GDPR Compliance
Last updated: February 6, 2026
Last updated: February 6, 2026
CreatifyHQ is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK GDPR. This page explains our obligations and your rights as a data subject.
Our GDPR Commitment
We have implemented the following measures to ensure GDPR compliance:
- Data minimisation — we collect only what is necessary to provide the Service
- Purpose limitation — data is used only for the purposes stated in our Privacy Policy
- Storage limitation — data is retained only as long as necessary
- Data Processing Agreements (DPAs) with all sub-processors
- Regular internal reviews of data handling practices
Your Rights Under GDPR
- Right of access (Art. 15): Request a copy of your personal data
- Right to rectification (Art. 16): Correct inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your data
- Right to restriction (Art. 18): Limit how we process your data
- Right to portability (Art. 20): Receive your data in a portable format
- Right to object (Art. 21): Object to processing based on legitimate interests
- Rights related to automated decision-making (Art. 22): Not be subject to solely automated decisions with significant effects
To exercise any of these rights, email hello@creatifyhq.com or use our data deletion page. We will respond within 30 days.
Legal Basis for Processing
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you signed up for
- Legitimate interests (Art. 6(1)(f)): Analytics and fraud prevention
- Consent (Art. 6(1)(a)): Marketing emails — you can withdraw consent at any time
- Legal obligation (Art. 6(1)(c)): Compliance with financial regulations
Data Processing Agreement
Enterprise customers and partners who require a Data Processing Agreement (DPA) can request one by contacting hello@creatifyhq.com. We will provide a GDPR-compliant DPA within 5 business days.
International Data Transfers
We may transfer personal data outside the EEA to providers such as Railway (US), OpenAI (US), and Anthropic (US). Where we do so, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
Contact Our DPO
For data protection enquiries: hello@creatifyhq.com
Subject line: "Data Protection Enquiry"
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).