Creatordesks

Effective Date: 10th June 2025

At Creatordesks ("Creatordesks", "we", "us", or "our"), we recognize the importance of protecting your privacy and securing your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with our services, website, and mobile applications.

We process personal data in two primary contexts:

As a Data Controller – when we handle data for our own business operations, including managing customer accounts, marketing communications, website analytics, and service delivery.
As a Data Processor – when our customers use the Creatordesks platform (“Service”) to store or automate interactions that involve personal data. In these cases, we act on our customers' instructions and do not access or use the data for any purpose other than providing the Service.

This Privacy Policy applies to personal data collected for our own purposes and covers the following types of data subjects:

Customers, their end users, and authorized representatives
Users of our website (creatordesks.com) and associated platforms
Newsletter subscribers and marketing contacts
Prospective customers and leads
Business partners, vendors, and their representatives

It includes personal data collected through the Creatordesks Service, our official websites (where this Privacy Policy is posted), our mobile apps, and other communication channels.

If you have any questions about this Privacy Policy, or if you wish to request access to or deletion of your data—or exercise any other rights as a data subject—please contact us at:
📧 Email: support@creatordesks.com

How We Collect Personal Data
What Types of Personal Data We Process
For Which Purposes We Use Personal Data
How We Share Personal Data
Your Data Protection Rights & Choices
For How Long We Retain Personal Data
International Data Transfers
Children's information
Security
Legal Basis for Processing Your Personal Data (EEA Visitors/Customers Only)
For California Residents
Changes to Our Privacy Policy
Contacting Us

1. How We Collect Personal Data

The personal data we collect depends on the context of your interactions with Creatordesks, the features you use, and the choices you make. We collect personal data from the following sources:

a. Information You Provide to Us Directly

We collect personal data that you voluntarily provide when you:

Sign up for or manage an account on Creatordesks.
Integrate your Instagram or Facebook account using official APIs.
Complete online forms on our website, such as contact forms, demo requests, surveys, event registrations, or subscription opt-ins.
Communicate with us via email, chat, or support tickets, including when submitting inquiries, feedback, or support requests.
Participate in contests, promotions, or events organized by Creatordesks or in partnership with third parties.

b. Information from Integrated Services and Third Parties

If you choose to connect third-party services (e.g., Meta/Facebook, Instagram, Google), we may collect certain data from those services as permitted by their authorization mechanisms. For instance:

Authentication and user profile information from Instagram/Facebook APIs.
Payment confirmation and billing data from payment processors such as Stripe or Razorpay.

c. Information Collected Automatically

When you visit or use our website or platform, we may automatically collect certain technical and usage information through cookies, log files, and similar technologies, which may include:

IP address, browser type, operating system, and device identifiers.
Website behavior metrics such as pages visited, time spent, and interaction events (e.g., button clicks, automation triggers).
Referral source and session timestamps.

d. Information from Online Communities and Social Media

If you interact with our branded communities, including Facebook groups or online forums, we may have access to information you make publicly visible, such as your name, profile data, or comments. We do not extract or store this data unless you engage with us through formal channels or request our services directly.

2. What Types of Personal Data We Process

We collect and process a range of personal data to deliver and improve our Services, ensure compliance, and fulfill contractual obligations. The categories of personal data we may process include:

a. Customer Account Information

To create, manage, and support your user account, we collect data directly from you or via authorized third-party integrations (e.g., Instagram, Facebook, Google), including:

User ID, username, and linked platform identifiers (e.g., Instagram User ID)
Email address and account status
Connected pages, channels, or profiles
Service plan, product usage metrics, and geographic location

b. Financial and Billing Information

To facilitate subscription payments and invoicing, we process:

Payment method details (e.g., last four digits of card number, UPI VPA)
Billing contact information and transaction history
Associated account information through payment processors such as Stripe or Razorpay

Note: We do not store full credit card details; all payments are handled through PCI-DSS-compliant third-party processors.

c. Contact and Business Relationship Data

When you communicate with us or express interest in our Services, we collect:

