Sign Up

Login

Sign Up

Login

Sign Up

Login

Privacy Policy

Last updated on August 2025


Creator Studio – The Creator Alliance Pty Ltd
Suite 302, 13/15 Wentworth Ave, Sydney NSW 2000
Email: admin@creatoralliancegroup.com 


Introduction

 

We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains what personal data we collect, how we use and share it, and the measures we take to safeguard it. By using our services or providing your information, you agree to the terms of this Privacy Policy and consent to our data practices. If you do not agree with this Policy, please do not use our services or provide personal data. We uphold all relevant privacy laws and industry standards, including the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), to ensure your information is handled lawfully and transparently.

 

Age Restrictions

 

Our services, including certain sections of our website containing sensitive or age-restricted content, are not intended for individuals under the age of 18. We take steps to prevent minors from accessing these restricted sections in compliance with applicable laws designed to protect minors . If you are under 18 (or the age of majority in your jurisdiction), please do not use the restricted portions of our site. We do not knowingly collect personal data from minors. In the event we discover that we have collected information from a person under 18 without verifiable parental consent, we will delete it promptly in accordance with applicable laws.

 

Information We Collect

 

We collect personal information necessary to provide our services and to comply with legal and regulatory requirements. The types of information we may collect include:

  • Contact and Identity Information: Name, email address, postal address, phone number, date of birth, and other identifiers that you provide when creating an account or using our services. We may also collect verification information such as copies of government-issued identification or proof of address as needed for identity verification and compliance purposes .

  • Account and Profile Data: Username, password, and any preferences or settings associated with your account. If you create a profile or provide additional details (e.g. biography, profile picture), we will collect the information you choose to share.

  • Payment Information: If you make purchases or financial transactions through our service, we will process payment details. This may include billing name, billing address, and partial payment card information. We do not store full credit card numbers or sensitive payment details on our servers. Payment transactions are handled by our third-party payment processor (e.g. Stripe) which is PCI-DSS compliant, and sensitive card data is transmitted securely for processing  . This means your card information is used only to complete the transaction and is not retained by us beyond what is necessary (such as the last four digits for reference).

  • KYC and Compliance Information: To meet our legal obligations under Know Your Customer (KYC), Anti-Money Laundering (AML), and Counter-Terrorism Financing (CTF) laws, we may collect additional data. This can include information needed to verify your identity and background, such as official identification documents, date of birth, nationality, proof of address, and other data required by regulators . Such information is collected only when necessary (for example, when you conduct certain transactions or if required by law for age or identity verification).

  • Usage Data and Analytics: Information about how you access and use our website or app. This includes technical data like IP address, browser type, device identifiers, pages visited, time stamps, and referring website. We collect this data through cookies and similar tracking technologies to understand user engagement and improve our services. (See Cookies and Tracking below for more details.) This data may also include location information (e.g. approximate location derived from your IP address) and logs of your interactions, such as clicks, content viewed, and features used on our site.

  • User-Generated Content: If our services allow you to post or upload content (for example, comments, images, or other materials, including in any sensitive content sections), we collect the information you submit. Please note that content you share in public or community areas of our service may be visible to others. We advise caution when disclosing personal information in these areas.

  • Communication Data: Any correspondence you send to us, such as emails, customer support inquiries, or feedback. This may include the content of your messages and attachments, as well as metadata (like date and time of contact). We keep records of our communications with you to handle your requests and improve our services.

 

We collect personal data directly from you (for instance, when you fill out forms, register an account, or communicate with us) and, in some cases, from third parties. For example, we might receive updated address information from a delivery service, or fraud signals from security providers. We also automatically collect certain data through cookies and analytics tools as you use our website, which is detailed in the Cookies section.

 

How We Use Your Information

 

We use the collected information for the following purposes, in accordance with applicable law and with your consent where required:

  • Providing and Improving Services: To operate our website and services, fulfill your orders and requests, process transactions, and deliver the products or content you have requested. For example, we use your contact and payment information to facilitate purchases and to communicate about your account. We also analyze usage data to understand how our services are used and to improve functionality and user experience.

  • Account Management and Support: To create and maintain your account, authenticate your identity when you log in, and provide customer support or technical assistance. We use communication data to respond to your inquiries, resolve issues, and inform you of updates or changes related to your usage of the service.

