Privacy Policy
Last updated: June 2026
1.Introduction
Bluetik operates CreatorGPT at https://blu-ai-three.vercel.app. This Privacy Policy explains how we collect, use, store, share, and protect personal data in accordance with the Digital Personal Data Protection Act 2023 and the IT Act 2000. By using CreatorGPT you consent to the practices described in this Policy. If you do not agree, please discontinue use of the Platform.
2.Data We Collect
We collect the following categories of data: Account data — your full name, email address, hashed password, profile avatar, and Google OAuth details where applicable. Usage data — pages visited, features used, generation requests made, and brand URLs submitted. Brand data — website URLs, Instagram handles, and extracted brand elements such as colours, style, and tone. Payment data — your subscription plan, Razorpay order ID and payment ID; we never store card numbers, CVVs, or banking credentials. Designer booking data — session hours, urgency level, chat summary, and booking status. Device data — IP address, browser type, operating system, and session duration.
3.How We Use Your Data
We use your personal data to: operate and improve the Platform; process payments and manage your subscription; send transactional notifications, confirmations, and product updates; monitor errors and diagnose technical issues; comply with applicable law and respond to lawful requests. We do not use your data for automated decision-making that produces legal or similarly significant effects without human oversight.
4.Data Sharing
We share personal data only with trusted third-party processors bound by data processing agreements: Supabase (database and authentication), Vercel (cloud hosting), Anthropic (AI text generation), FAL.ai (AI image and video generation), Razorpay (payment processing), Resend (transactional email), PostHog (anonymised product analytics), and Sentry (error monitoring and crash reporting). We never sell, rent, or trade your personal data to third parties for advertising or marketing purposes.
5.Data Retention
We retain your data for the following periods: Account data — until you delete your account. Usage logs — 12 months. Payment records — 7 years, as required by Indian financial and tax regulations. Designer booking records — 3 years. Error logs — 90 days. Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised.
6.Your Rights under the DPDP Act 2023
Under the Digital Personal Data Protection Act 2023, you have the right to: Access — obtain a summary of the personal data we hold about you and the purposes for which it is being processed. Correction — request that inaccurate, incomplete, or outdated data be corrected. Erasure — request deletion of your personal data, subject to our legal retention obligations. Grievance Redressal — raise a complaint, which we will acknowledge within 48 hours and endeavour to resolve within 30 calendar days. To exercise any of these rights, please email bluetiksocial@gmail.com with the subject line "Data Rights Request — [Your Name]".
7.Data Security
We implement the following safeguards: TLS 1.2 or higher encryption for all data in transit. Passwords hashed using bcrypt with salt. Row-Level Security enforced on all database tables via Supabase. API keys and secrets stored in encrypted server-side environment variables and never exposed to the client. All payment processing handled entirely within Razorpay's PCI-DSS compliant environment — we never touch card data. In the event of a personal data breach that poses a risk to individuals, we will notify affected users and the relevant authority within 72 hours of becoming aware.
8.Cookies
We use three categories of cookies and local storage: Essential authentication cookies issued by Supabase (sb-access-token and sb-refresh-token) that are strictly necessary to maintain your logged-in session and cannot be disabled. Anonymised analytics scripts from PostHog that help us understand how users interact with CreatorGPT without identifying you personally. Error monitoring scripts from Sentry that capture crash reports and diagnostic data to improve reliability. For full details of specific cookies set, their lifetimes, and how to opt out of non-essential tracking, please see our Cookie Policy or email bluetiksocial@gmail.com.
9.Children's Privacy
CreatorGPT is not directed at, and is not intended to be used by, anyone under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has created an account or submitted personal data on our Platform without your consent, please contact us immediately at bluetiksocial@gmail.com and we will take prompt action to delete such information.
10.International Transfers
Some of our service processors are headquartered in the United States, including Supabase, Vercel, Anthropic, PostHog, Resend, and Sentry. By using CreatorGPT, you acknowledge and consent to your personal data being transferred to and processed in countries outside India, including the United States. All such cross-border transfers are governed by contractual safeguards — such as Standard Contractual Clauses — to ensure your data receives a level of protection equivalent to that required under Indian law.
11.Grievance Officer
In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, the designated Grievance Officer for CreatorGPT is: Bluetik, Kochi, Kerala, India. Email: bluetiksocial@gmail.com. We will acknowledge your grievance within 48 hours and resolve it within 30 calendar days. For urgent data-related concerns, please include "URGENT" in your subject line.
Questions about this Privacy Policy?
Contact Us