Privacy Policy
Introduction
Welcome to Creato ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform accessible at creato.biz.id and any related services.
By accessing or using Creato, you agree to the terms outlined in this Privacy Policy. If you do not agree with our policies and practices, please do not use our services. This policy is designed to be transparent and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Key Principle: We collect only the data necessary to provide and improve our services, and we process it lawfully, fairly, and transparently.
Information We Collect
We collect information to provide better services to our users. The types of information we collect include:
2.1 Personal Information You Provide
When you create an account, subscribe to our services, or interact with our platform, we may collect:
- Name, email address, and contact details
- Profile information including username, profile picture, and bio
- Payment information when processing transactions (processed securely through third-party payment providers)
- Communications you send to us, including support requests and feedback
- Content you create, upload, or share on the platform, including videos, comments, and messages
2.2 Information Collected Automatically
When you access our platform, certain information is collected automatically:
- Device information (device type, operating system, browser type and version)
- Log data (IP address, access times, pages viewed, links clicked, referring URLs)
- Usage data (video viewing history, engagement metrics, interaction patterns)
- Location data (approximate geographic location based on IP address)
- Cookies and similar tracking technologies (see our Cookies Policy below)
2.3 Information from Third-Party Sources
We may receive information about you from third parties, including:
- Social media platforms when you choose to link your accounts or sign in through them
- Analytics providers and advertising partners
- Business partners and service providers who integrate with our platform
- Publicly available sources for identity verification purposes
How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery
To provide, maintain, and improve our platform, including video hosting, streaming, content recommendations, and creator tools.
Account Management
To create and manage your account, process registrations, authenticate users, and handle account-related inquiries.
Communication
To send service updates, promotional content, newsletters, and respond to your support requests and feedback.
Monetization & Payments
To process payments, manage creator funds, distribute revenue, and prevent fraudulent transactions.
Safety & Security
To detect, investigate, and prevent fraud, abuse, and security threats. To enforce our Terms of Service.
Analytics & Improvement
To analyze usage patterns, conduct research, and develop new features and services to enhance your experience.
Data Sharing & Third Parties
We do not sell your personal information. However, we may share your data with the following categories of third parties under strict contractual obligations:
- Service Providers: Trusted third-party companies that perform services on our behalf, such as cloud hosting, payment processing, content delivery, and analytics. These providers are contractually bound to use your data only for the services they perform for us.
- Business Partners: Partners with whom we may offer joint services or promotions. We will notify you before your data is shared in these circumstances.
- Legal Compliance: When required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Creato, our users, or the public.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
- With Your Consent: We may share your information with third parties when you give us explicit permission to do so.
Our Commitment: All third-party service providers are required to implement appropriate data protection measures and are prohibited from using your personal data for their own purposes.
Data Security
We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:
- Encryption of data in transit using TLS/SSL protocols and data at rest using AES-256 encryption
- Regular security audits and penetration testing of our infrastructure
- Access controls and authentication mechanisms to restrict data access to authorized personnel only
- Continuous monitoring of our systems for suspicious activity and potential vulnerabilities
- Employee training on data protection best practices and security awareness
- Incident response procedures to promptly address any data breaches or security incidents
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:
- Account Data: Retained for the duration of your account and for up to 2 years after account closure, unless you request earlier deletion.
- Transaction Records: Retained for a minimum of 7 years to comply with financial and tax obligations.
- Usage & Log Data: Retained for up to 12 months for analytics and security purposes.
- Communication Records: Retained for up to 3 years to handle inquiries and improve our services.
When personal data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies. You may request earlier deletion of your data by contacting us at privacy@creato.biz.id.
Your Rights
Depending on your location, you may have certain rights regarding your personal data under applicable privacy laws.
GDPR Rights (European Economic Area)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
Right of Access
You have the right to request a copy of the personal data we hold about you and information about how it is processed.
Right to Rectification
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure
You have the right to request the deletion of your personal data, also known as the "right to be forgotten," subject to certain conditions.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data under certain circumstances.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
Right to Object
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
CCPA Rights (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is being collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell your personal information. To exercise any of these rights, please contact us at privacy@creato.biz.id.
To exercise any of your rights, please contact our Data Protection Team at privacy@creato.biz.id. We will respond to your request within 30 days.
Cookies Policy
Creato uses cookies and similar tracking technologies to enhance your experience on our platform. Cookies are small text files stored on your device that help us remember your preferences, analyze usage patterns, and deliver personalized content.
Types of Cookies We Use
- Essential Cookies: Required for the platform to function properly. These enable core features such as authentication and security. You cannot opt out of these cookies.
- Analytics Cookies: Help us understand how users interact with our platform by collecting anonymous usage statistics. This data helps us improve our services.
- Functional Cookies: Remember your preferences (such as language and region) to provide a more personalized experience.
- Advertising Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns.
Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our platform. For more information on managing cookies, visit your browser's help section or visit www.allaboutcookies.org.
Children's Privacy
Creato is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).
If we become aware that we have inadvertently collected personal data from a child under 13 without verified parental consent, we will take steps to delete that information as quickly as possible. If you believe that a child has provided us with personal information, please contact us immediately at privacy@creato.biz.id.
Parental Guidance: We encourage parents and guardians to monitor their children's online activities and help enforce our privacy policy by instructing their children not to provide personal information without their permission.
International Data Transfers
Creato operates globally, and your personal information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your country.
When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by relevant data protection authorities
- Binding Corporate Rules where applicable
- Other legal mechanisms as required by applicable law
By using our services, you consent to the transfer of your data to countries outside your region, including the United States and other jurisdictions where we or our service providers operate. For more information about international data transfers, please contact us at privacy@creato.biz.id.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through prominent notice on our platform, via email, or through other appropriate means.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. The "Last Updated" date at the top of this page indicates when this policy was most recently revised.
If you would like to review previous versions of this Privacy Policy, please contact us at privacy@creato.biz.id and we will provide them upon request.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us through any of the following channels:
Response Time: We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please mark your email accordingly and we will prioritize your request.