  • Legal and Regulatory Compliance: To comply with our legal obligations and industry standards. This includes using personal data for complying with laws related to financial transactions, anti-money laundering (AML), know-your-customer (KYC) checks, counter-terrorism financing, age verification requirements, and other regulations . For example, we may use identity and transactional information to perform due diligence, verify your identity or age, monitor transactions for suspicious activity, and report to relevant authorities as required by law. We also maintain records as necessary for tax, accounting, and regulatory audits.

  • Fraud Prevention and Security: To protect our customers, our business, and the integrity of our platform. We may monitor user activities and usage patterns to detect and prevent fraud, unauthorized access, security breaches, or other potentially illegal or harmful activities . Personal data (such as device information or transaction history) helps us identify suspicious behavior and enforce our terms of service. These efforts are crucial in safeguarding your data and our services from abuse.

  • Communications and Notifications: To send service-related communications, such as confirmations of your transactions, critical alerts about your account or changes to our terms or policies, and other administrative messages. We may also send newsletters or promotional communications about new features, content, or special offers, but only if you have given us your consent where required by law. You can opt out of marketing emails at any time by using the unsubscribe link in those emails or contacting us directly. We will not send you marketing communications if you have opted out.

  • Personalisation and Analytics: To personalise your experience on our site. For example, we might use your browsing history or profile information to recommend content that may interest you or to tailor the display of the site (such as language or region-specific content). We also use data analytics to understand aggregate trends and user preferences, which helps us improve our services and develop new features. This may include analyzing how users navigate the site, which pages or content are most popular, and how our advertising campaigns perform.

  • Enforcing Terms and Rights: To enforce our Terms of Service, Community Guidelines, or other legal agreements, and to prevent misuse of our services. We may use your information to investigate and address violations, as well as to defend against legal claims or disputes. If necessary, we will use personal data to pursue available remedies or limit damages, including sharing information with legal counsel and authorities in the event of litigation or regulatory inquiry.

  • With Your Consent: If we seek to use your personal information for a purpose that requires consent under applicable law, we will request your consent at that time. For instance, if we ever want to process sensitive personal information beyond what is necessary for the above purposes, or if we introduce a new use of data that is not compatible with those above, we will first obtain your explicit consent. You have the right to withdraw consent at any time, as described in the Your Rights section, though note that this will not affect the lawfulness of processing based on consent before its withdrawal.

 

We rely on various legal bases to process your information. In general, most processing is necessary to provide our services to you (performance of a contract), or to comply with legal obligations. In other cases, we may process data for our legitimate interests (such as improving our services or ensuring security) but in doing so we consider and balance any potential impact on your rights. Where required by law, we will obtain your consent (for example, before sending marketing communications or processing certain cookies).

 

How We Share and Disclose Information

 

We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. However, in the normal course of operating our business and complying with laws, we may share your information with selected third parties as described below:

  • Service Providers and Partners: We use trusted third-party companies to perform functions and provide services on our behalf. This includes payment processors (such as Stripe for handling credit card transactions), cloud storage and hosting providers, data analytics services, email and marketing platforms, customer support tools, identity verification services, and other IT or professional services. These providers are given access only to the information necessary to perform their specific tasks and are contractually obligated to protect your data and use it solely for providing services to us . For example, our payment processor will receive your payment details to process a transaction, and an email service might handle your email address to send account notifications. All such third parties must adhere to strict confidentiality and data security standards.

  • Financial Institutions: When necessary, we may share information with banks, card networks (e.g. Visa, Mastercard), payment method issuers, or other financial partners as part of the transaction process. For instance, when you make a payment, relevant transaction data (like your name, card type, date and amount of transaction) is shared through the banking and card network system to authorize and settle the payment. These financial partners may also require certain information about our business or our users to meet their compliance obligations (such as AML checks) and we provide such information as needed for the payment services to function. All financial partners we work with are subject to privacy and security obligations.

  • Regulatory and Legal Disclosures: We may disclose personal information to government authorities, regulators, law enforcement agencies, or other parties when required or permitted by law . This includes complying with court orders, subpoenas, or other legal process, and fulfilling mandatory reporting obligations to regulators (for example, providing information to financial regulators or anti-money laundering units as required). We may also share information if we believe in good faith that disclosure is necessary to investigate fraud, protect our rights or the safety of others, or respond to an emergency. In such cases, we will only provide the information that is reasonably necessary and will follow applicable legal procedures. For example, if law enforcement provides a lawful request in relation to an investigation, we may be compelled to release certain data .

