Privacy Policy

Last updated: 15 April 2026

1. Who we are

"CreatorPanel" ("we", "us") operates creatorpanel.app. For data protection purposes we are the Controller of personal data processed through the Service. Contact: hello@creatorpanel.app

2. What we collect

• Account data: email address (via Supabase Auth).
• Platform session tokens that you explicitly submit via the browser extension or onboarding form. Stored encrypted at rest.
• Creator statistics pulled from the third-party platforms on your behalf (model metadata, download counts, earnings / points history).
• Billing data: handled by Stripe. We store Stripe customer and subscription IDs; we never see your card number.

3. What we do NOT collect

• Passwords for any 3D platform.
• Browsing activity outside our site or extension.
• Personal information of third parties (buyers, other creators).

4. Why we process data

• To provide the Service (contract basis).
• To send transactional emails such as welcome and token-expiry alerts (legitimate interest / contract).
• To process your subscription (contract).
• To comply with legal/tax obligations.

5. Sub-processors

• Supabase (database + auth, EU region).
• Stripe (payments).
• Resend (transactional email).
• Hetzner (EU hosting for data collectors).
• Cloudflare (CDN + HTTPS tunnel).

6. How long we keep it

While your account is active and for up to 60 days after deletion to handle refunds and audit requirements. Invoices are retained 10 years for tax law compliance.

7. Your rights (GDPR)

• Access, rectify, or delete your data.
• Export your data as CSV/JSON.
• Object to or restrict processing.
• Withdraw consent at any time.
• Lodge a complaint with CNPD (Comissão Nacional de Proteção de Dados).

Email hello@creatorpanel.app for any of the above. We respond within 30 days.

8. Cookies

We use a strictly necessary session cookie for authentication. No marketing, tracking, or analytics cookies.

9. International transfers

Data is stored in the EU. Stripe and Resend may process minimal data in the US under Standard Contractual Clauses and EU-US DPF.

10. Security

Data is encrypted in transit (HTTPS) and at rest (Supabase). Tokens are stored with row-level security so only your tenant can access them. We do not share tokens with third parties.

11. Changes

We notify you by email at least 14 days before material changes.

12. Contact

hello@creatorpanel.app