Privacy Policy
Effective Date: March 16, 2026 | Last Updated: March 16, 2026
Creatov ("we," "us," or "our") operates the website creatov.io and provides AI automation services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or engage with our services.
We are committed to protecting your privacy. By accessing or using our website, you agree to the terms outlined in this policy. If you do not agree, please discontinue use of our website.
Creatov
Email: contact@creatov.io
Website: creatov.io
Based in Israel, serving clients in the United States and internationally.
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you voluntarily provide to us, including:
- Contact information: name, email address, phone number, organization name
- Inquiry details: messages submitted through contact forms or email
- Business information: organization type, size, and service requirements
- Account information: if you create an account or sign up for our services
1.2 Information Collected Automatically
When you visit our website, we automatically collect certain technical data:
- Device information: browser type, operating system, device type, screen resolution
- Usage data: pages visited, time spent on pages, navigation paths, referring URLs
- Network information: IP address, approximate geographic location (city/country level)
- Cookies and similar technologies: session cookies, persistent cookies, web beacons, and pixel tags (see Section 9 below)
1.3 Information from Third Parties
We may receive information from third-party sources including:
- Social media platforms (if you interact with us through social channels)
- Business partners and referral sources
- Publicly available information
2. How We Use Your Information
We use the collected information for the following purposes:
- Service delivery: To respond to inquiries, provide consultations, and deliver our AI automation services
- Communication: To send service-related correspondence, respond to requests, and provide customer support
- Website improvement: To analyze usage patterns, optimize user experience, and improve website functionality
- Marketing: To send promotional communications (only with your consent; you may opt out at any time)
- Legal compliance: To comply with applicable laws, regulations, and legal processes
- Security: To detect, prevent, and address fraud, abuse, and technical issues
- Analytics: To understand how visitors use our website and measure the effectiveness of our content
3. Third-Party Services
We use the following third-party services that may collect or process your data:
| Service | Purpose | Data Collected | Privacy Policy |
|---|---|---|---|
| Google Analytics | Website analytics | Usage data, device info, IP address | Google Privacy |
| Google Tag Manager | Tag management | Page interactions | Google Privacy |
| Cloudflare | CDN, security, DNS | IP address, request data | Cloudflare Privacy |
| HubSpot / CRM | Contact management | Contact form submissions | HubSpot Privacy |
| Vercel / Hosting | Website hosting | Server logs, IP address | Vercel Privacy |
We may also use additional services such as email marketing platforms, customer support tools, and payment processors. Each third-party service operates under its own privacy policy.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your data in the following limited circumstances:
- Service providers: Trusted partners who assist us in operating our website and services, bound by contractual data protection obligations
- Legal requirements: When required by law, regulation, court order, or governmental request
- Business transfers: In connection with a merger, acquisition, or sale of all or part of our assets
- Protection of rights: To protect the rights, property, or safety of Creatov, our users, or others
- With your consent: When you have given explicit consent to share your information
5. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:
- Contact form submissions: Retained for up to 3 years after last interaction, then deleted or anonymized
- Client project data: Retained for the duration of the business relationship plus 5 years for legal and tax compliance
- Analytics data: Aggregated and anonymized within 26 months (Google Analytics default)
- Marketing communications: Until you unsubscribe; opt-out records are retained to honor your preferences
- Server logs: Retained for up to 90 days for security and troubleshooting purposes
When data is no longer needed, we securely delete or anonymize it in accordance with industry best practices.
6. Data Security
We implement reasonable and appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and monitoring
- Employee training on data protection practices
- Incident response procedures
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
7.1 Rights for All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Opt-out of marketing: Unsubscribe from promotional emails at any time
7.2 Additional Rights Under GDPR (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you additionally have the right to:
- Data portability: Receive your data in a structured, commonly used, machine-readable format
- Restriction of processing: Request that we limit how we use your data
- Object to processing: Object to processing based on legitimate interests, including profiling
- Withdraw consent: Withdraw previously given consent at any time, without affecting the lawfulness of prior processing
- Lodge a complaint: File a complaint with your local data protection authority
7.3 Additional Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: Request details about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
- Right to Delete: Request deletion of personal information we have collected from you
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link
- Right to Limit Use of Sensitive Personal Information: Direct us to limit the use of your sensitive personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise your CCPA rights, contact us at contact@creatov.io. We will respond within 45 days.
