CR8OR AI Privacy Policy


Last Updated: 2nd August 2025

1. Introduction

CR8OR AI ("we," "our," or "the Service") is committed to protecting your privacy and ensuring the security of your data. This privacy policy explains how our AI-powered UGC generation platform handles your information and outlines your rights under UK data protection law.

Data Controller: Cr8ro Web LTD
Company Number: 14277608
Registered Office: 23 Chapel Lane, Wilmslow, England, SK9 5HW
Contact: james@cr8or.co.uk

2. Information We Collect and Process

2.1 Account Information

  • What: Email address, name, password, profile information

  • How: Provided during account registration and profile setup

  • Purpose: Account management and service provision

  • Storage: Securely stored on our servers with encryption

  • Legal Basis: Contract performance and legitimate interests

2.2 Product URL Data

  • What: Product URLs, product information, descriptions, images, reviews

  • How: Submitted by users for AI analysis and content generation

  • Purpose: To analyze products and generate relevant UGC scripts and content

  • Storage: Temporarily processed and may be cached for service optimization

  • Legal Basis: Contract performance and legitimate interests

2.3 Generated Content Data

  • What: AI-generated scripts, videos, images, audio files, and related content

  • How: Created by our AI systems based on your product information

  • Purpose: To provide the content generation service and allow downloads

  • Storage: Stored temporarily for access and download, with retention periods based on subscription type

  • Legal Basis: Contract performance

2.4 Usage and Analytics Data

  • What: Platform interactions, feature usage, generation requests, performance metrics

  • How: Automatically collected during platform use

  • Purpose: Service improvement, analytics, and feature optimization

  • Storage: Aggregated and anonymized where possible

  • Legal Basis: Legitimate interests in service improvement

2.5 Payment Information

  • What: Credit card details, billing information, transaction history

  • How: Collected via secure payment processors (Stripe, PayPal, etc.)

  • Purpose: Processing payments and subscription management

  • Storage: Payment details stored by certified payment processors, not directly by us

  • Legal Basis: Contract performance and legal obligations

2.6 Technical Data

  • What: IP address, browser type, device information, session data

  • How: Automatically collected during platform access

  • Purpose: Security, fraud prevention, and technical support

  • Storage: Log files retained for security and troubleshooting purposes

  • Legal Basis: Legitimate interests in security and service provision

2.7 Communication Data

  • What: Support tickets, feedback, correspondence with our team

  • How: Submitted through contact forms, email, or chat features

  • Purpose: Customer support and service improvement

  • Storage: Retained in our customer support systems

  • Legal Basis: Legitimate interests in customer service

3. How We Use Your Information

3.1 Service Provision

  • Generating AI-powered UGC content from your product URLs

  • Creating scripts, videos, images, and audio content

  • Providing account access and subscription management

  • Processing payments and managing credits

  • Delivering customer support

3.2 AI Model Training and Improvement

  • Anonymous Data Only: We may use anonymized, aggregated data to improve our AI models

  • No Personal Content: We do not use your specific product information or generated content to train models accessible to other users

  • Opt-Out Available: You may request exclusion from anonymous data analysis

3.3 Platform Analytics and Optimization

  • Analyzing platform usage to improve features

  • Monitoring performance and identifying technical issues

  • Understanding user preferences for service enhancement

  • Generating anonymized usage statistics

3.4 Communication and Marketing

  • Sending service-related notifications and updates

  • Providing customer support responses

  • Marketing communications (with consent where required)

  • Important service announcements and policy updates

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers who assist in:

  • Payment Processing: Stripe, PayPal, and other certified payment processors

  • Cloud Infrastructure: AWS, Google Cloud, or similar providers for hosting and storage

  • Customer Support: Help desk and communication tools

  • Analytics: Privacy-compliant analytics services

  • AI Services: Third-party AI APIs for content generation (with appropriate data protection agreements)

4.2 Legal Requirements

We may disclose information when required by:

  • Valid legal process or court orders

  • Compliance with applicable laws and regulations

  • Protection of our rights, property, or safety

  • Prevention of fraud or illegal activities

  • Cooperation with law enforcement investigations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 User Consent

We may share information with third parties when you provide explicit consent for specific purposes.