Full name, job title, company name
Email address, phone number, and other contact details

This data may be obtained through direct contact, online forms, event registrations, or mutual referrals.

d. Communications and Submission Content

We collect data contained in messages, requests, or forms you submit via:

Email, live chat, social media channels, or customer support
Web forms (e.g., “Contact Us,” demo bookings, feature feedback)

This includes the content of your communications and associated metadata (e.g., timestamp, contact details).

e. Technical and Usage Data

To operate and secure our platform effectively, we collect:

IP address, browser and device type, operating system
Language and region settings, device identifiers
Pages visited, features used, time spent, interaction history
Log files and diagnostic data

For mobile users, we may also collect:

Device model, OS version, network status

f. Email Engagement and Analytics

Our email communications (e.g., newsletters or onboarding series) may include tracking technologies such as:

Invisible pixels (clear GIFs) to monitor open rates and click-through performance

You may disable this tracking by setting your email client to block image loading.

g. Cookies and Related Technologies

We use cookies, beacons, and local storage technologies on our website to:

Authenticate sessions
Personalize experience
Analyze usage behavior

Please refer to our [Cookie Policy] for full details.

h. Customer Content (Subscriber Data)

As part of providing our automation services, you may upload or sync data concerning your own users, contacts, or social media audiences ("Subscribers"). This may include names, usernames, public profile info, and communication content.

Important: We process such data strictly as a data processor, on your instructions, in accordance with our [Data Processing Addendum]. You, as the data controller, are responsible for obtaining all necessary consents and ensuring lawful collection of such data.

i. Special Category Data

We do not intentionally collect sensitive personal data such as:

Government-issued IDs (e.g., Aadhaar numbers)
Health, biometric, racial, political, or religious information
Criminal background or union membership data

Please do not submit such information via our Services.

3. For Which Purposes We Use Personal Data

We collect and process personal data for a range of lawful purposes, which may vary based on the nature of your interaction with our Services. These purposes include:

a. To Operate and Provide the Service

We use personal data to:

Establish and maintain your user account and provide access to our platform.
Perform our contractual obligations under the Terms of Service.
Process transactions and issue invoices.
Respond to your service-related inquiries, provide technical support, and send necessary administrative notifications (e.g., updates, security alerts, account notices).

b. To Process Customer Content on Your Behalf

As part of delivering our automation functionalities, we process Customer Content (e.g., messages, contact data, automation triggers) solely on your behalf and under your instructions, acting as a data processor as defined under applicable data protection laws. Our handling of such data is governed by our [Data Processing Addendum].

c. To Communicate and Market Our Services

If you:

Register an account
Submit an inquiry or feedback
Sign up for a newsletter
Participate in a survey or promotional campaign

We may send you service-related or marketing communications (e.g., product updates, feature announcements, offers). All such communications will include an option to opt-out or unsubscribe, in compliance with applicable consent requirements under GDPR, CCPA, and CAN-SPAM.

d. To Manage and Deliver Events

If you register for webinars, workshops, or other events, we may process your contact details to:

Confirm attendance and deliver event-related materials
Send reminders, follow-ups, or post-event surveys
Provide relevant service-related content

Participation is voluntary and each communication will contain an opt-out mechanism.

e. To Comply with Legal Obligations

We process personal data when required to meet legal and regulatory obligations, including:

Tax, accounting, and audit compliance
Law enforcement requests, subpoenas, court orders
Economic sanctions, anti-fraud, and anti-money laundering rules

Disclosure to authorities is subject to strict validation and legal review.

f. To Establish and Maintain Business Relationships

We may process business contact information when:

Entering or negotiating a commercial agreement
Fulfilling contractual duties with vendors, partners, or service providers

This includes data necessary to authenticate or engage in lawful cooperation with external parties.

g. To Ensure Security and Prevent Abuse

We use personal data to:

Enforce our Terms of Use and related policies
Detect and investigate misuse, fraud, or unauthorized activity
Safeguard the rights, property, and safety of our users, staff, and platform

We rely on our legitimate interests and legal duties to process data for these security and compliance-related purposes.