  • Affiliates and Corporate Transactions: If our company has affiliates, parent, or subsidiary companies, we may share information within our corporate family in accordance with this Policy (for instance, if we have related entities that help to operate the service). In the event of a business transaction such as a merger, acquisition, sale of assets, or financing, personal data may be disclosed to potential buyers, investors, or other third parties, but only as necessary and under appropriate confidentiality agreements. If another company acquires us or some or all of our assets, or if we engage in bankruptcy or reorganization, your information may be transferred to that company as part of the transaction, and we will notify you as required by law.

  • Professional Advisors: We may share information with our auditors, attorneys, insurers, and other professional advisors to obtain advice or protect our business interests, but only on a need-to-know basis and under duties of confidentiality. For example, if we need legal counsel regarding a user dispute or regulatory compliance matter, we might provide relevant data to our lawyers for advice.

  • Consent and At Your Direction: We will share your information with other parties if you specifically request or direct us to do so. For instance, if you use a feature that allows you to link your account with a third-party service or share information publicly (such as linking to a social media account or participating in a cross-platform promotion), we will share data as needed with your consent. We may also publicly display testimonials or user-generated content with your consent.

  • Aggregated or De-Identified Data: We may share information that has been aggregated (combined with other data so it no longer relates to an identifiable individual) or de-identified (stripped of personal identifiers) with third parties for research, marketing, analytics, and other purposes. For example, we might publish usage trends or statistics about our user base. Such information does not identify you personally.

 

When we share personal data with third parties, we ensure there are appropriate safeguards in place. All third-party service providers are carefully vetted for strong security practices and are bound by contracts that address data protection (including obligations under GDPR or equivalent laws, where applicable). They are not permitted to use your information for their own unrelated purposes.

 

Cookies and Tracking Technologies

 

Cookies are small text files that websites store on your device to enable core functionality or to enhance your experience. We and our analytics or advertising partners use cookies and similar technologies (such as web beacons, pixels, and device identifiers) to collect technical and usage information as described in the Information We Collectsection. For example, cookies help us to:

  • Keep you logged in as you navigate our site.

  • Remember your preferences (like language or region).

  • Understand how users are interacting with our services, which pages are popular, and where we can improve .

  • Deliver relevant content or advertisements (if applicable) and measure the effectiveness of marketing campaigns.

 

You have control over cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when cookies are being sent. However, please note that if you disable or delete cookies, some parts of our site may not function properly (for instance, you may not be able to complete a purchase or use certain interactive features).

 

We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for a set period or until you delete them). Our site may also employ third-party analytics services like Google Analytics. These services use their own cookies to track and analyze how people use our site on our behalf. We use these insights to improve functionality and content.

 

For more information on how to manage cookies and tracking technologies, refer to your browser’s help documentation. If required by law (for example, in the EU/UK), we will present you with a cookie consent banner and honor your preferences.

 

Do Not Track: Some browsers offer a “Do Not Track” (DNT) feature that signals your preference not to have your online activity tracked. At this time, our site does not respond to DNT signals in a uniform way, due to the lack of an industry standard. We continue to monitor the development of DNT technology and standards. In the meantime, you can use the other options described above to control cookie and tracking technology use.

 

Data Security

 

We take data security very seriously and have implemented robust measures to safeguard your personal information from unauthorized access, use, disclosure, or destruction. Security measures we employ include:

  • Encryption: We protect sensitive data using encryption protocols. For example, personal data is encrypted in transit (e.g., via HTTPS/TLS when you access our site) and at rest in our databases wherever feasible. We utilize strong encryption standards (such as AES-256) for any sensitive information . This means that if data were intercepted or accessed without authorization, it would be unreadable without the proper decryption keys.

  • PCI-DSS Compliance: For payment card data, we adhere to the Payment Card Industry Data Security Standard (PCI DSS), which is the global benchmark for protecting credit card information . Compliance with PCI DSS involves implementing over 300 security controls, including secure handling of card entry, encryption of card numbers, regular security scans, and audits. By following these standards, we help ensure that any payment information you provide is processed with the highest level of security in the industry.