5. Data Retention

5.1 Account Data

  • Active Accounts: Retained while your account remains active

  • Closed Accounts: Deleted within 90 days of account closure, except where legal retention is required

5.2 Generated Content

  • Free Users: Generated content stored for 30 days

  • Paid Users: Generated content stored according to subscription plan (typically 90 days to 1 year)

  • User Deletion: You may delete individual generated content at any time

5.3 Analytics and Logs

  • Usage Data: Anonymized analytics retained for 2 years for service improvement

  • Security Logs: Retained for 1 year for security and fraud prevention

  • Support Data: Retained for 3 years for quality assurance and legal compliance

6. International Data Transfers

We may transfer your data outside the UK and EEA to:

  • Cloud service providers with appropriate safeguards

  • AI service providers with data protection agreements

  • Payment processors with adequate protection levels

We ensure adequate protection through:

  • Standard Contractual Clauses: EU-approved data transfer agreements

  • Adequacy Decisions: Transfers to countries with adequate protection levels

  • Appropriate Safeguards: Technical and organizational measures for data protection

7. Your Rights Under UK GDPR

7.1 Access and Information

  • Right to Access: Request information about data processing and obtain a copy of your data

  • Right to Information: Understand how and why we process your data

7.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete data

  • Right to Erasure: Request deletion of your data in certain circumstances

  • Right to Restriction: Limit processing in specific situations

7.3 Data Portability and Objection

  • Right to Portability: Receive your data in a portable format

  • Right to Object: Object to processing based on legitimate interests

  • Marketing Opt-Out: Unsubscribe from marketing communications at any time

7.4 Exercising Your Rights

To exercise these rights, contact us at: james@cr8or.co.uk

We will respond within one month and may request identity verification for security purposes.

8. Security Measures

8.1 Technical Safeguards

  • Encryption: Data encrypted in transit and at rest

  • Access Controls: Role-based access with multi-factor authentication

  • Network Security: Firewalls, intrusion detection, and monitoring systems

  • Regular Updates: Security patches and system updates applied promptly

8.2 Organizational Measures

  • Staff Training: Regular privacy and security training for all personnel

  • Data Minimization: Collection and processing limited to necessary purposes

  • Incident Response: Procedures for identifying and responding to security breaches

  • Vendor Management: Due diligence and contracts for all third-party providers

8.3 AI-Specific Security

  • Model Protection: AI models secured against unauthorized access or extraction

  • Content Isolation: User-generated content isolated between accounts

  • Processing Security: Secure processing pipelines for AI generation tasks

9. Cookies and Tracking

9.1 Cookie Usage

We use cookies and similar technologies for:

  • Essential Functions: Login sessions, security, and core functionality

  • Analytics: Understanding platform usage and performance

  • Preferences: Remembering your settings and preferences

9.2 Cookie Controls

  • Browser Settings: Configure cookie preferences in your browser

  • Opt-Out: Disable non-essential cookies through our cookie settings

  • Third-Party Cookies: Some analytics services may use their own cookies

10. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we discover that we have collected information from a minor, we will delete it promptly.

11. Changes to This Policy

11.1 Updates

We may update this Privacy Policy periodically to reflect:

  • Changes in our services or business practices

  • Legal or regulatory requirements

  • Security enhancements or new technologies

11.2 Notification

Material changes will be communicated through:

  • Email notification to registered users

  • Prominent notice on our platform

  • Updated "Last Updated" date on this policy

11.3 Continued Use

Continued use of the Service after policy changes constitutes acceptance of the updated terms.

