Privacy with the same standards as the product.

Cre8tors INC ("Cre8tors," "we," "our," or "us") operates the Cre8tors mobile application, the websites under the cre8tors.aidomain, and related services (together, the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we share it, and the rights and controls you have.

This policy applies to athletes, brands, representatives (agents, coaches, managers), and visitors to our websites — including anyone who submits a waitlist or beta application. It should be read together with our Terms of Service & EULA and our Child Safety Standards.

We collect information you provide directly when you create an account, build your profile, submit a waitlist or beta access application, upload content, message other users, or contact us:

• Identity and contact details — name, email address, phone number, date-of-birth attestation (Cre8tors requires users to be at least 13), a parent or guardian email for users under 18, and the identity returned by Sign in with Apple or Google when you authenticate.
• Profile details — sports, school, graduation year, interests, bio, profile photo, and the social handles you submit (Instagram, TikTok, X, Snapchat).
• Content — photos, videos, posts, comments, likes, and direct messages you create or share on the Service.
• Payout and tax information — if you enroll in monetization, our payment processor (Stripe) collects the identity, bank, and tax details required to verify you and pay you. Cre8tors does not store full bank account or card numbers on its own servers.
• Communications — support requests, contact-form submissions, and survey responses.

When you use the Service we automatically collect a limited set of technical data needed to operate, secure, and improve it:

• Device and app data — device model, operating system and version, app version, language, time zone, and push notification tokens.
• Usage data — interactions with features, screens viewed, and content engagement, used for analytics and to improve the product.
• Diagnostics — crash reports and performance logs (for example via Firebase Crashlytics and similar error-reporting tools) so we can find and fix problems.
• Integrity signals — attestation data used by Firebase App Check to confirm requests come from a genuine app build, protecting the platform against abuse.

We do not collect precise GPS location, and we do not use third-party advertising trackers in the app or on this site.

Cre8tors lets you link the social accounts you already use — Instagram, TikTok, X, and Snapchat — so the platform can publish on your behalf and visualize your reach. When you connect an account:

• We receive the access credentials (OAuth tokens) issued by that platform, your handle, and the profile and audience metrics the platform makes available (for example follower counts and post performance).
• We use those metrics to power features like your clout index, valuation tools, and brand discovery.
• We publish to a connected platform only when you ask us to — directly or through an automation you have explicitly approved.
• You can disconnect a platform at any time from in-app settings (Account Center → Linked accounts), which revokes our access and deletes the stored tokens. You can also revoke access from the social platform's own settings.

Your use of each connected platform remains governed by that platform's own terms and privacy policy.

The Cre8tors mobile app reads a small set of athletic activity metrics from Apple HealthKit on iOS or Google Health Connect on Android — specifically steps, exercise sessions, resting heart rate, and active energy burned — for the sole purpose of displaying these statistics within the app's athlete profile screen.

• Read-only. We never write data back to HealthKit or Health Connect.
• On-device only. Health data is read on demand when you open your athlete profile, displayed inside the app, and never transmitted to Cre8tors servers, persisted, or backed up to the cloud by us.
• No third-party sharing. Health data is never shared with advertisers, analytics providers, partner brands, or any other third party.
• Not used for advertising or scoring. Health metrics are not used for ad targeting, athlete value scoring, NIL valuation, or any decision-making process.
• Revocable at any time.Revoke Cre8tors' access via your device's system settings — Settings → Health → Data Access & Devices → Cre8tors on iOS, or Settings → Apps → Health Connect → App permissions → Cre8tors on Android.

We use the information we collect to:

• Provide, maintain, secure, and improve the Service.
• Review and manage waitlist and beta access applications.
• Operate athlete, brand, and representative experiences — including discovery, matching, and opportunity recommendations.
• Process transactions, payouts, and related communications.
• Send service updates, approval emails, security notices, and support responses.
• Detect, investigate, and prevent fraud, abuse, and violations of our Terms and Child Safety Standards.
• Comply with legal obligations.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (operating your account and the features you use), legitimate interests (securing and improving the Service, preventing abuse), consent (optional connections like social platforms and health data, which you can withdraw at any time), and legal obligation (tax, compliance, and safety reporting).

