CreatifyHQ is committed to full compliance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This page details your rights and our obligations.
Last updated: April 9, 2026
Contents
CreatifyHQ takes data protection seriously. This page explains our compliance with Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and related data protection legislation. If you are based in the EU, EEA, or UK, this page is particularly relevant to you. All rights described here are available to you regardless of where you are located — we apply the same standards globally.
GDPR applies to you if:
UK GDPR (post-Brexit UK data protection law) applies if you are based in the United Kingdom.
Even if GDPR technically does not apply to you (for example, if you are in the US or Canada), CreatifyHQ applies GDPR-equivalent protections to all users as our global baseline standard.
CreatifyHQ has implemented the following specific measures to achieve and maintain GDPR compliance:
Under GDPR Article 5, personal data must be processed in accordance with six core principles. Here is how CreatifyHQ upholds each one:
| Principle | How CreatifyHQ Upholds It |
|---|---|
| Lawfulness, fairness, and transparency | We have a clear legal basis for all processing; our Privacy Policy is plain-language and publicly available |
| Purpose limitation | Data is used only for the specific purposes stated — not repurposed for advertising, profiling, or sale |
| Data minimisation | We collect only what is necessary: name, email, content inputs. No unnecessary data collection. |
| Accuracy | Users can update their name and email at any time via Settings → Profile |
| Storage limitation | Clear retention periods are defined in our Privacy Policy; data is deleted after expiry or on request |
| Integrity and confidentiality | AES-256 encryption at rest, TLS in transit, bcrypt password hashing, JWT authentication, rate limiting |
GDPR grants EU/UK residents the following rights. CreatifyHQ honours all of these for every user worldwide:
You have the right to obtain a copy of all personal data we hold about you, and information about how we process it. To submit an access request, email [email protected] with the subject "Data Access Request (Art. 15)". We will respond within 30 days and provide a JSON export of your data free of charge.
You have the right to correct inaccurate personal data. You can update your name and email address directly in Dashboard → Settings → Profile. For other corrections, contact [email protected].
You have the right to request deletion of your personal data. This right applies when the data is no longer necessary for the original purpose, when you withdraw consent, or when the processing was unlawful. See our Data Deletion page for full instructions, including self-service deletion via Settings → Security → Delete Account.
You have the right to request that we restrict our processing of your data in certain circumstances — for example, while you contest the accuracy of data, or while an objection is being assessed. Contact [email protected] to request restriction.
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON), and to transmit it to another controller. To request a data export, email [email protected] with the subject "Data Portability Request (Art. 20)".
You have the right to object to processing based on legitimate interests (e.g., analytics, platform improvement). If you object, we will cease that processing unless we can demonstrate compelling legitimate grounds that override your interests. Contact [email protected].
You have the right not to be subject to decisions made solely by automated processing that have significant legal or similarly significant effects on you. CreatifyHQ does not use solely automated decision-making with such effects. Our AI generates content at your direction — all publishing decisions are made by you.
Where processing is based on consent (e.g., voice profile training, marketing emails), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw consent via Settings or by emailing [email protected].
We rely on the following legal bases under GDPR Article 6 for our processing activities:
For the full processing activity register and legal basis per activity, see our Data Processing page.
We operate from the United States. When we transfer personal data from the EU/EEA or UK to the US (or other countries outside the EEA/UK), we ensure appropriate safeguards are in place as required by GDPR Chapter V:
You may request copies of the SCCs applicable to specific sub-processors by emailing [email protected].
If you are using CreatifyHQ in a business context (B2B) and process your end-users' or customers' personal data through our platform, you may be acting as a data controller and CreatifyHQ as your data processor. In this case, a formal DPA may be required under GDPR Article 28.
To request a DPA:
Our DPA includes GDPR Article 28 requirements, SCCs for international transfers, and our sub-processor list with corresponding safeguards.
Under GDPR, special protections apply to children's data. The threshold in GDPR Article 8 is age 16 (member states may lower this to age 13). CreatifyHQ sets the minimum age for all users at 16 years globally.
We do not knowingly collect personal data from anyone under 16. If you are aware that a child under 16 has created a CreatifyHQ account, please contact us immediately at [email protected] and we will delete the account promptly.
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority. You do not need to contact us first, though we encourage you to do so as most issues can be resolved quickly.
For all GDPR-related enquiries, data subject requests, or to request a DPA:
Questions about GDPR?
Email us at [email protected] or visit our contact page. We aim to make compliance easy and transparent.