Sign Up

Login

Sign Up

Login

Sign Up

Login

Data Retention Policy

Data Retention Policy

Last updated on August 2025


Creator Studio – The Creator Alliance Pty Ltd
Suite 302, 13/15 Wentworth Ave, Sydney NSW 2000
Email: admin@creatoralliancegroup.com


Creator Studio is committed to respecting your privacy and only retaining personal data for as long as necessary. This Data Retention Policy explains what types of data we collect through our age-restricted (18+) AI content platform and how long each type of data is stored before deletion. We adhere to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other international privacy laws like the EU GDPR and California CCPA, which require that personal information is not kept longer than needed for its purpose. By using Creator Studio, you acknowledge that your data will be handled as described in this Policy. Our goal is to be transparent about our data practices so you can understand exactly what happens to your information over time.

Definitions

  • Personal Information: Has the meaning given in the Privacy Act 1988 (Cth) and comparable laws. In general, it refers to any information or opinion that identifies or could identify an individual (for example, a name, address, date of birth, etc.).

  • Data Retention Period: The time a type of data is kept before deletion.

  • Usage Logs: System records of platform activity, such as login events, device information, and error logs.

  • Moderation Record: A log of prompts, outputs, or user actions that were reviewed for compliance and safety (including any actions taken by us, like warnings or suspensions).

  • Verification Record: Our internal confirmation that age verification was completed (e.g. a flag in your account that you are verified).

  • Backup: Encrypted disaster-recovery copies of data that are periodically overwritten on a routine cycle.

Types of Data We Collect and Retain

Account Information

What it Includes: When you register and maintain an account, we collect information like your name, email address, username, and a hashed password. You may also provide profile details.

How Long We Keep It: We retain your account information for as long as your account is active on Creator Studio. This allows us to manage your login credentials, preferences, and any content or purchases associated with your account. If you update account details (for example, change your email), we might keep the prior information for a short period (e.g. to verify the change or for security audits), but we will not keep outdated information longer than necessary.

Inactive Accounts: If your account becomes completely inactive (no logins or activity) for an extended period, we may reach out via your registered email to confirm if you want to retain your account. If we decide to purge inactive accounts to conserve resources, we will provide notice and an opportunity for you to keep the account active. Otherwise, inactive accounts and their data may be deleted or anonymized after a prolonged period of inactivity (typically at least two years) in line with data minimisation best practices. This ensures we are not holding personal data indefinitely without purpose.

Age Verification Data

What it Includes: Because Creator Studio is an age-restricted platform (18+), we collect age verification data during sign-up to confirm you are an adult. This may include details like your date of birth and confirmation that a government ID or biometric check was performed.

How We Handle It: We do not store the actual images of your ID or any biometric data on our servers beyond the immediate verification process. Those sensitive details are handled by our trusted third-party verification provider and are not kept by us after verification is completed.

What We Retain: We retain a record that you were verified – for example, a flag in your profile indicating an "age verified" status, along with the date of verification and a reference ID or token from the verification service. We keep this verification record for as long as necessary to prove compliance with age-verification laws and so that you do not need to verify again as long as your account remains active. In practice, this means we keep the verification status for the life of your account.

Account Deletion: If you delete your account, we will delete the age verification status record as well (it will be removed along with your account data). The only exception would be if we are required by law to maintain proof that we verified users of the platform (for example, to demonstrate compliance during an audit). In such a case, we would retain a minimal verification log (with no sensitive personal details) only for the legally required period, and then delete it.

Usage Logs and Activity Data

What it Includes: Like most online services, Creator Studio automatically logs certain usage and activity data whenever you interact with the platform. This includes information such as timestamps of logins or actions, IP addresses and device/browser information, pages or API endpoints accessed, actions taken in the app (e.g. model selections, settings changes), and error reports if something goes wrong.

Why We Collect It: We use these logs for security monitoring (for example, to detect suspicious login patterns or unauthorized access attempts), for troubleshooting and improving our service (identifying bugs or performance issues), and to compile analytics about how users engage with Creator Studio.

