Privacy Policy

Last updated: May 8, 2025

1. Information We Collect

We may collect personal information that you provide to us directly, that is collected automatically through your use of our services, or obtained from third parties. This includes, for example:

• Identifiers and Contact Information: Name, email address, phone number, postal address, and similar identifiers.
• Account and Profile Data: Login credentials, profile details, and preferences if you create an account.
• Usage Data: Information on how you use our website or app (e.g., pages visited, actions taken, IP address, browser type, device identifiers, cookies, and similar technologies).
• Payment and Transaction Data: If you make purchases, we collect payment information (processed via secure third-party payment processors) and records of transactions.
• Other Information You Provide: Any personal data you choose to send us (e.g. when contacting support or filling out forms).

We do not knowingly collect data from children under 13. Our services are intended for general audiences. If we learn we have collected personal information from a child under 13 without parental consent, we will delete it as required by law.

2. Purpose of Collection and Use

We use personal information for the following purposes, and only when we have a valid legal basis to do so in accordance with applicable law:

• To Provide and Maintain Services: We process data to create and manage user accounts, allow you to use our website/app features, and deliver the services or products you request.
• To Communicate with You: We use contact information to respond to inquiries, send service-related announcements, and provide customer support.
• Personalization and Improvements: We analyze usage data to understand user preferences, customize your experience, and improve our services and content.
• Marketing (with Consent): If you subscribe or otherwise opt-in, we may send you promotional emails about new features or offers.
• Compliance and Legal Obligations: We process personal data as needed to comply with our legal obligations.
• Protecting Rights and Security: We may use data to protect the rights, property, or safety of Creatures LLC, our users, or others.

We will not use personal information for new, incompatible purposes without updating this Policy and, if required, obtaining your consent.

3. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA) or United Kingdom, we ensure that each use of your personal data is supported by a legal basis under the General Data Protection Regulation (GDPR). Depending on the context, one or more of the following legal bases apply:

• Consent: You have given clear consent for us to process your personal data for a specific purpose. You can withdraw it at any time.
• Contractual Necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where overridden by your interests or fundamental rights.

If you have questions about the specific legal basis we rely on for any particular processing activity, feel free to contact us.

4. Disclosure of Personal Information

We do not sell your personal information. However, we may share personal information in the following circumstances:

• Service Providers: We share data with trusted third-party service providers who need the information to perform services on our behalf (e.g., cloud hosting, payment processors, analytics tools).
• Affiliates and Business Transfers: We may share information with our corporate affiliates or as part of a merger, acquisition, financing, due diligence, reorganization, or sale of assets.
• Legal Compliance and Protection: We may disclose personal information to government authorities or other third parties if required by law, or to protect the rights, property, and safety of our company, our users, or the public.
• With Your Consent: We will share your personal data with others for purposes outside of this Policy only when we have your explicit consent to do so.

5. International Data Transfers

Creatures LLC is based in the United States. If you are located outside the U.S., your personal information may be transferred to and processed in the U.S. or other jurisdictions. These locations may have data protection laws different from those in your country. We take appropriate safeguards when transferring personal data across borders to ensure it remains protected in accordance with this Privacy Policy.

By using our services or providing us with information, you consent to the transfer of your personal data to the U.S. and other jurisdictions as described, in accordance with this Policy.

6. Data Security Measures

We employ reasonable and appropriate security measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure, so we cannot guarantee absolute security.

Security Breach Notification

In the event of a data breach that affects your personal information, we will promptly notify you and any relevant supervisory authorities as required by law. We maintain an incident response plan and will take all necessary steps to mitigate the impact of any data breach.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes we collected it for, unless a longer retention period is required by law. We consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and our legal obligations.

We may retain backup copies of data for a limited period as part of routine archival practices. When personal information is no longer needed, we will delete or anonymize it in a secure manner.

8. Your Rights and Choices

You have rights and choices regarding your personal information. You can make any request related to your data by contacting us at info@creatures.com. We will respond within the timeframes required by law.

EU/EEA (GDPR) Rights

• Right of Access: Request confirmation of whether we process your personal data and obtain a copy.
• Right to Rectification: Request correction of any inaccurate or incomplete personal data.
• Right to Erasure: Ask us to delete your personal data under certain conditions.
• Right to Restrict Processing: Request that we limit our processing of your data in certain circumstances.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Data Portability: Request a machine-readable copy of certain data you provided and have it transferred to another controller.
• Right to Withdraw Consent: If we rely on your consent, you may withdraw it at any time.
• Right to Lodge a Complaint: You can file a complaint with your local Data Protection Authority.

California (CCPA/CPRA) Rights

• Right to Know: Request the categories and specific pieces of personal data we have collected, sources, purposes, and third parties we share with.
• Right to Deletion: Request deletion of personal information we have collected about you, subject to exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: We do not sell personal information, but you can request to opt out if we ever change our practices.
• Non-Discrimination: We will not discriminate against you for exercising your rights.

Canadian (PIPEDA) Rights

• Right to Access: Request information about the existence, use, and disclosure of your personal data and obtain a copy.
• Right to Correction: Request correction of any inaccurate or incomplete data.
• Consent and Withdrawal: Withdraw your consent at any time, subject to legal or contractual restrictions.

9. Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or relevant laws. The updated version will be indicated by an updated “Last Updated” date at the top of the Policy. Any changes will become effective when we post the revised Policy on our website.

Your continued use of our services after the updated Policy is posted constitutes your acceptance of the changes, to the extent permitted by law.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us at:

Creatures LLC (Privacy Office)
Email: info@creatures.com
Mailing Address: 108 5th St SE, Ste 206A, Charlottesville, VA 22902, USA

If you are an EU resident, Creatures LLC is the “data controller” of your personal data. You may also lodge a complaint with your local Data Protection Authority. Similarly, Canadian residents may contact the Office of the Privacy Commissioner of Canada, and California residents can reach out to the California Privacy Protection Agency, but we invite you to contact us first so we can address your concerns.

11. Governing Law and Dispute Resolution

By using our services or providing personal information to us, you agree that any dispute or claim arising out of or relating to this Privacy Policy or our handling of your personal data will be governed by the laws of the Commonwealth of Virginia, USA, without regard to its conflict of law principles.

Arbitration: You further agree that all disputes or claims relating to privacy or the use of personal data must first be submitted to confidential binding arbitration in Virginia (or another location mutually agreed upon) before a single neutral arbitrator, prior to initiating any formal lawsuit. Arbitration shall be conducted in English in accordance with the rules of a reputable arbitration organization. Each party will bear its own arbitration costs, except as required by law. The arbitrator’s decision will be final and binding, and may be entered as a judgment in any competent court.

Class Action Waiver: To the fullest extent permitted by law, you and Creatures LLC agree that any dispute resolution will be conducted on an individual basis only, and not in a class, consolidated, or representative action.

You have the right to opt out of this arbitration agreement by sending us written notice within 30 days of first accepting this Policy. If you opt out, only the governing law and venue provisions (Virginia law, and state or federal courts in Virginia) will apply to any disputes.