Privacy Policy
Version: 1.2 | Effective Date: January 20, 2024

CleverCreator.ai (“we,” “us,” or “our”) is committed to protecting your privacy and complying with applicable data‑protection laws (e.g. GDPR, CCPA/CPRA, COPPA). This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data when you visit https://clevercreator.ai (the “Site”) or use our AI image‑generation and content‑creation Services (the “Services”).

1. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion).
Data Controller: The entity deciding “why” and “how” Personal Data is Processed (i.e., CleverCreator.ai).
Data Processor: Any third party Processing Personal Data on our behalf.
Data Subject: You, the individual whose Personal Data is Processed.

2. Policy Governance & Review
Owner: Chief Privacy Officer (contact@clevercreator.ai)
Review Cycle: Annually or upon material change
Versioning: Each update is version‑numbered and dated; prior versions are archived

3. Data Minimization & Purpose Limitation
We collect only the minimum Personal Data necessary for each purpose stated below. We will not repurpose your data without obtaining fresh consent or providing you with an appropriate notice.

4. Information We Collect

4.1 Information You Provide
Account Data: Name, email, password
Profile Details: Display name, profile photo, billing address, phone
Content & Inputs: Text prompts; uploaded images, audio, documents
Transaction Data: Payment method (via Stripe/PayPal), billing history
Communications: Support tickets, feedback, survey responses

4.2 Information Collected Automatically
Usage Data: Features used, session timestamps
Device & Log Data: IP address, browser type/version, device ID, OS
Cookies & Tracking: Cookies, web beacons, pixels, similar technologies

5. How We Use Your Information
Service Delivery & Improvement

Authenticate accounts, manage subscriptions
Generate and return AI‑created content
Diagnose issues and optimize performance
Communications

Transactional emails (account, billing)
Service updates and marketing (with consent)
Billing & Fraud Prevention

Process payments securely via third‑party processors
Monitor for unauthorized or abusive behavior
Research & Development

Analyze aggregated trends to build new features
Legal Compliance & Safety

Enforce Terms of Service
Respond to lawful requests from authorities

6. Legal Bases for Processing
Contractual Necessity: To fulfill subscriptions or purchases
Legitimate Interests: Security, service enhancement, fraud prevention
Consent: For marketing communications and non‑essential cookies (withdrawable at any time)
Legal Obligation: Compliance with laws and regulations

7. Automated Decision‑Making & Profiling
We do not engage in fully automated profiling that produces legal or similarly significant effects. Any AI recommendations are designed solely to enhance user experience.

8. Cookies & Consent Management
Essential Cookies: Required for login and core functionality
Analytics & Advertising Cookies: Only used with your opt‑in consent
Consent Management Platform (CMP): Manage your cookie preferences via our banner or at https://clevercreator.ai/cookie‑policy

9. Data Retention
Account & Billing Data: Active account + 7 years (legal/tax requirements)
Usage Logs & Cookies: Anonymized or deleted after 90 days
Support Records: Retained for 2 years

10. Third‑Party Vendors & Integrations
We engage only vetted vendors with strong security credentials (SOC 2, ISO 27001). All Data Processors sign a Data Processing Agreement incorporating Standard Contractual Clauses for cross‑border transfers.

Key Integrations:

Google Drive: Subject to Google’s Privacy Policy (https://policies.google.com/privacy)
OneDrive: Subject to Microsoft’s Privacy Statement (https://privacy.microsoft.com)
Payment Processors: Stripe/PayPal handle all payment data; we do not store card details

11. Vendor Risk Management & DPIAs
Due Diligence: Security questionnaires, on‑site or third‑party audits before onboarding
Data Protection Impact Assessments: Conducted for new high‑risk processing (e.g. novel AI features)

12. Business Continuity & Disaster Recovery
We maintain regular, encrypted backups and test our recovery procedures annually to ensure data availability and integrity in case of system failure.

13. Record‑Keeping & Accountability
We maintain internal Processing records (per GDPR Art. 30) and conduct annual privacy training for all employees handling Personal Data.

14. Cross‑Border Transfers & International User Notice
Your data may be transferred to the U.S., EU, or other jurisdictions. We protect transfers via:

EU Standard Contractual Clauses
Binding Corporate Rules (where applicable)
EU Representative:
[Name], [City], [Country] | contact@clevercreator.ai

15. Children’s Privacy & COPPA
Our Services are not directed to children under 13. We do not knowingly collect data from minors. If you believe we hold such data, please contact us for immediate deletion. For U.S. users, we comply with COPPA requirements.

16. Data Breach Notification
In the event of a confirmed data breach affecting your Personal Data, we will:

Notify affected users without undue delay (and within 72 hours if required).
Report to supervisory authorities as mandated.
Provide guidance on mitigation measures.

17. Your Rights
GDPR & CCPA/CPRA Rights

Access & Portability
Rectification
Erasure (“Right to be Forgotten”)
Restriction & Objection
Withdraw Consent
Opt‑Out of “Sale”: Click “Do Not Sell My Personal Information”
Non‑Discrimination: You will not face service penalties for exercising your privacy rights
To exercise any right, email contact@clevercreator.ai. We’ll acknowledge within 5 business days and resolve requests within 30 days.

18. CCPA/CPRA Addendum
California residents have additional rights, including:

Right to Know: Categories and sources of Personal Data collected
Right to Delete: As outlined above
Right to Opt‑Out of Sale & Non‑Discrimination: No service penalty for opting out

19. Legal Remedies & Dispute Resolution
Governing Law: New York, U.S.
Dispute Resolution: Users agree to first engage in good‑faith negotiation. If unresolved, disputes shall be submitted to binding arbitration under the rules of the American Arbitration Association.

20. Non‑Discrimination Statement
You will not be denied or have reduced access to our Services for exercising any of your privacy rights.

21. Updates to This Policy
Material changes will be communicated via email and a Site notice at least 30 days before they take effect. Continued use after changes indicates acceptance.

22. Contact Us
Chief Privacy Officer
Email: contact@clevercreator.ai
Response SLA: Acknowledge within 5 business days; resolve within 30 days