Cre8tors includes AI-powered features — such as the athlete digital twin, content suggestions, and brand–athlete matching. Here is how your data is handled when those features run:

• Local first. Where possible, AI features run on-device. Heavier requests are processed by cloud models hosted on Google Cloud (Vertex AI) under data-processing agreements.
• Scoped inputs. AI features process the profile details, content, and connected-platform metrics needed for the specific task you (or an automation you approved) initiated.
• No third-party model training. We do not allow our cloud AI providers to use your content or personal information to train their general-purpose models.
• You stay in control. Agent-style actions that post or apply on your behalf require your explicit approval before they execute.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising (as those terms are defined under the CCPA/CPRA). We share personal information only:

• With service providers acting on our behalf under contract — including Google (Firebase and Google Cloud: authentication, database, storage, push notifications, analytics, crash reporting, AI processing), Stripe (identity verification and payouts), and email-delivery providers.
• With other users, at your direction — your public profile and posts are visible to other users of the Service; applying to a brand opportunity shares your relevant profile and metrics with that brand.
• With connected platforms, at your direction — when you publish to a linked social account.
• For legal reasons — to comply with law, valid legal process, or enforceable governmental requests; to enforce our Terms; or to protect the rights, safety, and property of Cre8tors, our users, or the public (including mandatory CSAM reporting to NCMEC under 18 U.S.C. § 2258A).
• In a business transfer — if Cre8tors is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to this policy.

Our websites and app use a small set of strictly necessary technologies: authentication state and session storage (Firebase Authentication), security and anti-abuse attestation (Firebase App Check), and basic first-party analytics. We do not use third-party advertising cookies, and we do not run cross-site tracking.

Because we do not sell or share personal information for advertising, there is no "sale/share" to opt out of; browser-level signals such as Global Privacy Control do not change how we already treat your data.

We keep personal information only as long as your account is active or as needed to provide the Service. When you delete your account, deletion is processed immediately as described below. We retain a narrow set of anonymized records past account deletion only where we have a legal obligation:

• NIL compliance disclosures and ledger entries (NCAA and state NIL retention rules).
• Job and opportunity application history (contract records).
• Tax-relevant payout records.

These records are stripped of your name and photo before retention.

Depending on where you live, you may have some or all of the following rights over your personal information:

• Access / to know — request a copy of the personal information we hold about you.
• Correction — fix inaccurate information (most profile details can be edited directly in the app).
• Deletion / erasure — delete your account and personal data (GDPR Art. 17; CCPA §1798.105), self-service and immediate, as described in the next section.
• Portability — receive your data in a usable format.
• Objection / restriction — object to or restrict certain processing based on legitimate interests.
• Withdraw consent — disconnect social platforms or revoke health-data access at any time, without affecting the lawfulness of prior processing.
• Non-discrimination — we will never penalize you for exercising a privacy right.

To exercise any right that is not self-service, contact us via the support center or at support@cre8tors.ai. We verify requests using your authenticated account or equivalent proof of identity, respond within the timelines required by law, and you may appeal a decision by replying to our response. EU/UK residents may also lodge a complaint with their local supervisory authority.

We use technical and organizational safeguards designed to protect your information — including encryption in transit, role-based access rules enforced at the database layer, app attestation (App Check), and least-privilege access for our team. No system is perfectly secure, but protecting user trust is built into how we operate Cre8tors. If we learn of a breach affecting your personal information, we will notify you and regulators as required by law.

Cre8tors is operated from the United States, and the service providers listed above process data primarily in the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. Where required, we rely on appropriate safeguards for those transfers, such as the European Commission's Standard Contractual Clauses and our processors' participation in recognized transfer frameworks.

Cre8tors is a 13+ platform. We do not knowingly collect personal information from children under 13, and accounts found to be held by children under 13 are removed (COPPA). For users aged 13–17 we collect a parent or guardian email during onboarding, and guardian consent is required before a minor can enter an NIL deal. If you believe a child under 13 has provided us personal information, contact safety@cre8tors.ai and we will delete it.

Cre8tors maintains separate Child Safety Standards describing our policy and procedures around child sexual abuse and exploitation (CSAE), in line with Google Play's Child Safety Standards Policy and applicable law. Reports of CSAE can be filed in-app under Report → Child sexual abuse / exploitation, or by emailing safety@cre8tors.ai.

We may update this Privacy Policy as the product and the regulatory environment evolve. The "Last Updated" date at the top reflects the most recent change. For material changes, we will give you notice in the app or by email before the change takes effect.