← Home Terms of Service Cookie Policy Security

Privacy Policy

Last Updated: February 4, 2026

                Your Privacy Matters. This Privacy Policy explains how CreonOS collects, uses, protects, and shares your information. We are committed to transparency and data protection.
            

1. Information We Collect

1.1 Account Information

When you register for CreonOS, we collect:

Email address (required for account creation and communication)
Password (encrypted using bcrypt, never stored in plain text)
Display name (optional, for personalization)
Profile picture (optional)

1.2 Usage Data

We automatically collect information about how you use CreonOS:

Agent execution logs (prompts, responses, code generated)
Features used and frequency of use
Error reports and debugging information
Performance metrics (load times, latency)
IP address and device information
Browser type and version
Session duration and timestamps

1.3 Code and Project Data

Your workspace data includes:

Code files and content you create
Project configurations and settings
AI agent conversations and prompts
File structure and metadata
Version history and backups

1.4 Payment Information

For paid subscriptions:

Stripe handles all payment processing (we never store credit card numbers)
Billing address and name
Payment history and invoices
Subscription tier and status

1.5 Communications

If you contact support or subscribe to updates:

Support ticket content and correspondence
Email preferences and newsletter subscriptions
Feedback and survey responses

2. How We Use Your Information

2.1 Service Delivery

Provide AI-powered code generation and orchestration
Store and sync your projects across devices
Process payments and manage subscriptions
Authenticate your account and maintain security

2.2 Service Improvement

Train and improve AI models using anonymized code patterns
Analyze usage patterns to optimize performance
Debug errors and fix bugs
Develop new features based on user behavior

2.3 Communication

Send transactional emails (password resets, billing notifications)
Product updates and feature announcements (opt-out available)
Security alerts and policy changes
Respond to support requests

2.4 Legal Compliance

Comply with applicable laws and regulations
Enforce our Terms of Service
Protect against fraud and abuse
Respond to legal requests (subpoenas, court orders)

3. Data Sharing and Disclosure

3.1 Third-Party AI Providers

CreonOS integrates with external AI services. Your prompts and code may be sent to:

Provider	Data Shared	Purpose
Anthropic (Claude)	Prompts, code context	AI code generation
OpenAI (GPT-4)	Prompts, code context	AI code generation
Google (Gemini)	Prompts, code context	AI code generation
DeepSeek	Prompts, code context	AI code generation

Important: These providers have their own privacy policies. We recommend reviewing:

3.2 Service Providers

We share data with trusted partners who help us operate CreonOS:

Railway - Cloud hosting and infrastructure
Stripe - Payment processing (PCI-DSS compliant)
PostgreSQL - Database hosting and management
Email service providers - Transactional emails

3.3 We Never Sell Your Data

CreonOS does NOT sell, rent, or trade your personal information to third parties for marketing purposes.

3.4 Legal Requirements

We may disclose your information if required by law:

In response to subpoenas, court orders, or legal process
To protect our rights, property, or safety
To prevent fraud or security threats
During business transfers (mergers, acquisitions)

4. Data Security

4.1 Security Measures

We implement industry-standard security practices:

Encryption: TLS/SSL for data in transit, AES-256 for data at rest
Password Security: Bcrypt hashing with salts (never plain text)
Access Controls: Role-based permissions and authentication
Regular Audits: Security assessments and vulnerability scanning
DDoS Protection: Rate limiting and traffic filtering
Secure Infrastructure: Railway's SOC 2 compliant hosting

4.2 Data Breach Notification

In the unlikely event of a data breach, we will:

Notify affected users within 72 hours
Provide details of the breach and our response
Offer guidance to protect your account
Report to relevant authorities as required by law

5. Data Retention

5.1 Active Accounts

Account data: Retained while your account is active
Project code: Stored indefinitely unless you delete it
Usage logs: Retained for 12 months
Payment records: Retained for 7 years (tax compliance)

5.2 Deleted Accounts

When you delete your account:

Personal data is deleted within 90 days
Backups are purged within 180 days
Anonymized analytics data may be retained
Legal/financial records retained as required by law

5.3 Data Export

Before deleting your account, you can export:

All project code and files
Account settings and preferences
Agent conversation history

6. Your Rights (GDPR Compliance)

Under the UK GDPR and EU GDPR, you have the right to:

6.1 Access Your Data

Request a copy of all personal data we hold about you.

6.2 Rectification

Correct inaccurate or incomplete data.

6.3 Erasure ("Right to be Forgotten")

Request deletion of your data, subject to legal obligations.

6.4 Data Portability

Receive your data in a machine-readable format (JSON export).

6.5 Restrict Processing

Limit how we use your data in certain circumstances.

6.6 Object to Processing

Opt out of marketing communications and certain data uses.

6.7 Withdraw Consent

Revoke previously granted permissions at any time.

To exercise your rights, email: privacy@creonai.co.uk

We will respond within 30 days.

7. Cookies and Tracking

7.1 Essential Cookies

Session cookies: Keep you logged in
Security cookies: Prevent CSRF attacks
Preference cookies: Remember your settings

7.2 Analytics Cookies

Track usage patterns (anonymized)
Measure feature adoption
Optimize performance

See our Cookie Policy for full details.

8. Children's Privacy

CreonOS is not intended for users under 13. We do not knowingly collect data from children. If we discover a child's account, we will:

Delete the account immediately
Purge all associated data
Notify the email address on file (if verifiable as a parent)

9. International Data Transfers

CreonOS is hosted on Railway infrastructure, which may process data in multiple regions. When transferring data outside the UK/EU, we ensure:

Standard Contractual Clauses (SCCs) are in place
Adequate data protection safeguards
Compliance with GDPR transfer requirements

10. Changes to This Policy

We may update this Privacy Policy to reflect:

Changes in our data practices
New features or services
Legal or regulatory requirements

Material changes will be communicated via:

Email notification
In-app banner
Updated "Last Modified" date

Continued use after changes constitutes acceptance.

11. Contact Us

For privacy questions, concerns, or data requests:

Privacy Officer: privacy@creonai.co.uk
General Support: support@creonai.co.uk
Data Protection Officer: dpo@creonai.co.uk

12. Supervisory Authority

If you're in the UK/EU and believe we've violated your privacy rights, you can file a complaint with:

UK: Information Commissioner's Office (ICO) - ico.org.uk
EU: Your local data protection authority

                Privacy Summary: We collect data to deliver CreonOS and improve AI models. We never sell your data. You control your information and can export or delete it anytime. Questions? Email privacy@creonai.co.uk.
            