Privacy Policy

Last updated: March 25, 2026

1. Information We Collect

When you sign up for CreatorRM, we collect your name, email address, organization name, and organization type. Payment information is collected and processed directly by Stripe — we never store your credit card details.

We also collect usage data to improve the service, including pages visited, features used, and performance metrics.

Location & Network Data: When you access CreatorRM, we automatically collect your IP address, approximate geographic location (country, region, city, timezone, and coordinates), and device information (browser type, operating system) from request headers provided by our infrastructure provider, Cloudflare. This data is used for security enforcement (blocking high-risk regions, detecting unauthorized access), device session management (limiting concurrent logins), platform analytics, and fraud prevention.

2. How We Use Your Information

We use your information to: provide and maintain the CreatorRM service, process payments, send service-related communications, and improve our platform. We do not sell your personal information to third parties.

3. Data Storage & Security

Your data is stored on Cloudflare's global network using D1 (SQLite), R2 (object storage), and KV (key-value) services. All data is encrypted in transit via TLS. Workspace data is isolated per-tenant — no other customer can access your workspace.

Authentication is handled via Cloudflare Access (Zero Trust) with JWT verification on every request.

4. AI Processing

CreatorRM uses AI models to provide features like content suggestions, transcription, and automated workflows. Your content is processed by Cloudflare Workers AI and may be processed by third-party AI providers (Together AI, Hugging Face) for specific features. AI inputs are anonymized before processing where applicable.

Your content is never used to train third-party AI models.

4b. Google Workspace & Google Drive Integration

CreatorRM integrates with Google Workspace APIs (Google Drive, Docs, Sheets, Slides, and Forms) to enable document import, creation, and management within your workspace. When you connect your Google account:

  • Scopes Requested: We request access to Google Drive (browse and manage files), Google Docs (create and edit documents), Google Sheets (create and edit spreadsheets), Google Slides (create and edit presentations), Google Forms (create forms and read responses). For the file picker only, we request read-only access to Google Drive.
  • Purpose: These permissions allow you to import files from Google Drive into your workspace for AI-powered analysis, generate documents (SOPs, strategies, reports) directly to your Google Workspace, and manage content production workflows.
  • Token Storage: Your Google OAuth access tokens and refresh tokens are encrypted using AES-256 encryption before being stored in our database. We never store your Google password.
  • Data Access: We only access Google files that you explicitly select through the file picker or that are created by CreatorRM on your behalf. We do not scan, index, or access other files in your Google account.
  • No Third-Party Sharing: Your Google data is never shared with third parties, used for advertising, or transferred to any entity outside of CreatorRM. Our use of Google data complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • Retention: Google-imported files are stored in your workspace for the duration of your account. Documents created by CreatorRM in your Google account remain in your Google account and are not affected by CreatorRM account deletion.
  • Revocation: You can disconnect your Google account at any time from your workspace settings. This immediately revokes our access and deletes stored tokens. You can also revoke access from your Google Account permissions page.

5. Data Retention

We retain your data for as long as your account is active. If you delete your workspace, it enters a 30-day archival period before permanent deletion. You can request immediate deletion by contacting us.

5b. Data Retention — Visitor Logs

Visitor location logs (IP address, geographic location, pages visited) are automatically deleted after 30 days. Audit logs containing geographic data are retained for the lifetime of your account for security compliance purposes.

6. Your Rights

You have the right to access, correct, or delete your personal data. You can export your data at any time through the dashboard. To exercise these rights, contact us at madhatter702@pm.me.

7. Cookies & Tracking

We use essential cookies for authentication and session management. We use Cloudflare Web Analytics for privacy-preserving usage analytics — no personally identifiable information is collected by our analytics.

Device & Session Tracking: We track active device sessions per account (limited to 6 concurrent devices) using a fingerprint derived from your IP address and browser type. Session data is automatically purged after 24 hours of inactivity.

Geographic Access Controls: We block access from certain high-risk countries for security purposes. Your country of origin is determined by Cloudflare's network infrastructure, not by GPS or precise device location.

8. Contact

For privacy questions or concerns, contact us at madhatter702@pm.me.