Retention Period: Routine usage logs are generally retained for a limited period — typically 12 months — then automatically deleted or anonymized. A one-year window allows us to investigate incidents that might only come to light some time after they occur, without retaining data indefinitely. Some aggregated metadata may be retained longer for analytical purposes, but in those cases it is not personally identifiable (e.g. overall number of active users per month, or total content generated platform-wide, which contain no personal details).

Exceptions: If a particular log or record is identified as necessary for an ongoing investigation, legal matter, or enforcement of our Terms of Service (for example, data related to a specific abuse report or a security incident), we may retain that specific data beyond the normal 12-month period until the issue is resolved. Even in such cases, the data is only kept for the purpose of resolving the specific issue or fulfilling legal obligations and will be deleted when no longer required.

User Generated Content, Prompts, and Outputs

Prompts: When you input text prompts or descriptions to generate AI content, our system processes them in order to produce the output. We do not publish your prompts for others to see. Prompt data may be temporarily logged by our system for purposes of content moderation and service improvement. For example, we might log prompts to detect disallowed content or to analyze and enhance our AI models. These prompt logs are generally short-term and not stored long-term in a way tied to your identity. If a prompt violates our guidelines (e.g. a disallowed request), it may be flagged and retained alongside your account ID as part of a moderation record (see Moderation Records below). Otherwise, unflagged prompts are not maintained in identifiable form long-term.

Generated Outputs: The images, videos, or other media you generate are stored in your account (for example, in your personal gallery or history) so that you can view or download them later. By default, your generated content remains available in your account until you choose to delete it, or until you delete your account. We do not impose an automatic expiration on the content you create except in two cases:

  1. Inactive or Lapsed Subscription: If your subscription lapses or your account remains inactive for a very long time, we might remove stored content after notifying you. This would primarily be to free up storage space, especially for very old files that haven’t been accessed in years. We would give advance notice (e.g. via email) before removing any stored creations from an inactive account.

  2. Policy Violations: If any of your generated content is found to violate our Terms of Service or content guidelines (for example, content that is illegal or contraband), we may remove or disable access to that content as part of our enforcement actions. We will typically notify you if content you created is removed for policy violations, unless we are legally prevented from doing so.

Usage of Your Content: We do not use your personal generated content (prompts or outputs) to train our AI models or for any external purposes without your permission. Any internal use of user-generated data (such as developers reviewing an output to improve an algorithm or test the platform) is done in accordance with our Privacy Policy and usually in an anonymized manner. In general, unless a specific prompt or output is flagged for review (e.g. by our automated filters or a user report), your creative content is only stored for your own use and is not actively analyzed by us.

Deletion of User Content: If you choose to delete a specific piece of generated content from your account (for instance, delete an image in your gallery), it will be permanently deleted from our active systems and will no longer be accessible to you or anyone else. It may persist in our encrypted backups for a short period (see Data Deletion and Backup below), but will be overwritten in the normal backup rotation cycle.

Purchase and Payment Records

What it Includes: When you make a purchase through Creator Studio — for example, subscribing to a premium plan or buying AI generation tokens — we record details of the transaction. These records typically include the date of purchase, the product or service purchased (e.g. monthly subscription, token package), the amount paid, and a note of the payment method used. We do not store full payment details like full credit card numbers on our servers; those are handled by our payment processor. We might store limited payment information such as the card type (e.g. Visa) and last four digits of your card, or a transaction ID from our payment provider, which helps in order confirmations and troubleshooting payment issues.

How Long We Keep It: We retain purchase and transaction records for financial and legal compliance purposes. Under Australian law and accounting standards, companies are required to keep financial records for a number of years – typically at least seven years. Likewise, other jurisdictions often have similar record-keeping requirements. Therefore, we keep transaction records for at least seven years from the date of the transaction. Keeping these records is necessary for auditing, tax filings, and addressing any payment disputes or refunds. It also helps us provide customer support (for example, verifying a purchase if you encounter an issue) and to enforce our terms (for example, confirming you have an active subscription or investigating fraud).