12. Contact Information

12.1 Data Protection Queries

Email: james@cr8or.co.uk
Company: Cr8ro Web LTD
Address: 23 Chapel Lane, Wilmslow, England, SK9 5HW

12.2 Regulatory Authority

If you have concerns about our data handling practices, you may contact:

Information Commissioner's Office (ICO)
Phone: 0303 123 1113
Website: ico.org.uk
Live Chat: ico.org.uk/livechat

13. Lawful Basis Summary

Purpose

Data Categories

Legal Basis

Account management

Account information, payment data

Contract performance

Content generation

Product URLs, generated content

Contract performance

Service improvement

Usage data, analytics

Legitimate interests

Customer support

Communication data, technical data

Legitimate interests

Security and fraud prevention

Technical data, usage patterns

Legitimate interests

Marketing communications

Contact information

Consent (where required)

Legal compliance

All categories as required

Legal obligation

14. Data Processing Principles

We process personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: Processing based on valid legal grounds with clear communication

  • Purpose Limitation: Data used only for specified, legitimate purposes

  • Data Minimization: Collection limited to what is necessary

  • Accuracy: Data kept accurate and up to date

  • Storage Limitation: Retained only as long as necessary

  • Integrity and Confidentiality: Appropriate security measures implemented

  • Accountability: Demonstrable compliance with data protection principles

By using CR8OR AI, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

CR8OR AI Privacy Policy


Last Updated: 2nd August 2025

1. Introduction

CR8OR AI ("we," "our," or "the Service") is committed to protecting your privacy and ensuring the security of your data. This privacy policy explains how our AI-powered UGC generation platform handles your information and outlines your rights under UK data protection law.

Data Controller: Cr8ro Web LTD
Company Number: 14277608
Registered Office: 23 Chapel Lane, Wilmslow, England, SK9 5HW
Contact: james@cr8or.co.uk

2. Information We Collect and Process

2.1 Account Information

  • What: Email address, name, password, profile information

  • How: Provided during account registration and profile setup

  • Purpose: Account management and service provision

  • Storage: Securely stored on our servers with encryption

  • Legal Basis: Contract performance and legitimate interests

2.2 Product URL Data

  • What: Product URLs, product information, descriptions, images, reviews

  • How: Submitted by users for AI analysis and content generation

  • Purpose: To analyze products and generate relevant UGC scripts and content

  • Storage: Temporarily processed and may be cached for service optimization

  • Legal Basis: Contract performance and legitimate interests

2.3 Generated Content Data

  • What: AI-generated scripts, videos, images, audio files, and related content

  • How: Created by our AI systems based on your product information

  • Purpose: To provide the content generation service and allow downloads

  • Storage: Stored temporarily for access and download, with retention periods based on subscription type

  • Legal Basis: Contract performance

2.4 Usage and Analytics Data

  • What: Platform interactions, feature usage, generation requests, performance metrics

  • How: Automatically collected during platform use

  • Purpose: Service improvement, analytics, and feature optimization

  • Storage: Aggregated and anonymized where possible

  • Legal Basis: Legitimate interests in service improvement

2.5 Payment Information

  • What: Credit card details, billing information, transaction history

  • How: Collected via secure payment processors (Stripe, PayPal, etc.)

  • Purpose: Processing payments and subscription management

  • Storage: Payment details stored by certified payment processors, not directly by us

  • Legal Basis: Contract performance and legal obligations

2.6 Technical Data

  • What: IP address, browser type, device information, session data

  • How: Automatically collected during platform access

  • Purpose: Security, fraud prevention, and technical support

  • Storage: Log files retained for security and troubleshooting purposes

  • Legal Basis: Legitimate interests in security and service provision

2.7 Communication Data

  • What: Support tickets, feedback, correspondence with our team

  • How: Submitted through contact forms, email, or chat features

  • Purpose: Customer support and service improvement

  • Storage: Retained in our customer support systems

  • Legal Basis: Legitimate interests in customer service

3. How We Use Your Information

3.1 Service Provision

  • Generating AI-powered UGC content from your product URLs

  • Creating scripts, videos, images, and audio content

  • Providing account access and subscription management

  • Processing payments and managing credits

  • Delivering customer support

3.2 AI Model Training and Improvement

  • Anonymous Data Only: We may use anonymized, aggregated data to improve our AI models

