← THE CREATOR

Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how The Creator (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our service at thecreator-sc.vercel.app. It is written in line with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for processing your personal data is:

Mira Knaup
Dorfmatt 2, 79379 Müllheim, Germany
Email: miraknaup@gmail.com

See our Imprint for additional contact details.

2. What we collect and why

We collect only the data necessary to deliver the service:

  • Account data: email address, name (optional), authentication identifiers. Legal basis: contract performance (Art. 6(1)(b) GDPR).
  • Profile data you provide: niche, tone, keywords, phrases, content preferences. Used solely to personalize AI-generated scripts. Legal basis: contract performance.
  • Connected platform tokens: when you connect TikTok, Instagram, YouTube or LinkedIn, we store the OAuth access/refresh tokens. Tokens are encrypted at rest with AES-256-GCM. Used only to publish on your behalf when you initiate it. Legal basis: contract performance + your consent.
  • Generated content: the viral videos we scrape on your behalf, your swipe decisions, AI-rewritten scripts, and your edits. Legal basis: contract performance.
  • Billing data: processed by Stripe (see Processors below). We store only the Stripe customer ID and subscription status. Legal basis: contract + legal obligation (Art. 6(1)(b) and (c) GDPR).
  • Technical data: IP address, browser type, and request logs, retained briefly for security and debugging. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3. Processors (data we share)

We use the following service providers (Auftragsverarbeiter) under Art. 28 GDPR. Each is contractually bound to handle your data only on our instructions and to apply appropriate safeguards. Where data leaves the EU/EEA, we rely on EU Standard Contractual Clauses (SCCs).

  • Supabase, Inc. (USA) — authentication and database hosting. SCCs in place.
  • Vercel, Inc. (USA) — application hosting and edge delivery. SCCs in place.
  • Apify Technologies s.r.o. (Czech Republic, EU) — scraping of public viral content based on keywords you provide.
  • GroqCloud (Groq, Inc.) (USA) — primary LLM provider for script rewriting. SCCs in place.
  • Google LLC (USA) — Gemini API fallback for LLM requests. SCCs in place.
  • Anthropic, PBC (USA) — model API access when used. SCCs in place.
  • Stripe Payments Europe Ltd. (Ireland, EU) — payment processing.

We do not sell your personal data. We do not use your private inputs to train third-party AI models for the public.

4. Cookies & local storage

We use strictly necessary cookies for authentication (Supabase session). These cookies do not require consent because they are essential to operate the service (§ 25 (2) Nr. 2 TTDSG). We do not use marketing or analytics cookies that profile you.

5. Retention

We retain personal data only as long as necessary for the purposes described:

  • Account and profile data: until you delete your account.
  • Generated content and swipe history: until you delete the relevant rows or your account.
  • OAuth tokens for connected platforms: until you disconnect the platform.
  • Billing records: 10 years where required by German tax law (§ 147 AO).
  • Technical logs: typically 30 days.

6. Your rights

Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). You may also withdraw any consent at any time. To exercise these rights, email miraknaup@gmail.com.

You also have the right to lodge a complaint with a supervisory authority — for Baden-Württemberg this is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

7. International transfers

Several of our processors are located in the United States. We rely on the EU-US Data Privacy Framework (where the processor is certified) and on EU Standard Contractual Clauses (SCCs) as the safeguard mechanism under Chapter V GDPR.

8. Children

The service is not directed at children under 16. We do not knowingly collect personal data from children.

9. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL. Material changes will be communicated by email or in-app notice.

10. Contact

For any privacy questions or data requests, contact miraknaup@gmail.com.