Privacy Policy

Creaeza LLC is a limited liability company registered in the United States, providing digital services including search engine optimisation (SEO), web development, app development, digital marketing and paid advertising, social media management, graphic design, and videography. We work with businesses across the US, UK and Australia, and provide white-label fulfilment services to partner agencies.

For the purposes of the EU and UK General Data Protection Regulation (GDPR), Creaeza LLC is the data controller of personal information collected through this website. Where we process data on behalf of our clients as part of delivering services, we act as a data processor or service provider (see Section 14).

This Privacy Policy applies to personal information we collect when you:

• Visit or interact with creaeza.com and any of its subdomains or landing pages;
• Fill in any form on our website, including contact, audit request, quote and intake forms;
• Communicate with us by email, phone, WhatsApp, social media or live chat;
• Engage us for services as a client, or are evaluated as a prospective client;
• Apply to work with us as a contractor or team member;
• Subscribe to any newsletter, resource or marketing communication we offer.

It does not apply to websites, applications or services operated by third parties, including our clients' websites, even where we built or manage them. Those are governed by their own privacy policies.

a) Information you provide directly

• Identity and contact data: name, company name, job title, email address, phone or WhatsApp number, country and time zone;
• Enquiry and project data: information you share in contact forms, intake questionnaires, discovery calls and briefs, including business goals, budgets, competitor details and website or account access where you choose to provide it;
• Billing data: billing entity, billing address, invoice email and payment references. Card payments are processed by our payment providers; we never store full card numbers;
• Communications: the content of emails, messages, call notes and meeting recordings (where you are notified and consent), plus testimonials and reviews you approve for publication.

b) Information collected automatically

• Device and usage data: IP address, browser type and version, operating system, device type, screen size, pages visited, time on page, referral source, and clicks;
• Cookie and pixel data: identifiers set by cookies and similar technologies described in Sections 6 and 7;
• Log data: standard server logs including access timestamps and error reports, used for security and performance.

c) Information from third parties

• Publicly available business information (your website, business listings, social profiles) when you enquire or when we research prospective clients;
• Analytics and advertising platforms (Google, Meta, TikTok, LinkedIn) that provide aggregated campaign and audience data;
• Referral partners who introduce you to us, limited to your name and contact details.

We use personal information to:

• Respond and propose: answer enquiries, run free audits you request, prepare proposals and quotes tailored to your business;
• Deliver services: perform contracts, manage projects, communicate progress, provide reports and hand over deliverables;
• Bill and account: issue invoices and receipts, process payments, maintain accounting records and comply with tax law;
• Operate and improve the site: measure performance, fix errors, understand which content is useful, and improve user experience;
• Market responsibly: send service updates and marketing you have opted into, measure campaigns, and show relevant ads (see Section 7);
• Protect and comply: secure our systems, prevent fraud and abuse, enforce agreements, and meet legal obligations.

We do not use your personal information for automated decision-making that produces legal or similarly significant effects.

Where EU or UK data protection law applies, we rely on the following legal bases:

Where we rely on consent, you can withdraw it at any time without affecting prior processing.

Cookies are small files stored on your device that help websites function and understand usage. We use the following categories:

Managing cookies

• Use our cookie banner (where shown) to accept or reject non-essential cookies;
• Adjust your browser settings to block or delete cookies at any time;
• Opt out of Google Analytics via the official browser add-on, and of personalised ads at youradchoices.com or youronlinechoices.eu.

Blocking essential cookies may affect how the site functions.

We use trusted third-party tools to measure and improve our marketing. These providers may process your data under their own policies:

• Google Analytics 4 and Google Ads (Google LLC): traffic measurement, conversion tracking and search advertising;
• Meta Pixel (Meta Platforms, Inc.): campaign measurement and audiences on Facebook and Instagram;
• TikTok Pixel (TikTok Inc.): campaign measurement on TikTok, where used;
• Google Search Console: aggregated search performance data (no personal profiles).

These tools may use cookies, pixels and similar identifiers as described in Section 6. Where required by law, they load only after you give consent. We configure analytics to avoid collecting more than we need, and we do not upload customer lists for ad targeting without a lawful basis.