4. How We Share Personal Data

We do not sell your personal data to third parties for commercial gain or advertising purposes. We only share your data as outlined in this Privacy Policy, or when we have obtained your explicit consent.

We may disclose your personal data in the following circumstances:

a. Service Providers

We engage third-party service providers to support our business operations, including:

Payment processors (e.g., Stripe, Razorpay)
Customer relationship management (CRM) platforms
Cloud hosting and infrastructure providers
Email service and analytics platforms
Customer support tools

These providers are contractually bound to process your data only as necessary to perform their services on our behalf, under strict confidentiality and data protection terms. A full list of our processors and sub-processors can be found in our Service Providers section.

We also use third-party cookies on our website for functionality, analytics, and performance purposes. For more information, refer to our Cookie Policy.

b. Professional Advisors

We may share personal data with our professional advisors, such as legal counsel, accountants, auditors, insurers, or bankers, when necessary to obtain legal, financial, or compliance-related services.

c. Third-Party Integrations and APIs

When you choose to connect third-party applications or integrations (e.g., Instagram, Facebook, Google, Razorpay), we may share or receive personal data to enable such integrations, authenticate users, process payments, or deliver automated features. These interactions are governed by the respective terms and privacy policies of the third-party platforms.

d. Business Transfers

In connection with any actual or proposed merger, acquisition, restructuring, sale of assets, or bankruptcy proceedings, personal data may be transferred to or accessed by the acquiring entity. In such cases, the successor entity will assume the rights and obligations set forth in this Privacy Policy. We may also disclose aggregated, anonymized information in due diligence processes.

e. Legal Compliance and Protection

We may disclose your personal data when we believe in good faith that such disclosure is necessary to:

Comply with applicable laws, regulations, or legal processes (e.g., subpoenas, government requests)
Respond to regulatory or law enforcement inquiries
Enforce our Terms of Use and other agreements
Protect the rights, safety, or property of Creatordesks, its users, or others
Prevent or investigate fraudulent, unauthorized, or illegal activities

Such disclosures will be subject to legal review and limited to what is strictly required.

f. Corporate Affiliates

We may share your personal data within our group of companies, affiliates, or subsidiaries where such data sharing supports the purposes outlined in this Privacy Policy and is subject to appropriate confidentiality and security measures.

5. Your Data Protection Rights & Choices

Depending on your location and applicable data protection laws (e.g., GDPR, UK GDPR, CCPA), you may exercise the following rights in relation to your personal data:

a. Access, Correction, and Deletion

You have the right to:

Access the personal data we hold about you
Request corrections to inaccurate or incomplete data
Request deletion of your personal data, subject to any legal or contractual obligations

To exercise these rights, contact us at: support@creatordesks.com.

b. Objection and Restriction of Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you also have the right to:

Object to our processing of your personal data, where permitted by law
Request that we restrict processing in certain circumstances (e.g., during the resolution of a data accuracy dispute)
Request the export of your personal data in a machine-readable format where technically feasible (data portability)

c. Withdrawal of Consent

If we process your personal data based on your consent (e.g., for marketing communications), you may withdraw that consent at any time. Withdrawal will not affect:

The lawfulness of processing prior to your withdrawal
Any processing that relies on legal grounds other than consent (e.g., contractual necessity or legal obligation)

You can unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us at support@creatordesks.com.

d. Response Timeline and Verification

We respond to all valid requests in accordance with applicable data protection laws. In some cases, we may ask for additional information to verify your identity before processing your request.

e. Access to Data Controlled by Our Customers

Please note that Creatordesks acts as a data processor for personal data that our customers upload into the platform (e.g., their contacts or social media Subscribers). If you are an individual whose data is processed by one of our customers (e.g., a brand or content creator using our platform), and you wish to access, amend, or delete your data, you should contact the customer directly. We do not control or make decisions about that data and cannot fulfill such requests independently.

