How We Use Your Data
We use your data to:
- Create and manage your account
- Process payments and fulfill purchases
- Send transactional emails (receipts, access confirmations, booking reminders)
- Send marketing emails (only if you have opted in)
- Generate GST invoices and comply with tax obligations
- Detect and prevent fraud and abuse
- Improve the Platform through analytics
- Comply with legal obligations under Indian law
We do not sell your personal data to any third party.
3. Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023:
- We process your data on the basis of your consent (given at signup or checkout)
- For payment processing, we process data based on contractual necessity
- For compliance purposes (TDS, GST), we process data based on legal obligation
You have the right to withdraw consent at any time by deleting your account or contacting us. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
4. Data Sharing
We share your data with:
Payment Providers
- Stripe (stripe.com) — for international card payments
- Razorpay (razorpay.com) — for UPI and domestic payments. Both are PCI-DSS compliant. We share only what is necessary to process your transaction.
Email Providers
- Resend (resend.com) — for transactional and marketing emails
Cloud Infrastructure
- Supabase (supabase.com) — database and file storage
- Vercel (vercel.com) — platform hosting
Error Monitoring
- Sentry (sentry.io) — for error tracking (no sensitive personal data is sent)
Legal Authorities
We may disclose your data to law enforcement, courts, or government agencies when required by applicable Indian law, court order, or to protect the rights and safety of users.
We do not share your data with advertisers or data brokers.
5. Data Storage and Security
Your data is stored on servers operated by Supabase and Vercel, which may be located outside India. By using the Platform, you consent to this cross-border transfer.
We implement reasonable security practices as required by the IT (SPDI) Rules, 2011, including:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of sensitive data at rest
- Access controls limiting who can access your data
- Regular security audits
However, no system is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access beyond our reasonable control.
6. Data Retention
Account data: retained for the duration of your account and 3 years after deletion (for legal compliance)
Transaction records: retained for 8 years (as required by Indian tax law)
Email communications: retained for 2 years
Analytics data: retained for 1 year in identifiable form, then anonymized
8. Your Rights Under the DPDP Act, 2023
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access: Request a summary of your personal data we hold
- Correction: Request correction of inaccurate data
- Erasure: Request deletion of your data (subject to legal retention obligations)
- Grievance redressal: File a complaint with our Grievance Officer
- Nominee: Nominate a person to exercise rights on your behalf in case of death or incapacity
To exercise any of these rights, email: hello@wearecreatoros.com. We will respond within 30 days.
You also have the right to file a complaint with the Data Protection Board of India once it is constituted under the DPDP Act.
9. Children’s Privacy
CreatorOS is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@wearecreatoros.com and we will delete it promptly.
10. Grievance Officer
Email: hello@wearecreatoros.com
Address: Haryana, India
Complaints will be acknowledged within 48 hours and resolved within 30 days.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect.
12. Contact
For privacy-related queries:
Email: hello@wearecreatoros.com
Address: Haryana, India
© 2026 CreatorOS. All rights reserved. Terms of Service · Disclaimer