  • Access Controls: We limit access to personal data strictly to employees and contractors who need it to perform their job duties (on a need-to-know basis). We use authentication safeguards such as strong passwords and multi-factor authentication for our internal systems. Access to sensitive information is logged and monitored. Staff are trained on confidentiality and security practices, and we have internal policies in place to prevent unauthorized access or misuse of data.

  • Secure Infrastructure: Our servers are hosted in secure facilities with measures like firewalls, intrusion detection systems, and continuous monitoring for vulnerabilities or unusual activities . We routinely update our software and infrastructure to address security issues and employ anti-virus and anti-malware protections. Regular data backups are performed to ensure integrity and availability of data, and we have disaster recovery procedures in place.

  • Testing and Assessments: We periodically test and evaluate the effectiveness of our security measures. This may include vulnerability scanning, penetration testing by security experts, and security assessments of our vendors. We continually improve our defenses based on the latest threats and best practices.

 

Despite all these precautions, no method of transmission over the internet or electronic storage is completely secure . While we strive to protect your personal data, we cannot guarantee absolute security. You can also help keep your data safe by maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized use of your account.

 

Data Breach Notification

 

In the unlikely event of a data breach that compromises your personal information, we will act promptly in accordance with applicable laws. This means we will notify the affected individuals and relevant authorities (such as privacy regulators) within the timeframes required by law . We will also take all necessary steps to mitigate the breach and prevent future incidents. Our notification to you will include, to the extent we have this information, details of what occurred and recommendations on protective measures you can take. We are dedicated to transparency and will keep you informed as we learn more about any incident.

 

Data Retention

 

We retain your personal information only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy or to meet legal and business requirements. The exact duration for which we keep data will depend on the type of information and the purposes for which we collected it. For example:

  • Basic account information (like your name, email, contact details) is kept for as long as you have an account with us. If you delete your account, we will delete or anonymize this information, unless it needs to be retained for legal reasons.

  • Information related to financial transactions may be retained for a longer period even after account deletion. This is to comply with laws requiring record-keeping for financial reporting, audits, anti-fraud, AML/CTF, and tax purposes. Typically, we retain transactional and identification records for a minimum of 5 to 7 years to satisfy regulations and in case of any dispute . This period may be mandated by law (for example, financial institutions in some jurisdictions must retain certain records for seven years).

  • Communications and support queries might be retained for a shorter period (e.g., a few years after resolution) to help us improve our services and for training purposes, unless they contain information that must be kept longer for legal reasons.

  • Web analytics and cookie data are generally retained only as long as needed for analysis and are often aggregated or anonymized over time. Some cookies may persist for a set duration (as mentioned in the Cookies section), after which they expire if you do not return to the site.

 

Once the retention period expires or the purpose for collecting the data has been achieved, we will securely erase, anonymize, or delete the personal data, unless we are required to retain it longer to comply with legal obligations or it is required to resolve any potential disputes. For instance, if there is ongoing litigation or an open investigation related to your account, we may retain relevant information until that matter is resolved.

 

Please note that due to technical reasons, backup copies of personal data might remain for some additional time in our archive/backup systems. We maintain those backups securely and limit access to them. When backups are cycled out, deleted data will be overwritten or purged.

 

International Data Transfers

 

We operate in multiple jurisdictions, which means your personal information may be transferred to and stored on servers located in countries outside of your own. For example, if you are in the European Economic Area (EEA) or Australia, your data might be processed in the United States or another country where our infrastructure or third-party service providers are located. Some of these countries may not have the same level of data protection laws as your home country. However, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws .

 

When we transfer personal data internationally, we rely on mechanisms such as:

  • Standard Contractual Clauses: For transfers from the EEA or UK to countries not deemed adequate by regulators, we implement the European Commission’s approved Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement/Addendum as applicable, which contractually oblige the recipient to protect your data to EU GDPR standards.

  • Adequacy Decisions: Where applicable, we may transfer data to countries that have been officially recognized as providing an adequate level of data protection by relevant authorities (e.g., the European Commission or Australian government).

  • Consent and Necessity: In some cases, we may rely on your explicit consent to transfer data (for instance, if you initiate a transfer or request a service that inherently involves an international data flow). Also, if a transfer is necessary for the performance of a contract with you or in your interest (such as when making a global transaction you requested), we will do so in compliance with law.

  • Privacy Frameworks: We comply with any applicable international privacy frameworks or certifications that facilitate data transfers, where relevant.