We never sell your personal information. We share it only with:

• Service providers who help us operate: hosting and infrastructure, email and productivity tools, CRM, payment processors, e-signature, analytics and communication platforms, each bound by contractual confidentiality and data protection terms;
• Specialist contractors who support delivery under signed agreements containing confidentiality and data protection obligations consistent with this Policy;
• Professional advisers such as accountants, lawyers and insurers, where necessary;
• Authorities where required by law, court order or to protect rights, safety and security;
• A successor entity in the event of a merger, acquisition or sale of assets, subject to this Policy continuing to apply.

We are a US-based company with a remote team, so your information may be processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction.

Where we transfer personal data from the UK, EU/EEA or Australia, we protect it using:

• Contracts incorporating Standard Contractual Clauses (or the UK International Data Transfer Addendum) where applicable;
• Transfers to providers certified under recognised frameworks such as the EU-US Data Privacy Framework, where available;
• Technical and organisational safeguards described in Section 11.

We keep personal information only as long as needed for the purposes described in this Policy:

When data is no longer needed, we delete it securely or anonymise it.

We apply technical and organisational measures appropriate to the risk, including:

• Encryption in transit (TLS/SSL) across our website and tools;
• Credentials stored in an encrypted password manager, never in plain email or chat;
• Least-privilege access: team members and contractors access only what their role requires;
• Two-factor authentication on core systems and regular access reviews;
• Confidentiality and data protection obligations in every team and contractor agreement;
• Backups and tested recovery procedures for business-critical systems.

No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities where required by law, without undue delay.

If you are in the UK or EU/EEA (GDPR / UK GDPR)

• Access: request a copy of the personal data we hold about you;
• Rectification: correct inaccurate or incomplete data;
• Erasure: ask us to delete your data ("right to be forgotten");
• Restriction: limit how we process your data in certain circumstances;
• Portability: receive your data in a structured, machine-readable format;
• Objection: object to processing based on legitimate interests or to direct marketing at any time;
• Withdraw consent: where processing is based on consent;
• Complain: lodge a complaint with your supervisory authority, such as the ICO (UK) at ico.org.uk, or your local EU data protection authority.

If you are in California (CCPA/CPRA)

• Right to know what personal information we collect, use and disclose;
• Right to delete and right to correct personal information;
• Right to opt out of sale or sharing (we do not sell or share as defined by the CCPA);
• Right to non-discrimination for exercising any of these rights.

If you are in Australia (Privacy Act 1988)

• Right to access and correct your personal information under the Australian Privacy Principles;
• Right to complain to us first, and then to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if unresolved.

How to exercise your rights

Email contact@creaeza.com with the subject "Privacy Request". We may need to verify your identity before acting. We respond within 30 days (or sooner where the law requires), free of charge except where requests are manifestly unfounded or excessive.

We send marketing emails only where you have opted in, or where we have an existing business relationship and the law allows it. Every marketing email we send includes a working one-click unsubscribe link, our identity, and a way to contact us, consistent with CAN-SPAM, PECR (UK) and the Australian Spam Act.

• Unsubscribe at any time via the link in any email, or by emailing contact@creaeza.com;
• Opt-out requests are honoured promptly and suppressed permanently;
• Transactional messages (invoices, project updates, legal notices) are not marketing and will continue while we work together.

When delivering services such as website builds, SEO, analytics configuration, advertising management or social media management, we often access systems that contain personal data belonging to our clients' customers (for example a store's order data or a site's analytics).

• In these cases the client is the data controller and Creaeza acts as a data processor / service provider;
• We process such data only on the client's documented instructions, under our Master Service Agreement and a Data Processing Addendum available on request;
• We apply the same security standards described in Section 11, and delete or return client data at the end of the engagement as agreed;
• If you are an end user of a client's website or service, please direct privacy requests to that business; we will assist them in responding where required.

Our website and services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us at contact@creaeza.com and we will delete it promptly.

Our website may link to third-party websites, portfolios, social platforms or tools. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of every site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies or legal requirements. The "Last updated" date at the top shows the latest revision. For material changes, we will provide a prominent notice on this page or contact you directly where appropriate. Your continued use of the site after changes take effect constitutes acceptance of the updated Policy.