7.4 Rights Under Other US State Privacy Laws
Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, Indiana, Kentucky, Rhode Island, Nebraska, New Hampshire, New Jersey, and Maryland) may have similar rights to access, correct, delete, and opt out of data processing. Contact us to exercise these rights.
7.5 Rights Under Israeli Privacy Protection Law
Under the Israeli Protection of Privacy Law, 5741-1981 (as amended by Amendment 13, 2025), individuals have the right to:
- Access personal data held in our databases
- Request correction or deletion of inaccurate data
- Object to data processing for direct marketing purposes
- Be informed about the purposes of data collection and transfer
8. How to Exercise Your Rights
To submit a data rights request, contact us using any of the following methods:
- Email: contact@creatov.io (subject line: "Privacy Rights Request")
- Mail: Creatov, Privacy Department, Israel
We may need to verify your identity before processing your request. We will respond to verifiable requests within:
- GDPR: 30 days (extendable by 60 days for complex requests)
- CCPA/CPRA: 45 days (extendable by an additional 45 days)
- Other US state laws: As required by the applicable statute (typically 45 days)
- Israeli law: 30 days
9. Cookie Policy
9.1 What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are used to make websites function, work more efficiently, and provide reporting information.
9.2 Types of Cookies We Use
| Category | Purpose | Duration | Required? |
|---|---|---|---|
| Strictly Necessary | Essential for site functionality, security, and form submissions | Session / up to 1 year | Yes |
| Performance / Analytics | Measure how visitors use the site (e.g., Google Analytics) | Up to 2 years | No |
| Functional | Remember preferences (e.g., language, region) | Up to 1 year | No |
| Marketing / Targeting | Deliver relevant advertisements and measure campaign effectiveness | Up to 2 years | No |
9.3 Managing Cookies
You can control cookies through:
- Our cookie consent banner: When you first visit our site, you can accept or reject non-essential cookies
- Browser settings: Most browsers allow you to block or delete cookies (see your browser's help documentation)
- Global Privacy Control (GPC): We honor GPC signals sent by your browser, treating them as a valid opt-out request for targeted advertising and data sharing
- Opt-out links: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on
Disabling certain cookies may affect the functionality of our website.
10. Do Not Track & Global Privacy Control
We honor Global Privacy Control (GPC) signals as a valid opt-out of the sale or sharing of personal information, as required by applicable US state privacy laws. When we detect a GPC signal, we will refrain from processing your data for targeted advertising or sharing it with third parties for cross-context behavioral advertising.
Regarding Do Not Track (DNT) browser signals: as there is no uniform industry standard for DNT, our website does not currently respond to DNT signals specifically but does honor GPC.
11. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at contact@creatov.io.
12. International Data Transfers
As an Israeli company serving US-based nonprofits and international clients, your personal data may be transferred to and processed in:
- Israel: Our primary place of business. Israel holds an EU adequacy decision, meaning the European Commission recognizes Israel as providing an adequate level of data protection.
- United States: Where certain third-party service providers (e.g., Google, Cloudflare) process data.
- Other jurisdictions: Where our sub-processors operate.
For transfers outside jurisdictions with adequacy decisions, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), supplementary measures, and data processing agreements.
13. Automated Decision-Making
We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects concerning you. If this changes, we will update this policy and provide you with the right to contest such decisions and request human review, as required by GDPR Article 22 and applicable US state privacy laws.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes:
- We will update the "Last Updated" date at the top of this page
- For significant changes, we will provide notice via our website or email
- Your continued use of our website after changes constitutes acceptance of the updated policy
We encourage you to review this page periodically.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: contact@creatov.io
Subject line: "Privacy Inquiry"
Website: creatov.io
We will respond to all privacy-related inquiries within 30 days.
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:
- Israel: The Privacy Protection Authority (PPA)
- EU: Your local Data Protection Authority
- California: The California Privacy Protection Agency (CPPA)