6. For How Long We Retain Personal Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

To provide our Services to you
To comply with legal, tax, and regulatory obligations
To resolve disputes
To prevent abuse or fraud
To enforce our agreements

Where processing is based on your consent, we retain the data until you withdraw consent or request deletion.

a. Active Account Retention

We will retain your personal data for the duration of your active use of the Creatordesks platform and for as long as your account remains open. Once you terminate your agreement with us (as defined under our Terms of Service), your personal data will be securely deleted or anonymized, unless further retention is:

Legally required (e.g., financial or tax recordkeeping)
Necessary for dispute resolution, security, or enforcement purposes

b. Subscriber Data (Customer Content)

For personal data processed on behalf of our customers (e.g., end-user or Subscriber data), we act as a data processor. We retain such data in accordance with our customer’s instructions or the duration of the service agreement. Upon termination or upon instruction, this data will be deleted or returned as defined in our Data Processing Addendum.

7. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries outside of your country of residence, including jurisdictions that may not provide the same level of data protection as your home country. This includes, but is not limited to, India and other countries where we or our service providers maintain operations.

a. Basis for International Transfers

We implement appropriate safeguards to ensure that any such transfers comply with applicable data protection laws, including:

Standard Contractual Clauses (SCCs): For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on the European Commission’s or UK’s approved SCCs.
Data Processing Agreements (DPAs): Our contracts with third-party processors require them to adhere to strict data protection and security standards.
Binding Corporate Rules or Certifications (where applicable)

b. Your Consent

By using our Services and accepting the terms of this Privacy Policy, you expressly consent to:

The transfer of your personal data to countries outside your jurisdiction, including the United States and India.
The processing of your data in accordance with this Privacy Policy and subject to the laws of the relevant jurisdictions, which may offer different or lesser levels of protection than your local laws.

8. Children’s Information

We are committed to protecting the privacy of minors and promoting safe internet use. The Creatordesks platform and services are not intended for individuals under the age of 18, and we do not knowingly collect, solicit, or process personal data from anyone under this age threshold.

a. No Use by Minors

If you are under the age of 18:

Do not register for the Service
Do not provide any personal information (e.g., your name, address, phone number, or email)

If we learn that we have inadvertently collected personal data from an individual under 18 without verified parental or legal guardian consent, we will take immediate steps to delete that information.

b. Parental Oversight

We strongly encourage parents and legal guardians to supervise and engage in their children’s online activities to help ensure a safe and responsible internet experience.

If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal data, please contact us immediately at support@creatordesks.com, and we will promptly investigate and, if appropriate, delete such data.

c. No Sale of Minors’ Data

In compliance with applicable laws, we do not sell any personal data, including that of minors aged 13 to 18, under any circumstance.

9. Security

a. Safeguarding Your Information

We implement appropriate technical and organizational measures designed to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

Encryption (e.g., SSL/TLS) for data in transit
Access controls and role-based permissions
Secure data storage using reputable cloud providers
Regular audits, logging, and system monitoring
Internal policies for secure data handling and incident response

Our safeguards are designed in proportion to the sensitivity and volume of data we process, the risks associated with various data processing activities, and the potential harm from unauthorized access.

Despite our best efforts, no system can be guaranteed 100% secure. We cannot warrant or ensure that your personal data will never be accessed, used, or disclosed in a manner inconsistent with this Privacy Policy due to unauthorized third-party access (e.g., hacking, phishing, or system compromise). Transmission of data over the internet always carries inherent risks.

The payment processing services we use (e.g., Stripe, Razorpay) are PCI DSS-compliant and apply industry-standard security protocols to safeguard your payment data during and after transactions.