Even if you delete your account, we may need to retain certain basic transaction records for the remainder of the required retention period. However, such data will no longer be linked to an active profile in our user database; instead, it will be stored securely in a separate, access-controlled archive and only used if needed for compliance (for example, producing records for a financial audit or tax inquiry). Once the required retention period elapses, those transaction records will be securely deleted.

Moderation and Compliance Records

Moderation Logs: To keep our platform safe and lawful, we maintain records when moderation actions are taken. If you (or your content) trigger a review — for example, by attempting to generate disallowed content or engaging in prohibited behavior — we may create a log of the event. A moderation record can include relevant details such as the prompt or content in question, which rule was violated, and what action we took (e.g. issued a warning, removed content, or suspended the account), along with timestamps. We retain moderation logs for as long as necessary to manage repeat offenses and demonstrate enforcement of our Terms of Service. For instance, if you were warned or temporarily suspended, we keep that record to inform any future enforcement (e.g. escalating to a stronger penalty if violations continue). If an account is permanently banned, we retain the record of the ban and the offending conduct for an extended period (potentially indefinitely) to prevent evasion and ensure we have context if the banned user tries to return.

Legal Compliance Data: If any content or user activity must be reported to law enforcement or relevant authorities (for example, evidence of criminal misuse of the platform), we will retain the necessary data as required by law. This may include preserving the content, associated metadata, and user identity information involved. Even if an account is terminated, such data might be held in a restricted archive to cooperate with legal investigations or proceedings. We handle all such data with strict confidentiality and security, and only share it with the authorities under proper legal process.

Dispute and Support Records: If you engage with our support team or if there is a dispute (for example, a refund request or a claim about content ownership), we may keep those communications and related records. These support records are kept as long as needed to resolve the issue and for a reasonable period thereafter in case of follow-up. For example, if you opened a support ticket about a technical problem, we might retain the ticket and our response for some months to a year in case you have additional questions or if we track recurring issues. Likewise, if you were involved in a dispute, we would retain relevant correspondence or decision records to ensure we have a history (for instance, if a similar dispute arises or for our legal protection). Such records will be periodically reviewed and deleted when they are no longer needed for legitimate purposes.

Data Deletion and Account Closure

We strongly believe in your right to delete your data. You have the ability to delete individual pieces of content or your entire account, as described below.

Deleting Individual Content: As noted above, if you remove a generated image or other output from your account, it is immediately deleted from our active servers. The same applies if you clear or delete other information in your account (for example, if you edit and remove optional profile details). We do not retain the deleted data in active databases. After deletion, that data might still exist in our encrypted backups for a short time, but it will be overwritten in the next backup cycle (see Backups below). We do not use backup files to restore deleted personal data except in disaster recovery scenarios.

Account Closure (Permanent Deletion): If you decide to permanently delete your Creator Studio account, you can do so through the account settings or by contacting our support. Upon receiving a confirmed deletion request, we will initiate the removal of personal data associated with your account from our live systems. This includes your profile information, saved outputs, prompt history, and any other personal data tied to your account. We endeavor to complete such deletions promptly, generally within 30 days of your request, barring any technical delays or legal constraints. (Under laws like the EU GDPR, controllers are typically expected to fulfill data erasure requests within one month, and we aim to meet those timelines.)

Retention of Necessary Records: After account deletion, we will retain only the information that we are required to keep for legal or compliance reasons (if any). As discussed, this could include keeping financial transaction records for the mandated period (e.g. to satisfy tax and accounting laws), maintaining a simple log that an age verification was performed (without sensitive details) if needed for regulatory audits, or preserving a record that a user was banned for serious misconduct (to prevent circumvention). Any such retained data will not be used for new purposes – it is isolated and secured strictly for compliance, legal defense, or audit obligations, and it will be erased once no longer legally required. Notably, if a law requires certain data be kept for a set time (for example, a law obligating companies to keep certain records for 7 years), we will comply with that even after account deletion. Aside from these exceptions, all personal data is removed as part of account deletion.

