Legal Document

Privacy Policy

We built Kreato to help creators move fast — not to profit from your data. Here's exactly what we collect, why, and how we protect it.

Effective: May 11, 2025
Last Updated: May 12, 2025
Jurisdiction: India (IT Act 2000)
01

Who We Are

Kreato ("we," "our," or "us") is an AI-powered creative commerce platform designed for independent sellers, print-on-demand creators, and Etsy shop owners in India and beyond.

This Privacy Policy explains how Kreato collects, uses, stores, and protects your personal information when you use our website and services. By using Kreato, you agree to the practices described in this policy.

India-First:

Kreato operates under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

02

Information We Collect

We collect only the information necessary to provide and improve our services:

Account Data

  • Name and email address
  • One-way hashed passwords
  • Plan type and billing details

Usage Data

  • Product images uploaded
  • AI outputs (titles, tags, etc)
  • Shop profiles and preferences
03

How We Use Your Data

We use your information strictly to operate and improve Kreato:

PurposeData UsedLegal Basis
AI Content GenerationImages, ProfileContract
AuthenticationEmail, PasswordContract
Platform SecurityIP, Usage LogsLegitimate Interest
04

API Keys & Third-Party AI

Kreato integrates with third-party AI services. Here is exactly how API keys are handled:

Your API key is yours.

If you provide your own API key, it is encrypted at rest using AES-256-GCM. It is used only to make API calls on your behalf and is never used to train models. Note: Daily usage is still counted against the Beta quota for analytics and anti-abuse purposes.

We recommend reviewing the privacy policies of our AI providers:

Anthropic PrivacyGoogle Privacy
05

Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

  • AI Providers: Anthropic and Google to process your AI requests.
  • Infrastructure: We use Vercel for hosting and Clerk for authentication.
  • Legal: To comply with law or protect rights and safety.
06

Data Retention

Data TypeRetention Period
Account DataDuration of account + 30 days
Project History24 hours (Free Beta) / Until user deletion (Pro)
Payment Records7 years (Indian Law)
07

Security

We take industry-standard measures to protect your information:

  • All data is encrypted via TLS/HTTPS during transmission.
  • Passwords are hashed — we cannot retrieve your original password.
  • API keys are handled in memory and never stored in plain text.

No system is 100% secure. If you suspect a breach, please contact us immediately.

08

Your Rights

Access

Request a copy of the data we hold.

Correction

Ask us to correct inaccurate data.

Deletion

Request your account and data deletion.

Portability

Request your data in machine-readable format.

09

Cookies

Essential Cookies Only

Kreato uses minimal cookies for authentication and session management. We do not use advertising or tracking cookies.

10

Children's Privacy

Kreato is not intended for children under 13. We do not knowingly collect personal data from children under 13. Users between 13 and 18 should use the platform only with parent/guardian supervision.

11

Policy Updates

Staying Informed

We update this policy as our practices or legal requirements change. Material changes will be notified via email or a prominent notice on the dashboard. Your continued use after updates constitutes acceptance.