Privacy Policy
Last updated: February 14, 2026
Creative Copilot ("we", "us", "our") is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains what data we collect, why we collect it, and your rights regarding that data.
1. Data Controller
The data controller responsible for your personal data is Creative Copilot. For questions about data processing or to exercise your rights, contact us at: ben@autotailorai.com
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Profile avatar (if uploaded)
- Authentication credentials (managed securely via Supabase)
2.2 Content and Prompts
When you use our service, we process:
- Creative prompts and briefs you submit
- AI-generated content and assets
- Project configurations and settings
- Competitor research data you provide
2.3 Usage Data
We automatically collect:
- Pages visited and features used
- Timestamps of actions
- Browser type and device information
- IP address
2.4 Notification Preferences
If you configure Slack or email notifications, we store the webhook URLs and notification preferences you provide.
3. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Article 6):
- Contract performance — Processing necessary to provide you the Creative Copilot service, including account management, content generation, and project management.
- Legitimate interest — Analytics and service improvement, fraud prevention, and ensuring platform security.
- Consent — Optional notifications (Slack, email), marketing communications, and cookies beyond essential ones. You may withdraw consent at any time.
4. How We Use Your Data
- Providing and operating the Creative Copilot service
- Processing your prompts through AI providers to generate creative content
- Sending notifications about workflow status, approvals, and errors
- Improving our service quality and user experience
- Ensuring security and preventing abuse
5. Third-Party Processors
We share data with the following third-party processors, each bound by data processing agreements:
| Processor | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and database hosting | Account data, project data |
| AI Providers (OpenAI, Anthropic) | Content generation | Prompts and creative briefs |
| Vercel | Application hosting | Usage data, IP addresses |
| Slack (optional) | Notifications | Notification content only when configured |
6. Data Retention
- Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
- Content and projects — Retained while your account is active. You may delete individual projects at any time.
- Usage logs — Retained for up to 12 months for analytics and security purposes.
- AI processing data — Prompts sent to AI providers are processed in real-time and not stored by us beyond what is needed for the generated output.
7. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access (Article 15) — Request a copy of all personal data we hold about you.
- Right to rectification (Article 16) — Request correction of inaccurate or incomplete data.
- Right to erasure (Article 17) — Request deletion of your personal data ("right to be forgotten").
- Right to restrict processing (Article 18) — Request that we limit how we use your data.
- Right to data portability (Article 20) — Receive your data in a structured, machine-readable format.
- Right to object (Article 21) — Object to processing based on legitimate interest.
- Right to withdraw consent (Article 7) — Withdraw consent at any time where processing is consent-based.
To exercise any of these rights, email us at ben@autotailorai.com. We will respond within 30 days.
8. Cookies
We use the following types of cookies:
- Essential cookies — Required for authentication and core functionality. These cannot be disabled.
- Analytics cookies — Help us understand how the service is used. You may opt out via your browser settings or our cookie preferences.
9. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.
11. Children's Privacy
Creative Copilot is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.
12. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the application. Continued use of the service after changes constitutes acceptance of the updated policy.