Privacy Policy
Last updated: 10 June 2026
This Privacy Policy explains how Nicolas Le Roux, trading as Creatorstaq (“Creatorstaq”, “we”, “us”) collects, uses, and protects information in connection with the Creatorstaq analytics platform and website (the “Service”). It applies to our customers (agencies and account managers) and to visitors of our website.
1. Information we collect
Information you give us
- Account & billing data: name, email, password (hashed), agency details, and payment information processed by our payment provider (we do not store full card numbers).
- Communications: messages you send us through the contact form or by email.
Information we process on your behalf
When you connect an account, we retrieve and store platform data such as subscriber records, transactions, earnings, campaign data, and messages so we can compute analytics. This is processed under your instructions. Creatorstaq is a numbers-focused product: we do not collect or display end-user (“fan”) photographs, government identifiers, or contact details such as phone numbers and personal email addresses.
Information collected automatically
Basic technical data (IP address, browser type, pages viewed) and session cookies strictly necessary to keep you signed in and operate the Service. We do not use advertising, tracking, or analytics cookies. Because we only set strictly-necessary cookies, no cookie consent banner is required — but we mention them here for completeness. If you submit feedback through the in-app feedback tool, that submission may include a screenshot of the page you were viewing at the time.
2. How we use information
- To provide, maintain, and improve the Service and compute analytics;
- To authenticate you and secure your account;
- To process payments and manage your subscription;
- To respond to your inquiries and provide support;
- To comply with legal obligations and enforce our terms.
We do not sell your personal information, and we do not use connected-account data for advertising.
3. Legal bases for processing (GDPR)
If you are in the European Economic Area or United Kingdom, we process your personal data only where we have a valid legal basis to do so:
- Delivering the analytics service
- Processing connected-account data (subscribers, transactions, campaigns, earnings) to compute and display metrics — performance of the contract between us. This is the core of the Service; without it we cannot provide what you paid for.
- Account management and authentication
- Name, email address, and hashed password to operate your account and verify your identity — performance of the contract.
- Payment processing
- Billing details passed to our payment processor (Stripe) to charge your subscription — performance of the contract.
- Responding to enquiries and support
- Messages you send us via the contact form or email — legitimate interests (providing support and maintaining the customer relationship).
- Security and service integrity
- Technical logs, IP addresses, and session data used to detect abuse and protect the Service — legitimate interests (keeping the Service secure for all customers).
- Legal and tax compliance
- Transaction and billing records we are required to retain — legal obligation.
Where we rely on legitimate interests, you have the right to object (see §8 below).
4. How we share information
We share information only with: (a) service providers who help us operate the Service, under contractual confidentiality obligations; (b) authorities when required by law; and (c) a successor entity in connection with a merger or acquisition. We never sell your data to third parties.
Our current subprocessors are:
- Hetzner Online GmbH (Germany) — application hosting and database storage.
- Stripe, Inc. (USA) — payment processing and subscription management.
- Resend (USA) — transactional email (contact form responses and account notifications).
- Cloudflare, Inc. (USA) — content delivery, DNS, and website analytics.
5. Data retention
We retain your account data and connected-account analytics data for as long as your subscription is active. When you close your account:
- Connected-account data (subscribers, transactions, campaigns, earnings) is deleted immediately and irreversibly.
- Account profile data (name, email, agency settings) is deleted within 30 days.
We retain billing records (invoices, payment history) for seven years as required by tax and accounting law. Beyond these periods, we hold no archived or soft-deleted copy of your data.
6. Security
We use technical and organizational measures to protect your information, including encryption of sensitive credentials at rest, encrypted transport (HTTPS), and access controls scoped per agency. No system is perfectly secure, but we work to safeguard your data and to limit access to those who need it.
7. Data breach notification
We maintain an incident response process. In the event of a personal data breach, we will investigate and contain the incident promptly. Where required by applicable law — including GDPR Articles 33 and 34 — we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
8. Your rights
If you are in the European Economic Area, United Kingdom, or another jurisdiction with applicable data-protection law, you have the following rights regarding your personal data:
- Right of access
- You can ask us to confirm whether we hold personal data about you and to provide a copy of it.
- Right to rectification
- You can ask us to correct inaccurate or incomplete personal data we hold about you.
- Right to erasure
- You can ask us to delete your personal data where we have no continuing lawful reason to retain it.
- Right to data portability
- You can ask us to provide your personal data in a structured, commonly used, machine-readable format so you can transfer it to another provider.
- Right to restriction of processing
- You can ask us to pause processing your personal data in certain circumstances — for example, while you contest its accuracy or the lawfulness of our processing.
- Right to object
- Where we process your data on the basis of legitimate interests, you can object at any time. We will stop unless we have compelling legitimate grounds that override your interests, rights, and freedoms.
- Right to lodge a complaint
- If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the data-protection supervisory authority in your country of residence, place of work, or where the alleged breach occurred. In France, this is the CNIL (cnil.fr); elsewhere in the EU, your national data-protection authority; in the UK, the ICO (ico.org.uk).
To exercise any of the above rights, contact us using the details in §13. We aim to respond within 30 days. If your request concerns data connected by an agency on your behalf, please direct it to that agency — they are the controller of that data and we will assist them as the processor.
9. US residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect about you, to request deletion or correction of your personal information, to receive a copy in a portable format, and to non-discrimination for exercising these rights. We do not sell personal information and do not share it for cross-context behavioral advertising. To exercise your rights, contact us using the details in §13.
10. International transfers
We may process and store information in countries other than where you live. Where required by applicable law, we use appropriate safeguards — such as standard contractual clauses approved by the European Commission — to protect your data during any such transfer.
11. Children
The Service is a B2B analytics platform intended for use by businesses and professionals. It is not directed to children under 13, and we do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, notify you by email.
13. Contact
For privacy questions or to exercise your rights, contact us via our contact page or at contact@creatorstaq.com. Operator: Nicolas Le Roux, trading as Creatorstaq.