CreateFame Logo
← Back to Home

Privacy Policy – CreateFame

Effective Date: 23-09-2025  |  Last Updated: 23-09-2025

This Privacy Policy explains how Barrière Brekers B.V. ("CreateFame", "we", "us", "our") processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and Dutch privacy law.

1. Who We Are (Data Controller)

Barrière Brekers B.V.
Groene Woud 60, 4834BC, Breda, The Netherlands
Contact: hello@createfame.ai

We operate the CreateFame platform (the "Service"). Unless stated otherwise, we act as the data controller for the processing activities described in this policy.

2. Scope

This policy applies to users of CreateFame, including account holders connecting social profiles and using our AI-powered content generation features.

3. Personal Data We Collect

3.1 Account & Identification Data

  • Name (optional), email address, profile details (username, handle, profile photo)
  • Authentication identifiers, login timestamps, security events (via Clerk)

3.2 User-Provided Content

  • Text, documents, and notes you upload or create
  • Video/audio you upload (we may transcribe to text)
  • Samples of your writing style
  • Reference image(s) of yourself used to create new images of you (not for biometric identification)
  • Generated content (e.g., posts, images, short videos, carousels, captions, quote cards, content collections)

3.3 Social Media Connections (Optional)

  • Access tokens and permissions you grant (e.g., read profile, create posts)
  • Scheduling data and publish status
  • Public profile information provided by the social platform

We only read or publish content where you have explicitly connected an account and granted permission. You can revoke access at any time.

3.4 Payments & Subscriptions

  • Subscription plan, credit usage, invoices and transaction history
  • Payment processing is handled by Stripe. We do not store full card numbers or CVV.

3.5 Technical & Usage Data

  • Device and browser information, IP address, app events, diagnostics and logs
  • Aggregated analytics and performance metrics

Special categories: We do not intentionally process special categories of data. Reference images of you are used to generate images of you, not to uniquely identify you; we do not perform biometric identification or facial recognition.

4. Purposes & Legal Bases

PurposeLegal BasisDetails
Provide and operate the ServicePerformance of a contract (Art. 6(1)(b) GDPR)Account creation, login, content uploads, content generation, planner, posting to connected profiles.
AI content generation (text, image, video) using external APIsContract; and where required, your consent (Art. 6(1)(b)/(a))We process your inputs and send them to chosen AI providers to generate outputs you request.
Transcription of uploaded video/audioPerformance of a contractCreates a text source to enable editing and generation features.
Payments, subscriptions, credit top-upsPerformance of a contract; Legal obligationStripe processes payments; we keep invoicing records as required by law.
Security, fraud prevention, integrityLegitimate interests (Art. 6(1)(f))Authentication, access controls, logs, abuse prevention.
Service improvement and analyticsLegitimate interests; or consent where requiredAggregate analytics to improve performance and features.
Customer support & communicationsLegitimate interests; ContractRespond to requests, send service notifications and updates.
Advertising and remarketingConsent (Art. 6(1)(a))We may use ad platforms (Meta, Google, TikTok, LinkedIn, etc.). We only do this with your consent and you can withdraw at any time.
Compliance with lawsLegal obligation (Art. 6(1)(c))Tax, accounting, law enforcement requests where applicable.

We do not sell your personal data. We do not perform automated decision-making producing legal or similarly significant effects.

5. Recipients & Processors

We share personal data with trusted providers acting on our behalf under written data processing agreements:

ProviderPurposeNotes on Location & Safeguards
ClerkAuthentication, identity, session managementEU/US with Standard Contractual Clauses (SCCs) where applicable.
ConvexHosted application databaseEU/US with SCCs where applicable.
Amazon S3Media storage (uploads & generated assets)EU region where available.
StripePayments & subscriptionsEU/US with SCCs where applicable. We do not store full card data.
Anthropic (Claude API)AI text/image/video generation (as configured)Transfers to US; SCCs or equivalent safeguards.
OpenAI APIAI text/image/video generation (as configured)Transfers to US; SCCs or equivalent safeguards.
Google (Gemini API)AI generation and analysisGlobal processing; SCCs or equivalent safeguards.
BannerbearAutomated visual generation (social graphics)Transfers to US; SCCs or equivalent safeguards.
GammaCarousel & visual content generationTransfers to US; SCCs or equivalent safeguards.
Advertising platformsMeta, Google, TikTok, LinkedIn (with consent)Marketing and remarketing; limited data as configured; opt-in only.

We may disclose data to public authorities if required by law. We require all processors to implement appropriate technical and organisational measures.

6. International Data Transfers

Your personal data may be transferred outside the European Economic Area (EEA). Where such transfers occur, we rely on one or more of the following safeguards:

  • EU Commission Adequacy Decisions (GDPR Art. 45)
  • Standard Contractual Clauses (GDPR Art. 46)
  • Other appropriate safeguards permitted by Chapter V GDPR

You can request a copy or summary of the relevant safeguards by contacting hello@createfame.ai.

7. Data Retention

Data CategoryRetention
Account & profile dataFor the life of the account; deleted upon request or account closure.
User-provided and generated contentUntil you delete it or close your account; backups roll off on a schedule.
Authentication logs / security eventsUp to 24 months (shorter where feasible).
Billing & invoicing recordsUp to 7 years to comply with tax and accounting obligations.
Support correspondenceUp to 3 years after last interaction or as required by law.

8. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, role-based permissions, audit logging, and regular backups. No system is 100% secure; we continuously improve our controls and will notify authorities and affected users of data breaches when legally required.

9. Social Media Connections & Posting

  • Connecting a social profile grants us only the permissions you approve.
  • We read profile data and publish content only as instructed by you (including via the planner).
  • You can disconnect any profile at any time in your account settings; tokens will be revoked.

10. Marketing & Advertising

With your consent, we may use your data to run advertising and remarketing campaigns on platforms such as Meta, Google, TikTok, and LinkedIn. You can withdraw consent at any time in the app settings or by contacting us. We do not share your content libraries with ad platforms unless explicitly configured for a campaign you request.

11. Cookies & Similar Technologies

We use essential cookies to operate the Service and, with your consent where required, analytics/advertising cookies to understand usage and improve the Service. For more details, see our Cookie Policy. You can manage preferences via your browser and in-app controls where available.

12. Your GDPR Rights

You can exercise the following rights, subject to conditions and applicable law:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase data ("right to be forgotten")
  • Restrict processing
  • Object to processing based on legitimate interests or direct marketing
  • Data portability (receive a copy in a machine-readable format)
  • Withdraw consent at any time where processing is based on consent

To make a request, contact hello@createfame.ai. We may ask for information to verify your identity before acting on your request.

You also have the right to lodge a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl.

13. Children's Privacy

The Service is intended for users aged 18 and older. We do not knowingly collect personal data from children. If we become aware of such data, we will delete it.

14. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The "Last Updated" date will be revised accordingly. Material changes will be communicated within the app or by email where appropriate.

15. Contact

For privacy questions, requests, or complaints, contact:

Barrière Brekers B.V.
Groene Woud 60, 4834BC, Breda, The Netherlands
Email: hello@createfame.ai