Last updated: April 16, 2026
This policy explains how Creatordex ("we," operator of creatordex.ai) collects, uses, and protects your personal information. For privacy questions or rights requests, email support@creatordex.ai.
From you: email, name, company (optional), hashed password, Stripe customer ID, billing address (via Stripe — we don't store card numbers), search queries, contact reveals, watchlist entries, saved searches, and API/MCP usage logs.
Automatically: basic request logs (IP, user agent, timestamp) and analytics events via Vercel Analytics. We do not use tracking cookies beyond what's required for authentication and essential functionality.
To provide the service (searches, reveals, watchlist, digests), process payments via Stripe, send transactional emails (welcome, digests, billing receipts, password resets) via Resend, and improve search quality. We do not sell your personal data or use it for third-party advertising.
All of these are contractually bound to process your data only on our instructions and in accordance with applicable law.
We are based in the United States and most of our processors operate in the US. If you access Creatordex from outside the US (including the EU/UK), your personal data will be transferred to and processed in the US. We rely on Standard Contractual Clauses where required for cross-border transfers.
If you are in the EU, UK, or EEA, you have the right to: access your data, correct inaccuracies, request deletion, restrict processing, receive your data in a portable format, object to processing, and lodge a complaint with your local supervisory authority. Email support@creatordex.ai to exercise any of these — we will respond within 30 days.
California residents can request to know what personal information we collect, to delete that information, to correct inaccuracies, and to limit use of sensitive personal information. We do not sell personal information and do not share it for cross-context behavioral advertising. Email the address above to submit a request.
Creatordex indexes publicly available profiles from TikTok and Instagram. We do not collect private messages, follower lists, or account credentials. Creators can request removal from our index at any time by emailing support@creatordex.ai — we will remove the profile within 14 days and flag it to prevent re-indexing.
We use a small number of essential cookies for authentication (NextAuth session), CSRF protection, and billing portal continuity. These do not require consent under ePrivacy/GDPR. We do not use advertising, cross-site tracking, or analytics cookies beyond the privacy-friendly Vercel Analytics.
Account data is retained while your account is active and for 30 days after cancellation, then permanently deleted. Transactional email and invoice records are retained for 7 years to satisfy tax/accounting law. Search query logs are retained for 180 days for quality improvement, then anonymized.
Data is encrypted in transit (TLS 1.2+) and at rest in Supabase. Passwords are hashed with bcrypt. Payment card data is handled entirely by Stripe and never reaches our servers. We use least-privilege access to production systems and maintain audit logs.
Creatordex is not intended for anyone under 18 and we do not knowingly collect personal information from minors. If you believe a minor has an account, contact us and we will delete it promptly.
We may update this policy. Material changes (new processors, expanded data collection, retention changes) will be communicated by email at least 14 days before they take effect.
For privacy questions, rights requests, or a formal DPA for your organization, email support@creatordex.ai.