  • No Personal Content: We do not use your specific product information or generated content to train models accessible to other users

  • Opt-Out Available: You may request exclusion from anonymous data analysis

3.3 Platform Analytics and Optimization

  • Analyzing platform usage to improve features

  • Monitoring performance and identifying technical issues

  • Understanding user preferences for service enhancement

  • Generating anonymized usage statistics

3.4 Communication and Marketing

  • Sending service-related notifications and updates

  • Providing customer support responses

  • Marketing communications (with consent where required)

  • Important service announcements and policy updates

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers who assist in:

  • Payment Processing: Stripe, PayPal, and other certified payment processors

  • Cloud Infrastructure: AWS, Google Cloud, or similar providers for hosting and storage

  • Customer Support: Help desk and communication tools

  • Analytics: Privacy-compliant analytics services

  • AI Services: Third-party AI APIs for content generation (with appropriate data protection agreements)

4.2 Legal Requirements

We may disclose information when required by:

  • Valid legal process or court orders

  • Compliance with applicable laws and regulations

  • Protection of our rights, property, or safety

  • Prevention of fraud or illegal activities

  • Cooperation with law enforcement investigations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 User Consent

We may share information with third parties when you provide explicit consent for specific purposes.

5. Data Retention

5.1 Account Data

  • Active Accounts: Retained while your account remains active

  • Closed Accounts: Deleted within 90 days of account closure, except where legal retention is required

5.2 Generated Content

  • Free Users: Generated content stored for 30 days

  • Paid Users: Generated content stored according to subscription plan (typically 90 days to 1 year)

  • User Deletion: You may delete individual generated content at any time

5.3 Analytics and Logs

  • Usage Data: Anonymized analytics retained for 2 years for service improvement

  • Security Logs: Retained for 1 year for security and fraud prevention

  • Support Data: Retained for 3 years for quality assurance and legal compliance

6. International Data Transfers

We may transfer your data outside the UK and EEA to:

  • Cloud service providers with appropriate safeguards

  • AI service providers with data protection agreements

  • Payment processors with adequate protection levels

We ensure adequate protection through:

  • Standard Contractual Clauses: EU-approved data transfer agreements

  • Adequacy Decisions: Transfers to countries with adequate protection levels

  • Appropriate Safeguards: Technical and organizational measures for data protection

7. Your Rights Under UK GDPR

7.1 Access and Information

  • Right to Access: Request information about data processing and obtain a copy of your data

  • Right to Information: Understand how and why we process your data

7.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete data

  • Right to Erasure: Request deletion of your data in certain circumstances

  • Right to Restriction: Limit processing in specific situations

7.3 Data Portability and Objection

  • Right to Portability: Receive your data in a portable format

  • Right to Object: Object to processing based on legitimate interests

  • Marketing Opt-Out: Unsubscribe from marketing communications at any time

7.4 Exercising Your Rights

To exercise these rights, contact us at: james@cr8or.co.uk

We will respond within one month and may request identity verification for security purposes.