Backups: Like many services, we perform routine data backups to guard against catastrophic data loss. Our backups are encrypted and stored securely. When you delete data (whether individual content or your whole account), that deletion is reflected on our active systems immediately. However, the data may still reside in our encrypted backup files for a limited time until those backups cycle out. Our backup retention period is typically around 30 to 60 days. This means that deleted data may persist in backup snapshots for up to a couple of months. Importantly, we do not use backups to retrieve or restore data that you have deleted (except in the rare case that a system-wide disaster recovery is needed, and even then we would honor deletions after restoration). Backup files are overwritten on a rolling basis, so any deleted user data will naturally be purged from backups in due course. All backups are protected with strong security measures. In summary, once your data is deleted from live systems, it may linger in backups for a short period, but it will not be accessible in the app, and it will disappear from backups after the backup retention window.

Confirmation of Deletion: If you contact us to confirm that your data has been removed, we can verify whether your personal data has been expunged from our active systems. We may not be able to reference specific deleted items (since they no longer exist in our records), but we can confirm that the deletion process was completed for your account. We log and verify data deletions internally. In the unlikely event that something was missed, we will promptly investigate and address it if you bring it to our attention.

Compliance with Privacy Laws and User Rights

Creator Studio adheres to the Australian Privacy Principles and other global privacy regulations. One core principle in these laws is that we should not keep personal data longer than necessary for the purposes for which it was collected. Our retention practices are designed to meet this requirement, as detailed above.

Your Data Privacy Rights: Depending on your jurisdiction, you have certain rights regarding your personal data. These may include:

  • Right of Access: You can request a copy of the personal information we hold about you.

  • Right of Correction: You can ask us to update or correct inaccurate personal information.

  • Right to Deletion (Right to be Forgotten): You can request that we delete your personal data. As described in this policy, we honor deletion requests to the fullest extent required by law. If we must retain certain data due to legal obligations, we will inform you of that and limit the use of that data strictly to the required purpose.

  • Right to Object or Restrict Processing: You may have the right to object to or request restriction of certain processing of your data, particularly in cases of direct marketing or when you contest the accuracy or lawfulness of our data processing.

  • Right to Data Portability: For applicable data, you can request a copy in a portable format (this typically applies to data you provided).

  • Other Rights: Some regions provide additional rights, such as the right not to be subject to automated decision-making that has legal effects on you, or specific rights around marketing communications. We will respect the rights applicable to you under the relevant laws.

We handle all such requests in accordance with applicable laws. To exercise any of these rights, you can contact us at our support email admin@creatoralliancegroup.com or through the app’s privacy settings (if available). We may need to verify your identity before fulfilling certain requests for security reasons. Also note, if you request deletion of certain critical data, we might not be able to continue providing you the service. For example, if you ask us to delete the record proving you are age-verified, we would no longer be able to allow access to the 18+ platform (since we cannot lawfully provide the service without age verification). In such cases, fulfilling your deletion request may require closing your account. We will communicate with you about any such implications before proceeding.

International Data Transfers: We primarily store and process data in Australia, and possibly in other countries through reputable cloud providers. No matter where your data is stored, our retention and deletion practices remain consistent with this policy and are designed to protect your privacy. If you are in regions like the EU, and personal data is transferred outside your region, we ensure appropriate safeguards are in place (such as standard contractual clauses, etc.). The retention periods we adhere to do not change based on the data’s storage location. They are driven by necessity and compliance, not geography.

FAQ: Data Retention and Deletion

Q: How long will you keep my personal information if I use Creator Studio regularly?
A: We will keep your account data and related personal information for as long as your account remains active. We do not set a fixed expiration for data on active accounts because we need it to continuously provide the service to you. This means your profile info, content, and logs will be maintained per the schedules described above (for example, routine login logs rotate every 12 months, while content you’ve saved stays until you remove it). We periodically review the data we hold, so if something is no longer needed, we will dispose of it even if you have an active account – in line with data minimization principles. In short, as long as you actively use Creator Studio, we retain necessary data to serve you, and we clean up data that is no longer needed.