 

You can contact us for more information about the safeguards we have put in place for international transfers. By using our services or submitting your personal data, you acknowledge that your information may be transferred to countries outside of your country of residence. We ensure any such transfers are lawful and your data remains protected. If you do not want your data transferred to other countries, please refrain from using our services.

 

Your Privacy Rights

 

We respect your rights regarding your personal data. Depending on your jurisdiction, you may have some or all of the following rights in relation to the personal information we hold about you :

  • Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it . We will provide this in a reasonable timeframe, typically in a common electronic format.

  • Correction (Rectification): If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it . We encourage you to keep your information up to date and will honor legitimate correction requests.

  • Deletion (Erasure): You can request that we delete your personal data under certain circumstances . For example, if you withdraw your consent (where we relied on consent) or if you believe we no longer need the information for the purpose it was collected. Please note that we may not be able to delete data that we are required to keep by law or which is necessary to establish, exercise, or defend legal claims. We will inform you if any such exceptions apply when responding to your request.

  • Restriction: You have the right to ask us to limit the processing of your personal data in certain situations . This could apply if you contest the accuracy of the data, or if you want to restrict processing while a legal claim is being resolved. When processing is restricted, we can still store your data but will not use it for other purposes without your consent (except for legal reasons).

  • Data Portability: For data you have provided to us and which we process by automated means with your consent or in performance of a contract, you have the right to obtain a copy in a structured, commonly used, machine-readable format . You also have the right to request that we transfer this data to another controller where technically feasible. This right facilitates moving your data to other services.

  • Withdraw Consent: If we rely on your consent to process any personal information, you have the right to withdraw that consent at any time . Once withdrawn, we will stop the specific processing that was based on consent. Please note that withdrawing consent will not affect any processing that has already occurred, and in some cases, we may have an alternate legal basis to continue processing (such as compliance with a legal obligation). We will inform you if that is the case.

  • Objection: In some jurisdictions, you have the right to object to certain processing activities. For example, if we are processing your data based on legitimate interests, you can object if you feel it impacts your rights. You also have an unconditional right to object to your personal data being used for direct marketing purposes. If you object, we will consider whether we have compelling legitimate grounds to continue processing or if we need to cease the processing.

  • California Privacy Rights: If you are a California resident, in addition to the rights above, you have the right to request information about categories of personal information we have collected, used, and disclosed, to request deletion of your personal information, and to opt-out of the “sale” of personal information (as defined by CCPA). However, as noted, we do not sell personal data. California residents also have the right not to receive discriminatory treatment for exercising their privacy rights. We have included the relevant rights from the CCPA within the list above (access, deletion, etc.). If applicable, you may also designate an authorized agent to make a request on your behalf.

 

To exercise any of your rights, please contact us using the information in the Contact section below with a clear description of your request. We will respond to your request as soon as practicable and in accordance with the timeframes required by law. For security, we may need to verify your identity before fulfilling certain requests (for example, by asking you to provide information associated with your account or using other verification methods). This is to ensure that we do not disclose data to someone who is not entitled to receive it.

 

Please note that some rights may not be absolute. There are circumstances where we may legally refuse requests, such as if fulfilling a request would violate another person’s privacy, or if you have asked us to delete information which we are required by law to keep. If we refuse a request, we will explain the reasons (to the extent allowed by law). We will also inform you if any fees apply, in line with legal provisions (most requests can be fulfilled free of charge).

 

If you have concerns about how we handle your data, you also have the right to lodge a complaint with a relevant data protection authority. For example, Australian residents can contact the Office of the Australian Information Commissioner (OAIC), EU/UK residents can reach out to their national Data Protection Authority, and Californian residents can contact the California Attorney General’s office. Of course, we would appreciate the opportunity to address your concerns directly first, so we encourage you to contact us with any complaint and we will do our best to resolve it.

 

Updates to This Privacy Policy

 

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to the way we collect or use your personal information, we will notify you by means appropriate to the significance of the changes. For example, if changes are significant, we may provide a prominent notice on our website or notify you via email prior to the change taking effect . Minor updates (such as clarifications or stylistic changes) will be indicated by updating the “Last Updated” date at the top of this Policy. We encourage you to review this page periodically to stay informed about our privacy practices . Your continued use of our services after any update to this Privacy Policy will signify your acceptance of the changes, to the extent permitted by law.