Privacy Policy
This policy explains what data we collect when you use Creato Studio, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
1. Who We Are
Creato Ltd is a company registered in England and Wales (Company No. 17307961), with a registered address at 124-128 City Road, London, England, EC1V 2NX.
For any privacy-related questions, contact us at info@creatostudio.io.
2. What Data We Collect
Account data
- Email address and encrypted password when you sign up
- Account creation date and last login timestamp
Content you submit
- Instagram, TikTok, and YouTube URLs you paste into the platform
- Transcripts extracted from those videos
- Scripts and variations generated for you
- Notes you add to library items
Third-party connections
- Google: If you connect Google, we store an OAuth token to save scripts to Google Docs. We do not access your Gmail, contacts, or any other Google data.
- Notion: If you connect Notion, we store your integration token and database ID to save scripts to your workspace.
Usage data
- Pages visited and features used, collected via Google Analytics with anonymised IP addresses
- Browser type and device type
3. How We Use Your Data
- To provide and operate the Creato Studio service
- To save and display your scripts, library, and history
- To send transactional emails (account confirmation, password reset)
- To understand how the platform is used so we can improve it
- To detect and prevent abuse or misuse of the platform
We do not sell your data to third parties. We do not use your scripts or submitted content to train AI models.
4. Legal Basis for Processing (UK GDPR)
- Contract: Processing your account data and content to deliver the service you signed up for
- Legitimate interests: Analytics to improve the product and security monitoring to protect our platform
- Consent: Optional third-party integrations (Google, Notion) where you explicitly authorise access
5. Third-Party Services
We share data with the following services only as necessary to operate the platform:
- Supabase - database and user authentication. Privacy Policy
- Apify - fetches publicly available metadata from Instagram, TikTok, YouTube, and Facebook URLs you submit. No login credentials are ever shared with Apify. Privacy Policy
- Anthropic (Claude) - processes video transcripts to generate scripts. Anthropic does not train models on API-submitted data. Privacy Policy
- Stripe - processes payments and stores billing information securely. We do not store your card details. Privacy Policy
- AssemblyAI - transcribes audio from videos you submit for script generation. Audio is not stored after transcription. Privacy Policy
- Supadata - fetches transcripts from Instagram Reels. Only the video URL is shared, no personal data.
- Google - OAuth for Google Docs integration, and Google Analytics for anonymised usage analytics
- Notion - used only if you choose to connect your workspace
- Resend - sends transactional emails on our behalf
6. Data Retention
- Your account and all associated content are retained for as long as your account is active
- If you delete your account, your personal data is permanently deleted within 30 days
- Anonymised analytics data may be retained for longer periods
7. Your Rights Under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your data (right to erasure)
- Restrict or object to certain types of processing
- Portability - receive your data in a structured, machine-readable format
- Withdraw consent for optional integrations at any time via your account settings
To exercise any of these rights, email info@creatostudio.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Cookies and Tracking
We use the following types of cookies:
- Strictly necessary cookies: Required to keep you logged in and the platform functional. These cannot be disabled.
- Analytics cookies (Google Analytics): Used to understand how visitors use the site, with IP addresses anonymised. These are only set after you give consent via the cookie banner.
On your first visit, we ask for your consent before loading any analytics cookies. You can withdraw consent at any time by clearing your browser's local storage or cookies. Declining analytics cookies does not affect your ability to use the platform.
9. Children
Creato Studio is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child under 13 has created an account, please contact us at info@creatostudio.io and we will delete it promptly.
10. International Transfers
Some of our third-party service providers operate outside the UK. Where this is the case, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or by displaying a notice on the platform. Your continued use of Creato Studio after changes are posted constitutes your acceptance of the updated policy.