If you have concerns about the security of your personal data, you may contact us at support@creatordesks.com.

b. Notice of Data Breach

In the event of a data breach that results in unauthorized access to or disclosure of your personal data, and which may materially impact your rights or freedoms:

We will notify you without undue delay
We will describe the nature and scope of the breach
We will provide information on remedial actions taken
We will, where applicable, notify relevant supervisory authorities as required by law

10. Legal Basis for Processing Your Personal Data (EEA Visitors/Customers Only)

If you are a person located in the EEA or the UK, our legal basis for collecting and using the personal data described above will depend on the purpose of processing and personal data concerned:

We process data to perform a contract with you on the use of the Service (Art. 6(1)(b) of the GDPR or UK GDPR);

We also process data based on our legitimate interest (Art. 6(1)(f) of the GDPR or UK GDPR) in the following cases:

to communicate with you and inform you about our Service;
to comply with the law we are subject to;
to conduct events and communicate with you;
to negotiate, enter, and perform agreements;
for compliance and safety.

We process some types of cookie files based on your consent (Art. 6(1)(a) of the GDPR or UK GDPR). See more details in Cookie Statement.
If we ask you to provide personal data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data). Similarly, if we collect and use your personal data in reliance on our legitimate business interests, we will make clear to you at the relevant time what those legitimate business interests are.
You are not obliged to provide your personal data to us. However, if we need personal data in order to enter and perform the contract with you, and you do not provide this data, we may not be able to perform the contract we have or are trying to enter into with you.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, you may contact us by email at privacy@zorcha.com.

11. For California Residents

If you are a resident of California, you are entitled to certain rights regarding your personal data under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.

a. "Shine the Light" Request (California Civil Code § 1798.83)

You may request information about our disclosure of personal data to third parties for their direct marketing purposes during the prior calendar year. We will respond to such requests once per calendar year. To make this request, please email us at privacy@creatordesks.com.

b. Your CCPA/CPRA Rights

California residents have the following rights under applicable law:

1. Right to Know

You may request the following details about our data practices in the preceding 12 months:

Categories of personal data collected
Categories of sources of personal data
Business or commercial purposes for collecting or sharing personal data
Categories of third parties to whom personal data was disclosed or sold (if applicable)
Categories of personal data disclosed or sold per third party (if any)
Specific pieces of personal data collected about you

2. Right to Delete

You may request deletion of personal data we have collected about you, subject to legal exceptions.

3. Right to Correct

You may request correction of inaccurate personal information we maintain about you.

4. Right to Opt-Out of Sale or Sharing

Creatordesks does not sell personal data in the traditional sense. If this changes, we will update this Policy and provide mechanisms for opt-out.

5. Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your rights. We will not:

Deny you goods or services
Charge different prices or rates
Provide a different level or quality of services
Suggest any of the above

c. How to Submit a Request

You may submit requests to know, correct, or delete your personal data by emailing: privacy@creatordesks.com.

Verification: We will verify your identity before fulfilling your request. This may require additional information (e.g., email verification or account login). Any data collected for this purpose will be used solely to process your request.

Response Timeline:

Acknowledgment: Within 10 business days
Substantive Response: Within 45 calendar days (up to 90 days with notice)

d. Authorized Agents

You may authorize someone to act on your behalf. We require:

Written authorization or power of attorney (Cal. Prob. Code §§ 4121–4130)
Identity verification of both the agent and the requestor, unless legally exempt

e. Fee Policy

We do not charge for processing your requests unless they are manifestly unfounded, repetitive, or excessive. In such cases, we will inform you in advance and provide a cost estimate.

12. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time in response to evolving legal, technical, or business developments. When changes are made, we will take appropriate measures to notify you, in accordance with the significance of the changes and applicable legal requirements.

If material changes are introduced that affect your rights or how we process your personal data:

We will notify you through prominent notices on our website, via email, or through your user dashboard (where applicable)
We will obtain your consent where required by applicable data protection laws

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

You can determine when this Privacy Policy was last updated by referring to the “Effective Date” at the top of this page. The updated version will supersede all previous versions and apply to all current and past users of our Services, except where otherwise required by applicable law.

13. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us:

Email: support@creatordesks.com

You may also reach out to us regarding:

Exercising your data protection rights
Questions about your personal information
Concerns about security or data sharing
Reporting a potential privacy violation

We will make every effort to respond to your inquiry in a timely and comprehensive manner, in accordance with applicable legal obligations.

Privacy Policy