Privacy Policy
Last updated: May 15, 2026
At CREATEAWITY.art, we are committed to protecting your privacy and being transparent about how we collect, use, and protect your information.
1. Information We Collect
Account Information
When you register, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your public profile information (name, email, profile picture) as permitted by your Google account settings.
Usage Data
We automatically collect information about how you interact with our platform, including the AI services you use, images you process, prompts you create, and features you access. This helps us improve our services.
Payment Information
Payment transactions are processed securely by Razorpay. We do not store your full card details. We retain only transaction identifiers, amounts, and subscription status necessary for billing.
Device & Technical Data
We collect browser type, operating system, IP address, and device identifiers for security, analytics, and to ensure platform compatibility.
2. How We Use Your Information
Service Delivery
We use your information to provide, maintain, and improve our AI image editing services, process your requests, and manage your account and subscriptions.
Communications
We may send transactional emails (account confirmations, payment receipts, service updates). You can opt out of marketing communications at any time.
Security & Fraud Prevention
We analyse usage patterns to detect and prevent abuse, fraudulent activity, and unauthorised access to your account.
Analytics & Improvements
Aggregated, anonymised usage data helps us understand how our platform is used and where we can improve the experience.
3. Your Images & Content
Ownership
You retain full ownership of all images you upload and outputs you generate on our platform. We do not claim any intellectual property rights over your content.
How We Store Your Images
Your uploaded inputs and generated outputs are stored on a secure content-delivery network so you can access them from your History and so organization members can collaborate on shared work. Storage continues for as long as your account is active, unless you delete the image yourself from your History or your organization administrator deletes it on your team's behalf.
Processing by AI Providers
To generate or transform your image, your input image (if any) and prompt are sent to a trusted third-party AI service provider. Which provider serves a given request depends on the service you choose and our internal routing rules, which we tune over time for quality, latency, and reliability. Inputs are sent under each provider's data-processing terms and are not retained by them beyond the duration of the request, per their published API policies. A current list of named subprocessors is available on written request to our Grievance Officer (see section 12).
No Training on Your Data
We do not use your uploaded images or generated outputs to train our or any third-party AI models. Our AI providers' API terms also restrict use of inputs for model training; we have selected providers whose policies align with this commitment and we review these policies periodically.
Authorized Staff Access
Our authorized staff (Platform Administrators and Super Administrators) may access your uploaded and generated images when necessary for customer support, investigation of reported abuse or policy violations, diagnosing platform bugs you have reported, or complying with a valid legal request. Every such access is recorded in an internal audit log with the staff member's identity, the timestamp, and the reason. The log is reviewed periodically by our Super Administrator. You may request a report of any staff access to your data by contacting our grievance officer (see section 12).
History
Your generation history is stored to provide the History feature in your account. You can delete individual outputs or entire jobs from your History at any time.
4. Data Sharing & Third Parties
We Do Not Sell Your Data
We never sell, rent, or trade your personal information to third parties for their marketing purposes.
Categories of Subprocessors
We rely on a small number of trusted service providers to operate the platform. Each is contractually bound to protect your data and to use it solely to provide their service to us. The categories we use are: cloud infrastructure and managed database (primary hosting in Central India for data-residency), a content-delivery network for image storage, third-party AI service providers for image generation and editing, an email-delivery provider for transactional and marketing email, and analytics tooling.
Payment Processors (Named)
Because you interact directly with their checkout flow, we name our payment processors explicitly: Razorpay handles payments made on the web. Google Play Billing handles in-app purchases on Android. Both are bound by their own published privacy policies in addition to our agreements with them.
Analytics (Named)
When you accept analytics cookies, we use Google Analytics 4 to understand anonymized product usage. The associated cookies (such as _ga, _gid) are visible to you in your browser tools. You can opt out at any time from the Cookie Preferences card at the bottom of this page, and analytics is disabled until you accept.
Full Subprocessor List on Request
A current and complete list of our named subprocessors — including the specific cloud, AI, storage, and email providers we use — is available on written request to our Grievance Officer (see section 12). We update this internal list whenever a subprocessor changes; material changes are notified to active users by email or by a prominent banner on the platform before they take effect.