8. Security Measures

8.1 Technical Safeguards

  • Encryption: Data encrypted in transit and at rest

  • Access Controls: Role-based access with multi-factor authentication

  • Network Security: Firewalls, intrusion detection, and monitoring systems

  • Regular Updates: Security patches and system updates applied promptly

8.2 Organizational Measures

  • Staff Training: Regular privacy and security training for all personnel

  • Data Minimization: Collection and processing limited to necessary purposes

  • Incident Response: Procedures for identifying and responding to security breaches

  • Vendor Management: Due diligence and contracts for all third-party providers

8.3 AI-Specific Security

  • Model Protection: AI models secured against unauthorized access or extraction

  • Content Isolation: User-generated content isolated between accounts

  • Processing Security: Secure processing pipelines for AI generation tasks

9. Cookies and Tracking

9.1 Cookie Usage

We use cookies and similar technologies for:

  • Essential Functions: Login sessions, security, and core functionality

  • Analytics: Understanding platform usage and performance

  • Preferences: Remembering your settings and preferences

9.2 Cookie Controls

  • Browser Settings: Configure cookie preferences in your browser

  • Opt-Out: Disable non-essential cookies through our cookie settings

  • Third-Party Cookies: Some analytics services may use their own cookies

10. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we discover that we have collected information from a minor, we will delete it promptly.

11. Changes to This Policy

11.1 Updates

We may update this Privacy Policy periodically to reflect:

  • Changes in our services or business practices

  • Legal or regulatory requirements

  • Security enhancements or new technologies

11.2 Notification

Material changes will be communicated through:

  • Email notification to registered users

  • Prominent notice on our platform

  • Updated "Last Updated" date on this policy

11.3 Continued Use

Continued use of the Service after policy changes constitutes acceptance of the updated terms.

12. Contact Information

12.1 Data Protection Queries

Email: james@cr8or.co.uk
Company: Cr8ro Web LTD
Address: 23 Chapel Lane, Wilmslow, England, SK9 5HW

12.2 Regulatory Authority

If you have concerns about our data handling practices, you may contact:

Information Commissioner's Office (ICO)
Phone: 0303 123 1113
Website: ico.org.uk
Live Chat: ico.org.uk/livechat

13. Lawful Basis Summary

Purpose

Data Categories

Legal Basis

Account management

Account information, payment data

Contract performance

Content generation

Product URLs, generated content

Contract performance

Service improvement

Usage data, analytics

Legitimate interests

Customer support

Communication data, technical data

Legitimate interests

Security and fraud prevention

Technical data, usage patterns

Legitimate interests

Marketing communications

Contact information

Consent (where required)

Legal compliance

All categories as required

Legal obligation

14. Data Processing Principles

We process personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: Processing based on valid legal grounds with clear communication

  • Purpose Limitation: Data used only for specified, legitimate purposes

  • Data Minimization: Collection limited to what is necessary

  • Accuracy: Data kept accurate and up to date

  • Storage Limitation: Retained only as long as necessary

  • Integrity and Confidentiality: Appropriate security measures implemented

  • Accountability: Demonstrable compliance with data protection principles

By using CR8OR AI, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

Privacy Policies

Terms of Service

Privacy Policy

Blogs

Blogs

Services

AI UGC

AI Video Creation

AI Ad Creation

AI Phone Agents Demo

AI SMS

AI Ad Reporting (soon)

Designed and built with love • All rights reserved CR8OR Web LTD | Copyright© 2025

Try Now

Privacy Policies

Terms of Service

Privacy Policy

Blogs

Blogs

Services

AI UGC

AI Video Creation

AI Ad Creation

AI Phone Agents Demo

AI SMS

AI Ad Reporting (soon)

Designed and built with love • All rights reserved CR8OR Web LTD | Copyright© 2025

Try Now

Privacy Policies

Terms of Service

Privacy Policy

Blogs

Blogs

Services

AI UGC

AI Video Creation

AI Ad Creation

AI Phone Agents Demo

AI SMS

AI Ad Reporting (soon)

Designed and built with love • All rights reserved CR8OR Web LTD | Copyright© 2025

Try Now

Privacy Policies

Terms of Service

Privacy Policy

Blogs

Blogs

Services

AI UGC

AI Video Creation

AI Ad Creation

AI Phone Agents Demo

AI SMS

AI Ad Reporting (soon)

Designed and built with love • All rights reserved CR8OR Web LTD | Copyright© 2025

Try Now