Privacy Policy

Last updated: 22 October 2025

This Privacy Policy describes how Direct AI (the “Service”), provided by Creativverse Studio Ltd(“Company”, “we”, “our”, “us”), collects, uses, and shares personal information, and explains your choices and rights. Direct AI is the product/brand; Creativverse Studio Ltd (a UK entity) is the data controller for this Service.

Data Controller: Creativverse Studio Ltd (UK)
Suite 9191, 5 Brayford Square, London, UK
Privacy contact: [email protected]

Scope. This Policy applies to our website, web app, and related services that link to it.

1) Information We Collect

  • Account & Contact: name, email, account identifiers, subscription status, plan type.
  • Project/Content: prompts, scripts, files you upload, and outputs we generate (e.g., images, audio, video), plus settings you save.
  • OAuth: handled under the Google API Services User Data Policy (Limited Use).
  • Usage, Device & Context: IP address (including reverse-proxy headers such as cf-connecting-ip), approximate location derived from IP, user-agent, referrer, request IDs (e.g., Cloudflare Ray ID), pages viewed, actions performed, timestamps, and error/diagnostic logs.
  • Cookies & Local Storage: essential cookies (e.g., authentication token), security/fraud prevention device cookie da_device (first-party identifier), and settings. With consent where required: analytics/measurement cookies and pixels.
  • Payments: processed by payment processors (e.g., Stripe). We receive limited billing metadata (e.g., customer ID, last4) and do not store full card numbers on our servers.

2) How We Use Information (Purposes & Legal Bases)

  • Provide the Service: authenticate you and operate features you request (performance of a contract).
  • Improve & secure: monitor for abuse/fraud and debug (legitimate interests).
  • Communicate: onboarding, transactional notices, support; occasional product updates (legitimate interests; certain marketing—consent where required).
  • Advertising/Measurement: analytics and ad effectiveness (e.g., Meta Pixel/Conversions API) with consent where required. We do not share your prompts/outputs with ads partners.
  • Compliance: satisfy legal obligations and enforce Terms & Conditions.
Server-side Legal Notice Acceptance: When you proceed past the sign-in/sign-up notice that links to our Privacy Policy, Terms & Conditions, and Refund Policy, we record a one-time consent event in your account.
Model Training: If we offer an option to help improve AI models with your inputs/outputs, we will clearly present a control to opt in/out.

3) Advertising, Analytics & Cookies

We may use analytics and advertising technologies (including Meta Pixel and/or Conversions API) to measure performance and improve marketing.

  • What we share: limited identifiers and page/activity events for attribution, security/fraud prevention, and aggregate reporting.
  • Your choices: manage cookies in your browser, our in-app/preferences (where available), or use Global Privacy Control (GPC). Where required by law, we seek consent before setting non-essential cookies.

4) How We Share Information

We share personal information only as needed to run the Service or comply with law:

  • Hosting/CDN & storage providers
  • Payments (e.g., Stripe)
  • AI/ML providers to fulfill user-requested generations
  • Analytics/measurement vendors (per your consent choices)
  • Email/support tooling
  • Professional advisors and law enforcement if required
  • Corporate transactions (e.g., merger/sale), with protections

We do not sell personal information for money.

5) International Transfers

Your data may be processed in the UK, EEA, US, and other countries where we and our processors operate. Where required, we use safeguards such as EU Standard Contractual Clauses and the UK Addendum.

6) Data Retention

  • Account data: life of the account and typically up to 24 months after closure.
  • Analytics logs: up to 13 months.
  • Transactional/billing: per tax/audit laws.
  • Consent/audit logs: as needed for compliance.

7) Security

We use appropriate safeguards (encryption in transit, access controls/least-privilege, monitoring, incident response). No method of transmission or storage is 100% secure.

8) Your Rights

  • UK / EU / EEA / Switzerland (GDPR/UK GDPR): rights to access, rectify, erase, restrict, object, portability, and to withdraw consent at any time (without affecting prior processing). You may lodge a complaint with your local authority, or in the UK with the ICO ( https://ico.org.uk/).
  • California & certain US states (CPRA and similar): rights to know/access, correct, delete, and to opt out of “sharing” for cross-context behavioral advertising. We do not “sell” personal information. We honor GPC where required. Use our in-app preferences (if available) or email [email protected] with your request.

Verification: We may ask for information to verify your identity and protect your account. Some requests may limit functionality if essential data is deleted.

9) Children

The Service is not intended for children under 13. We do not knowingly collect data from children under 13.

10) Changes to this Policy

We may update this Policy. We’ll post the new version here and revise the “Last updated” date above. Material changes may be highlighted in-app or by email.

11) Contact

Questions or requests? Email [email protected]. Please include your account email and any relevant context so we can assist you faster.

Direct AI is a brand of Creativverse Studio Ltd (UK).

© 2025 Creativverse Studio Ltd. All rights reserved.