Q: What happens when I delete my account?
A: When you delete your account, we delete or anonymize the personal data associated with it. Your login info, profile, and any private content (your prompts, outputs, gallery, etc.) will be removed from our live systems. Some data may be kept if required by law or for legitimate business obligations, as noted in this policy. For example, we might retain records of purchases for the legally required duration (e.g. for tax compliance) or keep a minimal record that a verified 18+ account existed (without sensitive details) if needed for regulatory purposes. However, any such retained data is no longer linked to an active user profile, and it will not be used for any purpose other than compliance. After the necessary retention time passes, that data will be erased as well. Essentially, deleting your account triggers a purge of your personal data from our active databases, with only a few fragments kept temporarily if absolutely required for legal reasons, and those fragments are isolated and scheduled for later deletion once they fulfill their requirement.

Q: Can I ask you to delete specific data without deleting my whole account?
A: Yes. You have control over certain data directly – for instance, you can delete images or other outputs you have generated, or edit and clear fields in your profile. For data that isn’t self-serve, you can send us a request. If you want us to delete specific information (say, a particular prompt history or a support chat record), we will do so as long as that data is not something we are required to retain. Keep in mind, if the data you ask us to delete is fundamental to providing you the service or to legal compliance, we may have to treat that as a request to delete your account. For example, if you asked us to delete the age verification flag on your account, we cannot lawfully let you use the 18+ service anymore, so your account would need to be closed as part of fulfilling the request. We will clarify and confirm with you in such cases before taking action. In all other cases, we are happy to delete specific pieces of your data on request and will confirm once completed.

Q: Do you ever automatically delete my data?
A: We might, in certain situations. For example, we automatically purge old server logs after about 12 months as a routine practice. We might also delete or anonymize data that is no longer needed for its original purpose – this is part of good data hygiene and compliance with laws that say not to retain personal information unnecessarily. Additionally, as noted, if accounts are completely inactive for a very long time and we cannot reach the user, we might choose to delete those accounts and their data to reduce storage of obsolete information. (We would attempt to notify you before deleting an account for prolonged inactivity.) These kinds of automatic or administrative clean-ups help protect your privacy by ensuring we don’t keep data indefinitely without reason. They are guided by the principle that personal data should not be retained longer than necessary.

Q: How can I be sure my data is really gone after deletion?
A: We have processes in place to permanently erase or anonymize data when you delete content or close your account. Once we’ve confirmed your data is deleted from our active systems, it might still reside in encrypted backups for a short period (up to 1–2 months) until those backups are overwritten. We do not use those backups to retrieve deleted data except in disaster recovery scenarios. If you would like confirmation, you can contact us after your deletion request has been processed. We can confirm that your account was deleted and that any remaining items are retained solely for legal compliance (if applicable). We take deletion requests very seriously, and our team logs and verifies all data removals. In the unlikely event something was missed, we will address it promptly. Ultimately, “deleted” means the data is gone from our live systems and will not be restored; any brief lingering in backups is temporary and protected, after which it is completely gone as well.

Q: Do you comply with GDPR data retention requirements and other laws?
A: Yes, absolutely. We designed our data retention policy to meet the requirements of GDPR, which include the principle that personal data should not be stored longer than necessary for its purpose. We similarly comply with other laws like the Australian Privacy Act and California privacy laws. For example, Australian Privacy Principle 11 requires organizations to destroy or de-identify personal information when it is no longer needed, and we follow that rule. We also enable users to exercise their rights (access, deletion, etc.) as described above. We regularly review the data we hold and ensure it’s either still needed for a valid purpose or is securely disposed of. If you are a user in the EU, UK, US, or elsewhere, know that we strive to uphold the spirit and letter of all applicable data protection regulations – by giving you control over your data and by not retaining your data arbitrarily. Our goal is to minimize data retention to what is truly necessary to operate the service and meet our legal obligations.

If you have any further questions about our data retention practices or privacy measures, please refer to our full Privacy Policy or contact us at admin@creatoralliancegroup.com. We value your trust and are happy to explain how we handle your data to keep you informed and confident in using Creator Studio.