Privacy Policy

This Privacy Policy explains how Creative Cult ("we", "us", "our") collects, uses, and protects your personal data when you visit our website or make a purchase. We are committed to protecting your privacy and handling your data responsibly.

We collect the following categories of personal data:

• Identity Data: Name, email address, phone number
• Order Data: Shipping/billing addresses, order history, payment information (processed by Stripe)
• Technical Data: IP address (hashed), browser type, device information, pages visited
• Marketing Data: Communication preferences, ad interaction data (only with consent)
• Cookie Data: Session identifiers, consent preferences (see our Cookie Policy)

We process your data under the following legal bases:

• Contract: To fulfill orders and provide customer service
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and analytics tracking (you can withdraw at any time)
• Legal Obligation: To comply with tax, accounting, and regulatory requirements

We share your data with the following third parties only as necessary:

• Stripe: Payment processing (PCI-DSS compliant)
• Shipping providers: To deliver your orders
• Meta/Facebook: Advertising and conversion tracking (only with your marketing consent)
• Analytics providers: Website analytics (only with your analytics consent)

We do not sell your personal data to third parties.

We retain your data for the following periods:

• Order data: 7 years (tax/legal requirements)
• Guest customer data: 90 days after last order (then anonymized)
• Abandoned checkout data: 7 days
• Analytics data: 26 months
• Account data: Until account deletion is requested

We use cookies and similar technologies. Non-essential cookies require your active consent. See our Cookie Policy for detailed information about each cookie we use, its purpose, and duration.

Under GDPR and applicable privacy laws, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Restrict processing of your data
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Withdraw consent for marketing/analytics at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

California residents have the right to: know what personal information is collected, request deletion of personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact [email protected].

Our services are not directed to individuals under 16 years of age (EU) or 13 years of age (US). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us to have it removed.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date.

For privacy-related inquiries, contact us at [email protected].