The AI Creator LabBack to home

Trust & privacy

How we handle your data

This page is maintained by The AI Creator Lab to answer common security and privacy questions about the app. It describes the controls currently enabled and the practices we follow — it is not an independent certification or audit report.

Last updated June 2026

Access & authentication

Sign-in is handled by our managed authentication backend. Supported methods are email and password and Google sign-in. Sessions use signed JSON Web Tokens; passwords are never stored in plain text.

Privileged actions are gated by role-based access control. Roles are stored in a dedicated table and checked server-side on every request; client-side flags alone never grant access.

Data we collect

We collect only what we need to operate the app:

  • Account data: email address, display name, authentication identifiers.
  • Product data you create inside the app (assets, listings, posts, events, etc.).
  • Order and billing metadata returned by Stripe (we do not store full card numbers).
  • Operational logs needed for security and debugging.

How your data is protected

All traffic to the app is served over HTTPS. Database access is restricted by row-level security policies — each query is scoped to the signed-in user or to a role explicitly granted access. Service-level credentials are kept on the server and are never exposed to the browser.

Webhooks from external providers are verified by signature before any data is written, and server endpoints validate input before processing.

Payments

Payments are processed by Stripe. Card data is entered directly into Stripe-hosted fields and never touches our servers. We retain only the metadata Stripe returns (order ID, amount, status) so we can fulfill purchases and show receipts.

Subprocessors

The current subprocessor used to deliver the service is:

  • Stripe — payment processing, billing, and checkout.

Additional subprocessors used for hosting and infrastructure will be listed here as the subprocessor list is finalized.

Retention & deletion

When you delete your account, we retain associated data for 30 days to support billing reconciliation and legal obligations, then permanently delete it from our primary database.

Backups, log files, and records we are legally required to keep (for example tax records from Stripe) may persist for longer in accordance with applicable law.

Your privacy choices

You can request a copy of your data, correct inaccuracies, or ask us to delete your account at any time by contacting the address below. We respond to verified requests within a reasonable timeframe.

Marketing emails always include an unsubscribe link. Transactional emails (receipts, security notifications) are sent only when required to operate the service.

Security & privacy contact

For security reports, privacy requests, or general questions about this page, contact the app owner. A dedicated contact address will be published here shortly. In the meantime, reach us via the address listed on our homepage.

Shared responsibility: The AI Creator Lab is responsible for the application code, access controls, and data handling described above. Our hosting and payment partners are responsible for the security of their underlying infrastructure. You are responsible for keeping your account credentials safe and for the data you choose to store in the app.