Cross-Border Data Transfers
Some of our subprocessors process data outside India (primarily in the United States and the European Union). For users in the European Union or the United Kingdom, these transfers rely on applicable safeguards (such as Standard Contractual Clauses) provided by the respective providers. For users in India, transfers are made in compliance with the Digital Personal Data Protection Act, 2023.
Legal Requirements
We may disclose information when required by law, court order, or to protect the rights, property, or safety of our users or the public.
5. Data Retention
Account Data
Your account information (name, email, role, preferences) is retained for as long as your account is active. After account closure we keep minimal records for up to 90 days to handle billing reconciliation and abuse investigation, then anonymize or delete.
Uploaded Inputs and Generated Outputs
Images you upload and outputs we generate are retained while your account is active so you can access them from your History, unless you delete them yourself, your organization administrator deletes them on your team's behalf, or we remove them in response to a policy violation or legal action. After account closure all images are deleted within 90 days.
Conversation History (AI Agent)
Agent conversations and their messages are retained while your account is active. You can archive individual conversations or delete them entirely.
Transaction Records
Payment and transaction records are retained for 7 years as required by the Income Tax Act and other applicable financial regulations, even after account closure. Sensitive payment fields (such as card numbers) are never stored by us — they are handled exclusively by our payment providers.
Audit Logs
Internal audit logs (including records of authorized-staff access to your data) are retained for 3 years.
Email Records
Marketing email engagement data is retained while you remain subscribed, plus 6 months after unsubscribe to comply with anti-spam rules.
6. Security
Technical Safeguards
We implement industry-standard security measures including HTTPS encryption in transit, secure credential storage, access controls, and regular security reviews.
Breach Notification
In the event of a data breach that affects your personal information, we will notify you and relevant authorities within the timeframes required by applicable law.
7. Your Rights
Access & Correction
You have the right to access the personal information we hold about you and to request corrections to inaccurate data.
Deletion
You may request deletion of your account and associated personal data at any time by contacting us at support@createawity.art. We will process your request within 30 days.
Data Portability
You may request an export of your personal data in a machine-readable format.
Opt-Out
You may opt out of non-essential communications and certain data processing activities at any time from your account settings.
8. Cookies
Essential Cookies
We use essential cookies to maintain your session and authentication state. These are required for the platform to function and cannot be disabled.
Analytics Cookies
With your consent, we use analytics cookies to understand how our platform is used. You can control cookie preferences through your browser settings.
9. Children's Privacy
Age Requirement
Our platform is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not use the platform or submit any personal information. If you believe a child has provided us personal information, please contact our grievance officer (see section 12) and we will delete it.
Parental Consent
Where required by the Digital Personal Data Protection Act, 2023 and similar laws, processing of a child's personal data requires verifiable consent from a parent or lawful guardian. We do not currently offer a mechanism to obtain such consent, so the platform should not be used by anyone under 18.
10. Organization Workspaces
Shared Workspace Data
If you use our platform as part of an Organization workspace, your work within that workspace (generated images, prompts, AI Agent conversations attributed to the organization, and credits consumed from the organization's pool) is visible to your Organization Owner and Administrators through their admin dashboards and reports. Organization Owners may also export spending and usage data for their organization.
Leaving an Organization
If you leave or are removed from an organization, your prior organization-attributed work remains in the organization's records. Your future work is governed by your personal account.
Organization Agreements
Organizations on paid plans are bound by the organization-specific terms in our Terms of Service. Where required, we can sign a Data Processing Addendum with your organization on request to the grievance officer.
11. Changes to This Policy
Updates
We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice on our platform at least 14 days before the change takes effect. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us & Grievance Officer
Grievance Officer
For any privacy concerns, data-access or deletion requests, complaints, or to exercise your rights under applicable data-protection laws, please contact our Grievance Officer at support@createawity.art. We aim to respond within 7 business days.
General Privacy Questions
For general questions about this Privacy Policy or how we handle your data, you can also reach us at support@createawity.art.
Have questions about your privacy?
Contact Us